Start
CloseProcesses:
() D:\data\All Users\Application Data\VenusApp Software\SW-Booster\SW-Booster.exe
HKLM\...\Winlogon: [Shell] Explorer.exe [x ] ()
HKLM\...\Winlogon: [UIHost] logonui.exe [x ] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.fly...616&lg=EN&cc=US
BHO: Search-NeewTab -> {1D2F45C0-E723-C694-063B-A958023E9A1B} -> C:\Program Files\Search-NeewTab\0trWpx5X.dll ()
BHO: ISavEr -> {48A88D8E-873A-2452-ACF4-2FD4456C5CD2} -> d:\data\All Users\Application Data\ISavEr\HqIxdafdhd.dll ()
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
FF Homepage: hxxp://search.easylifeapp.com/
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
CHR HomePage: Default -> hxxp://search.easylifeapp.com/
CHR StartupUrls: Default -> "hxxp://search.easylifeapp.com/"
CHR DefaultSearchKeyword: Default -> websearch
CHR DefaultSearchProvider: Default -> WebSearch
CHR DefaultSearchURL: Default -> http://websearch.fly...616&lg=EN&cc=US
CHR DefaultSuggestURL: Default -> http://localhost
FF Keyword.URL: hxxp://websearch.flyandsearch.info/?pid=724&r=2014/08/26&hid=5238787093181005616&lg=EN&cc=US&l=1&q=
FF SearchPlugin: d:\data\rainmaker\Application Data\Mozilla\Firefox\Profiles\0gqxbqod.default\searchplugins\WebSearch.xml

R2 c67abfdb; c:\Program Files\SW-Booster\AssistantSvc.dll [174928 2014-08-26] () [File not signed]
c:\Program Files\SW-Booster\AssistantSvc.dll
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\TAkeuTheCoUpOOn
2014-09-25 14:02 - 2014-09-25 14:02 - 00000000 ____D () C:\Program Files\FFindBeestDoeeall
2014-09-24 13:40 - 2014-09-24 13:40 - 00000000 ____D () d:\data\All Users\Application Data\Browser AdBlocker
2014-09-24 13:16 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\TAkeuTheCoUpOOn
2014-09-19 14:00 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\FFindBeestDoeeall
2014-09-09 21:40 - 2014-09-09 21:40 - 00000000 ____D () d:\data\All Users\Application Data\ISavEr
2014-08-26 15:50 - 2014-08-26 15:50 - 00000775 _____ () d:\data\rainmaker\Application Data\Explorer.EXE_log.txt
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () d:\data\All Users\Application Data\Search-NeewTab
2014-08-26 15:41 - 2014-08-26 15:41 - 00000000 ____D () C:\Program Files\Search-NeewTab
2014-08-26 15:40 - 2014-09-25 14:04 - 00000564 ____H () C:\WINNT\Tasks\SW-Booster-S-787344154.job
2014-08-26 15:40 - 2014-08-26 16:05 - 00000827 _____ () d:\data\rainmaker\Application Data\LiveSupport.exe_log.txt
2014-08-26 15:40 - 2014-08-26 16:05 - 00000082 _____ () d:\data\rainmaker\Application Data\regsvr32.exe_log.txt
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\VenusApp Software
2014-08-26 15:40 - 2014-08-26 15:40 - 00000000 ____D () C:\Program Files\SW-Booster
2014-08-26 15:39 - 2014-09-25 14:04 - 00000000 ____D () d:\data\All Users\Application Data\Adblocker
2014-08-26 15:39 - 2014-08-26 15:39 - 00000000 ____D () C:\Program Files\Adblocker
2014-08-26 15:38 - 2014-09-25 14:02 - 00000000 ____D () d:\data\All Users\Application Data\3eda283a8b7b0d3d
2014-08-26 15:38 - 2014-09-25 13:53 - 00000000 ____D () d:\data\All Users\Application Data\pricecHop
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rbc_troppus
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\rainmaker\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\HelpAssistant
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Guest
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings\Application Data
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET\Local Settings
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\ASPNET
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Google
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Administrator\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\administrator.3YFK943Z\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Torch
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Comodo
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () d:\data\Admin\Local Settings\Application Data\Chromatic Browser
2014-08-26 15:38 - 2014-08-26 15:38 - 00000000 ____D () C:\Program Files\pricecHop
2014-08-26 15:37 - 2014-08-26 15:40 - 00000000 ____D () d:\data\All Users\Application Data\InstallMate
EmptyTemp: