ComboFix 14-08-17.01 - LEAH 08/18/2014 17:52:11.1.2 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3571.2099 [GMT -5:00] Running from: c:\users\LEAH\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe C:\LIL7D0C.tmp C:\LIL7D69.tmp c:\program files (x86)\QuickTime\QTTask.exe c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\LEAH\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\background.html c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\content.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\lsdb.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\manifest.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\gdebpplhdpfkhbamljlagnjghednplgj\2.14\ZrDgyvCb7.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\background.html c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\crossriderManifest.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\manifest.xml c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\1_base.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\102_dealply_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\103_intext_5_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\104_jollywallet_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\105_corticas_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\108_icm_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\117_coupons_intext_ads_5_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\119_similar_web_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\120_luck_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\123_intext_adv_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\125_arcadi2_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\126_revizer_ws_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\127_revizer_p_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\128_superfish_pricora_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\13_CrossriderAppUtils.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\135_arcadi3_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\138_getdeal_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\14_CrossriderUtils.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\141_corticas_ru_m.js.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\142_intext_fa_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\155_ibario_pops_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\159_cortica_rollover_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\17_jQuery.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\171_arcadi2_sourceID_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\175_coolmirage_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\178_revizer_ws_dynamic_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\179_revizer_p_dynamic_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\180_bpo_serp_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\184_noproblemppc_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\189_active_sanity.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\19_CHAppAPIWrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\190_pops_5_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\191_ciuvo_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\194_retargeting_bi_m.js.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\21_debug.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\22_resources.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\28_initializer.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\4_jquery_1_7_1.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\47_resources_background.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\64_appApiMessage.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\7_hooks.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\72_appApiValidation.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\78_CrossriderInfo.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\80_CHPopupAppAPI.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\87_ginyas_wrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\9_search_engine_hook.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\91_monetizationLoader.js.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\93_superfish_no_coupons_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\plugins\97_resourceApiWrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\userCode\background.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\extensionData\userCode\extension.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\icons\actions\1.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\icons\icon128.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\icons\icon16.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\icons\icon48.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\api\chrome.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\api\cookie.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\api\message.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\api\pageAction.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\api\pageActionBG.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\background.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\app_api.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\bg_app_api.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\consts.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\cookie_store.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\crossriderAPI.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\delegate.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\events.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\extensionDataStore.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\installer.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\logFile.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\logging.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\onBGDocumentLoad.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\popupResource\newPopup.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\popupResource\popup.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\reports.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\storageWrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\updateManager.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\util.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\lib\xhr.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\js\main.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\manifest.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.104_0\popup.html c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\background.html c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\content.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\lsdb.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\manifest.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\156\MBQ.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\background.html c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\crossriderManifest.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\manifest.xml c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\1_base.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\101_cortica_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\102_dealply_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\103_intext_5_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\104_jollywallet_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\105_corticas_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\107_coupish_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\108_icm_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\116_ads_only_5_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\117_coupons_intext_ads_5_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\119_similar_web_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\120_luck_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\123_intext_adv_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\125_arcadi2_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\126_revizer_ws_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\127_revizer_p_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\128_superfish_pricora_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\129_widdit_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\13_CrossriderAppUtils.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\135_arcadi3_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\138_getdeal_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\14_CrossriderUtils.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\141_corticas_ru_m.js.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\142_intext_fa_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\155_ibario_pops_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\159_cortica_rollover_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\17_jQuery.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\170_icm1_5_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\171_arcadi2_sourceID_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\19_CHAppAPIWrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\21_debug.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\22_resources.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\28_initializer.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\4_jquery_1_7_1.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\47_resources_background.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\5_notifications.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\64_appApiMessage.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\7_hooks.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\72_appApiValidation.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\78_CrossriderInfo.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\80_CHPopupAppAPI.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\87_ginyas_wrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\9_search_engine_hook.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\91_monetizationLoader.js.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\92_superfish_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\93_superfish_no_coupons_m.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\plugins\97_resourceApiWrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\userCode\background.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\extensionData\userCode\extension.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\icons\actions\1.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\icons\icon128.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\icons\icon16.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\icons\icon48.png c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\api\chrome.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\api\cookie.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\api\message.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\api\pageAction.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\api\pageActionBG.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\background.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\app_api.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\bg_app_api.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\consts.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\cookie_store.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\crossriderAPI.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\delegate.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\events.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\extensionDataStore.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\installer.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\logFile.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\logging.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\onBGDocumentLoad.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\popupResource\newPopup.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\popupResource\popup.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\reports.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\storageWrapper.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\updateManager.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\util.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\lib\xhr.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\js\main.js c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\manifest.json c:\users\LEAH\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\oifomnalkciipmgkfgdjkepdocgiipjg\1.25.109_0\popup.html c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0 c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0\1 c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_oifomnalkciipmgkfgdjkepdocgiipjg_0 c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_oifomnalkciipmgkfgdjkepdocgiipjg_0\2 c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\000003.log c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\CURRENT c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOCK c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\LOG c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhlmghjmomaoodfgjeikphfdljhpcpkl\MANIFEST-000002 c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\000132.ldb c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\000179.ldb c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\000183.log c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\CURRENT c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\LOCK c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\LOG c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\LOG.old c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oifomnalkciipmgkfgdjkepdocgiipjg\MANIFEST-000181 c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhlmghjmomaoodfgjeikphfdljhpcpkl_0.localstorage c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage-journal c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_impaepofmnammebeenafgmllpnjaiime_0.localstorage c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_oifomnalkciipmgkfgdjkepdocgiipjg_0.localstorage c:\users\LEAH\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\LEAH\AppData\Local\nsfEF46.tmp c:\users\LEAH\AppData\Local\nswE744.tmp c:\users\LEAH\AppData\Local\nsy6D94.tmp c:\users\LEAH\AppData\Local\Z@!-d2c5ed3f-680c-4b8d-80ad-556a334fc6b9.tmp c:\users\LEAH\AppData\Local\Z@S!-ceef8322-cbf6-4db4-9b06-bc3f137edaa6.tmp c:\windows\wininit.ini . c:\windows\SysWow64\Drivers\atapi.sys . . . is infected!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NETHFDRV . . ((((((((((((((((((((((((( Files Created from 2014-07-18 to 2014-08-18 ))))))))))))))))))))))))))))))) . . 2014-08-17 23:40 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll 2014-08-17 23:38 . 2014-08-18 00:38 -------- d-----w- C:\AdwCleaner 2014-08-16 00:06 . 2014-08-16 04:39 -------- d-----w- c:\users\LEAH\AppData\Local\ElevatedDiagnostics 2014-08-15 21:26 . 2014-08-18 01:07 -------- d-----w- C:\FRST 2014-08-15 18:33 . 2013-09-20 15:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe 2014-08-15 18:32 . 2014-08-15 19:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2014-08-15 18:32 . 2014-08-15 18:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2014-08-15 18:09 . 2014-08-15 18:09 327 ----a-w- c:\users\LEAH\AppData\Local\LMIR0001.tmp_r.bat 2014-08-15 17:20 . 2014-08-15 17:20 -------- d-----w- c:\users\LEAH\AppData\Roaming\supportdotcom 2014-08-15 17:20 . 2014-08-15 17:38 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom 2014-08-15 03:14 . 2013-04-29 14:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys 2014-08-15 03:14 . 2014-08-15 03:14 -------- d-----w- c:\windows\SysWow64\DASBOOT 2014-08-15 03:14 . 2014-08-15 03:14 -------- d-----w- c:\program files (x86)\Panda Security 2014-08-14 08:01 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll 2014-08-14 08:01 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe 2014-08-14 08:01 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll 2014-08-14 08:01 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe 2014-08-14 08:01 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll 2014-08-14 08:01 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll 2014-08-14 08:00 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe 2014-08-14 08:00 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe 2014-08-14 07:50 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll 2014-08-14 07:50 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2014-08-14 07:50 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll 2014-08-14 07:50 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll 2014-08-14 05:26 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80090FD9-6B36-4679-92A8-E7E458E96F77}\mpengine.dll 2014-08-13 20:46 . 2014-08-13 20:46 -------- d-----w- c:\users\LEAH\AppData\Local\ProcessScriptSymbolic 2014-08-13 05:28 . 2014-04-23 16:50 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F5CD03A-B082-4BF1-A447-02EEE29CE79B}\gapaengine.dll 2014-08-13 05:28 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-08-12 16:26 . 2014-01-09 02:22 5694464 ----a-w- c:\windows\SysWow64\mstscax.dll 2014-08-12 16:26 . 2014-01-03 22:44 6574592 ----a-w- c:\windows\system32\mstscax.dll 2014-08-12 07:24 . 2014-08-12 07:59 -------- dc----w- c:\users\LEAH\AppData\Local\MigWiz 2014-08-12 04:27 . 2014-08-12 04:27 -------- d-----w- c:\programdata\Yahoo! Companion 2014-08-12 04:26 . 2014-08-12 04:26 -------- d-----w- c:\users\LEAH\AppData\Roaming\Yahoo! 2014-08-12 04:26 . 2014-08-12 04:27 -------- d--h--w- c:\windows\msdownld.tmp 2014-08-04 20:34 . 2014-08-04 20:34 -------- d-----w- c:\windows\SysWow64\CursorODBCSchema 2014-08-04 20:33 . 2014-08-04 20:33 -------- d-----w- c:\users\LEAH\AppData\Local\Downloaded Installations 2014-08-02 02:16 . 2014-08-02 02:16 -------- d-----w- c:\users\LEAH\AppData\Roaming\ap_logs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-08-14 08:05 . 2013-01-09 20:19 99218768 ----a-w- c:\windows\system32\MRT.exe 2014-08-06 08:07 . 2014-08-06 08:07 232896 ----a-w- c:\windows\apppatch\AppPatch64\SPVCLdr64.dll 2014-07-14 09:12 . 2014-07-30 07:12 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{376CC7D7-DFCF-4BF2-A31B-E3571ED81019}\mpengine.dll 2014-07-13 04:50 . 2014-07-13 04:50 687 ----a-w- C:\awh9C3B.tmp 2014-07-09 16:37 . 2013-01-10 17:46 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-07-09 16:37 . 2011-12-17 08:39 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-06-24 13:09 . 2011-01-07 20:02 829264 ----a-w- c:\windows\system32\msvcr100.dll 2014-06-24 13:09 . 2011-01-07 20:02 608080 ----a-w- c:\windows\system32\msvcp100.dll 2014-06-18 02:18 . 2014-07-10 04:29 692736 ----a-w- c:\windows\system32\osk.exe 2014-06-18 01:51 . 2014-07-10 04:29 646144 ----a-w- c:\windows\SysWow64\osk.exe 2014-06-13 09:50 . 2013-11-07 17:26 50464 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2014-06-06 10:10 . 2014-07-10 04:29 624128 ----a-w- c:\windows\system32\qedit.dll 2014-06-06 09:44 . 2014-07-10 04:29 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-06-05 14:45 . 2014-07-10 04:28 1460736 ----a-w- c:\windows\system32\lsasrv.dll 2014-06-05 14:26 . 2014-07-10 04:28 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2014-06-05 14:25 . 2014-07-10 04:28 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2014-05-30 08:08 . 2014-07-10 04:29 210944 ----a-w- c:\windows\system32\wdigest.dll 2014-05-30 08:08 . 2014-07-10 04:29 86528 ----a-w- c:\windows\system32\TSpkg.dll 2014-05-30 08:08 . 2014-07-10 04:29 340992 ----a-w- c:\windows\system32\schannel.dll 2014-05-30 08:08 . 2014-07-10 04:29 314880 ----a-w- c:\windows\system32\msv1_0.dll 2014-05-30 08:08 . 2014-07-10 04:29 307200 ----a-w- c:\windows\system32\ncrypt.dll 2014-05-30 08:08 . 2014-07-10 04:29 728064 ----a-w- c:\windows\system32\kerberos.dll 2014-05-30 08:08 . 2014-07-10 04:29 22016 ----a-w- c:\windows\system32\credssp.dll 2014-05-30 07:52 . 2014-07-10 04:29 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2014-05-30 07:52 . 2014-07-10 04:29 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52 . 2014-07-10 04:29 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2014-05-30 07:52 . 2014-07-10 04:29 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52 . 2014-07-10 04:29 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52 . 2014-07-10 04:29 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2014-05-30 07:52 . 2014-07-10 04:29 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2014-05-30 06:45 . 2014-07-10 04:29 497152 ----a-w- c:\windows\system32\drivers\afd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2014-02-11 1565464] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Media Center"="c:\windows\ehome\ehuihlp.dll" [2010-11-21 1668608] "Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2014-06-24 4566952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-05-06 658424] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2014-06-24 4101576] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableVirtualization"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0PCloudBroom64.exe \systemroot\system32\BroomData.bit\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x] R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x] R2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x] R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x] R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x] R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x] R2 vtIPwA;vtIPwA;c:\programdata\gtreouZrD\vtIPwA.exe;c:\programdata\gtreouZrD\vtIPwA.exe [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x] R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys;c:\windows\SYSNATIVE\Drivers\UsbFltr.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-06-12 19:38 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2014-08-15 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job - c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-08-15 16:52] . 2014-08-15 c:\windows\Tasks\HPCeeScheduleForLEAH.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 09:43] . 2014-08-15 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job - c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-08-15 15:41] . 2014-08-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job - c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-08-15 15:42] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-08-06 21720] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm mDefault_Search_URL = about:blank mDefault_Page_URL = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm mSearch Page = about:blank Trusted Zone: west.com Trusted Zone: westathome.com Trusted Zone: westathome.net Trusted Zone: workathomeagent.net TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe Wow6432Node-HKLM-Run-QuickTime Task - c:\program files (x86)\QuickTime\QTTask.exe AddRemove-7d64a07d-518e-4d14-91b1-a264a9f4ec83 - c:\progra~3\INSTAL~2\{FE8B7~1\Setup.exe AddRemove-CrossReader - c:\program files (x86)\CrossReader\Uninstall.exe AddRemove-HiDef Media Player - c:\program files (x86)\HiDefMedia\HiDefMedia\uninstall.exe AddRemove-MovieMode - c:\programdata\MovieMode\uninstall.exe AddRemove-videos MediaPlay-Air - c:\program files (x86)\videos MediaPlay-Air\Uninstall.exe AddRemove-weDownload Manager - c:\program files (x86)\weDownload Manager\Uninstall.exe AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{E0A9340B-C01B-42C1-9910-C307D7BE4756}\WeatherBugSetup.exe AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe AddRemove-Microsoft Security Essentials Packages - c:\users\LEAH\AppData\Roaming\0V1L2Z2Z1T1I1L1T\Microsoft Security Essentials Packages\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2014-08-18 18:02:54 - machine was rebooted ComboFix-quarantined-files.txt 2014-08-18 23:02 . Pre-Run: 930,247,884,800 bytes free Post-Run: 929,804,664,832 bytes free . - - End Of File - - D9EA1EDF10195A30D220989C303EB4ED A36C5E4F47E84449FF07ED3517B43A31