Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

easylife.app search engine hijacker [Solved]


  • This topic is locked This topic is locked

#1
shadow9

shadow9

    Member

  • Member
  • PipPip
  • 11 posts
Every time I open a new tab the search engine for easylife comes. I got it at 7:39 when I was downloading a TV show from send space. After I got it onto firefox and I set it to the original default opening page. I also uninstalled it from the program install.

Here is the OTL.

OTL logfile created on: 4/25/2013 8:51:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.78 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 45.93% Memory free
5.57 Gb Paging File | 2.83 Gb Available in Paging File | 50.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.09 Gb Total Space | 189.25 Gb Free Space | 69.30% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/25 08:51:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/04/11 14:02:03 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/04/10 14:23:19 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
PRC - [2013/03/05 16:47:06 | 000,026,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Common Files\Overwolf\OverwolfHelper.exe
PRC - [2013/03/05 16:47:04 | 000,035,256 | ---- | M] (Overwolf) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
PRC - [2013/02/16 15:40:41 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/15 11:45:37 | 000,070,776 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7\waol.exe
PRC - [2012/10/15 11:45:35 | 000,045,176 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7\shellmon.exe
PRC - [2012/10/04 08:19:40 | 002,213,496 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\AOL Desktop 9.7\AOLBrowser\aolbrowser.exe
PRC - [2012/08/28 10:53:14 | 000,036,744 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe
PRC - [2012/01/09 11:09:56 | 001,556,128 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011/12/06 17:21:36 | 000,101,544 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/11/10 21:49:12 | 010,816,000 | ---- | M] (MPC-HC Team) -- C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
PRC - [2011/10/18 19:38:26 | 002,319,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2011/10/03 12:45:58 | 000,375,424 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/11 15:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/02/11 15:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/02/11 15:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/02/11 15:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/25 14:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010/10/07 17:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/08/17 17:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/07/10 01:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1358292628\ee\aolsoftware.exe
PRC - [2010/01/21 01:22:04 | 000,909,824 | ---- | M] (Sonix Technology Co., Ltd.) -- C:\Windows\vsnp2uvc.exe
PRC - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 13:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/11 14:02:02 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/04/10 14:23:19 | 016,032,648 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
MOD - [2013/03/05 16:47:20 | 000,637,368 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWServer.dll
MOD - [2013/03/05 16:47:20 | 000,077,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorer-10616.dll
MOD - [2013/03/05 16:47:20 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\Overwolf\BrowserWindow.dll
MOD - [2013/03/05 16:47:20 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWInjector.dll
MOD - [2013/03/05 16:47:20 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Overwolf\ODK.AddIns.V2.HostView.dll
MOD - [2013/03/05 16:47:18 | 000,118,712 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWService.dll
MOD - [2013/03/05 16:47:18 | 000,084,920 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.BL.Interfaces.dll
MOD - [2013/03/05 16:47:16 | 016,670,136 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OverWolf.Client.Core.dll
MOD - [2013/03/05 16:47:12 | 000,402,360 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWAgent.dll
MOD - [2013/03/05 16:47:12 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Overwolf\CoreAudioApi.dll
MOD - [2013/03/05 16:47:12 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Overwolf\SteamAPI.dll
MOD - [2013/03/05 16:47:04 | 000,037,304 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWLog.dll
MOD - [2013/03/05 16:47:04 | 000,027,064 | ---- | M] () -- C:\Program Files (x86)\Overwolf\OWExplorerLauncher.dll
MOD - [2013/02/13 11:46:29 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/13 11:45:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/13 13:18:26 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\1149dca3c109f46c30cf25cb34873dd4\System.AddIn.ni.dll
MOD - [2013/01/13 13:18:26 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\4e9a3b9427dae6b94cb5ae1d134282ac\System.AddIn.Contract.ni.dll
MOD - [2013/01/13 13:18:22 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/13 13:18:02 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/13 13:17:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/13 13:17:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/13 13:17:30 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/13 13:15:51 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/13 13:15:45 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/13 13:15:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/13 13:15:40 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/13 13:15:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/10/15 11:45:37 | 000,048,640 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\zlib.dll
MOD - [2012/10/15 11:45:30 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\components\Tier2Svc.dll
MOD - [2012/10/15 11:45:30 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\AOL Desktop 9.7\components\DataSvcs.dll
MOD - [2012/04/09 01:42:58 | 004,427,264 | ---- | M] () -- C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ffmpeg.dll
MOD - [2012/04/09 01:40:34 | 003,470,848 | ---- | M] () -- C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
MOD - [2012/04/09 01:39:26 | 000,048,128 | ---- | M] () -- C:\Windows\SysWOW64\ff_acm.acm
MOD - [2012/01/03 21:50:53 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn\3.5.0.0__b77a5c561934e089\System.AddIn.dll
MOD - [2011/12/06 17:21:34 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/11/10 19:04:28 | 000,162,816 | ---- | M] () -- C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\libbluray.dll
MOD - [2011/11/10 19:03:18 | 006,125,188 | ---- | M] () -- C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avcodec-lav-53.dll
MOD - [2011/11/10 19:03:18 | 000,886,149 | ---- | M] () -- C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avformat-lav-53.dll
MOD - [2011/11/10 19:03:18 | 000,229,792 | ---- | M] () -- C:\Program Files (x86)\Combined Community Codec Pack\Filters\LAVFilters\avutil-lav-51.dll
MOD - [2010/11/04 20:53:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.AddIn.Contract\2.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
MOD - [2007/07/12 12:11:54 | 001,163,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/03/22 04:10:26 | 001,136,128 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/02/23 23:20:56 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/02/04 19:34:20 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/02/04 19:24:24 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/02/04 19:19:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/01/25 17:11:56 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/11 14:02:03 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/10 14:23:19 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/05 16:47:00 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2013/01/30 15:26:50 | 000,833,616 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0167261366885732mcinst.exe -- (0167261366885732mcinstcleanup)
SRV - [2013/01/19 14:21:09 | 000,661,600 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/11 15:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/02/11 15:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/02/11 15:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/02/01 16:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 16:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/24 09:47:04 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/03/24 09:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/03/24 09:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/03/22 04:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/03/22 04:04:08 | 000,261,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/03/18 00:36:18 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/03 22:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/02/24 14:40:20 | 008,591,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/01/24 05:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/24 05:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/01/24 04:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/05 10:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 11:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/07 04:19:38 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2010/08/24 04:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2010/07/26 16:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...734&lg=EN&cc=US
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...734&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...734&lg=EN&cc=US
IE - HKCU\..\SearchScopes,DefaultScope = {01bd49d7-c76b-4310-8beb-14d7e5f322c6}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...734&lg=EN&cc=US
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "EasyLife"
FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
FF - prefs.js..browser.search.defaulturl: "http://search.easyli...N&cc=US&l=1&q="
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.selectedEngine: "EasyLife"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: firefox%40mega.co.nz:1.0.3
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.4
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:5.6
FF - prefs.js..keyword.URL: "http://search.easyli...N&cc=US&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@leeuu.com/npgboxruner;version=: C:\Users\Owner\AppData\Roaming\gbox\npgboxruner.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 14:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/11 14:02:03 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/15 18:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2013/04/25 08:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5gub6wtu.default\extensions
[2013/03/02 10:06:06 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5gub6wtu.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2013/04/03 09:17:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5gub6wtu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/04/25 07:39:38 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5gub6wtu.default\extensions\[email protected]
[2013/04/18 08:02:57 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\5gub6wtu.default\extensions\[email protected]
[2013/03/03 10:48:07 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5gub6wtu.default\extensions\[email protected]
[2013/04/19 21:18:47 | 000,301,821 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5gub6wtu.default\extensions\[email protected]
[2013/02/12 23:37:38 | 000,004,366 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5gub6wtu.default\extensions\[email protected]
[2013/01/15 18:40:34 | 000,317,623 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5gub6wtu.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2013/04/17 07:49:26 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5gub6wtu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/14 20:47:24 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5gub6wtu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/25 07:39:02 | 000,000,580 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\5gub6wtu.default\searchplugins\EasyLife.xml
[2013/04/11 14:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/11 14:02:03 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/04 22:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/26 18:17:49 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.easyli...734&lg=EN&cc=US
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmgbhjidjllnhoibmoediiihpmikmfhe\1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix Technology Co., Ltd.)
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1358292628\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-9OTFA.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE2CD355-1F92-43EB-8FEA-DD27301EAE0F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D35A3421-692E-475C-ACF8-0222FC073A69}: DhcpNameServer = 168.94.0.14 168.94.0.15
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Overwolf\SKYPE4~2.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/25 08:51:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/04/25 07:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/04/25 07:39:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SendSpace
[2013/04/25 07:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchNewTab
[2013/04/25 07:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/25 05:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/04/18 23:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/18 23:03:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/18 23:03:28 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/04/18 23:03:28 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/04/11 14:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/10 22:59:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/10 22:59:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/10 22:59:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 22:59:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/10 22:59:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/10 22:59:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 22:59:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/10 22:59:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/10 22:59:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/10 22:59:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/10 22:59:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 22:59:38 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 22:59:37 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 22:59:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 22:59:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 09:32:10 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 09:32:08 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 09:32:08 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 09:32:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 09:32:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 09:32:04 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/29 08:07:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\ATTPostC
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/25 08:51:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/04/25 08:45:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/25 08:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/25 07:51:10 | 001,154,048 | ---- | M] () -- C:\Windows\is-9OTFA.exe
[2013/04/25 07:51:10 | 000,021,295 | ---- | M] () -- C:\Windows\is-9OTFA.msg
[2013/04/25 07:51:10 | 000,000,310 | ---- | M] () -- C:\Windows\is-9OTFA.lst
[2013/04/25 05:29:49 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2013/04/25 05:27:38 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/25 05:26:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/24 21:23:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 21:23:06 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/24 21:18:52 | 003,746,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/24 21:18:52 | 000,714,456 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/04/24 21:18:52 | 000,713,480 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/04/24 21:18:52 | 000,699,368 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat
[2013/04/24 21:18:52 | 000,636,034 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/24 21:18:52 | 000,397,896 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2013/04/24 21:18:52 | 000,141,134 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/04/24 21:18:52 | 000,137,824 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat
[2013/04/24 21:18:52 | 000,134,212 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/04/24 21:18:52 | 000,110,460 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/24 21:18:52 | 000,103,406 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2013/04/24 21:15:48 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/04/24 21:14:49 | 2241,499,136 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/19 07:20:47 | 000,001,707 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/04/11 13:42:40 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/10 14:23:19 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/10 14:23:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/04 05:35:05 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/03/29 08:07:47 | 000,003,544 | ---- | M] () -- C:\Users\Owner\Documents\ATTPostC.zip
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/25 07:51:10 | 001,154,048 | ---- | C] () -- C:\Windows\is-9OTFA.exe
[2013/04/25 07:51:10 | 000,021,295 | ---- | C] () -- C:\Windows\is-9OTFA.msg
[2013/04/25 07:51:10 | 000,000,310 | ---- | C] () -- C:\Windows\is-9OTFA.lst
[2013/03/29 08:07:47 | 000,003,544 | ---- | C] () -- C:\Users\Owner\Documents\ATTPostC.zip
[2013/03/04 21:51:45 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/02/06 14:28:42 | 003,828,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/15 18:23:50 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/10/10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/10/10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2011/05/31 01:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/05/31 01:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/05/08 22:28:40 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/08 22:28:03 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/05/08 22:27:58 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/05/08 22:27:56 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/05/08 22:27:42 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello shadow9

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
shadow9

shadow9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the txt. from Security Check.

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 21
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

The txt. from Adw Cleaner

# AdwCleaner v2.202 - Logfile created 04/25/2013 at 11:07:16
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5gub6wtu.default\searchplugins\EasyLife.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\hdvidcodec.com
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Owner\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5gub6wtu.default\jetpack

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=34&src=ie1&r=2013/04/25&hid=4052014734&lg=EN&cc=US --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=34&src=ie1&r=2013/04/25&hid=4052014734&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5gub6wtu.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultenginename", "EasyLife");
Deleted : user_pref("browser.search.defaultenginename,S", "EasyLife");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/25&h[...]
Deleted : user_pref("browser.search.order.1", "EasyLife");
Deleted : user_pref("browser.search.order.1,S", "EasyLife");
Deleted : user_pref("browser.search.selectedEngine", "EasyLife");
Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=34&src=ff2&r=2013/04/25&hid=4052014734&[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.31] : keyword = "easylife",
Deleted [l.35] : search_url = "hxxp://search.easylifeapp.com/?q={searchTerms}&pid=34&src=ch2&r=2013/04/25&hid=[...]
Deleted [l.2211] : homepage = "hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/04/25&hid=4052014734&lg=EN&cc=U[...]
Deleted [l.2797] : urls_to_restore_on_startup = [ "hxxp://search.easylifeapp.com/?pid=34&src=ch1&r=2013/04/25&hi[...]

*************************

AdwCleaner[R1].txt - [6848 octets] - [25/04/2013 11:04:10]
AdwCleaner[S1].txt - [6814 octets] - [25/04/2013 11:07:16]

########## EOF - C:\AdwCleaner[S1].txt - [6874 octets] ##########

This is txt. from RogueKiller

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 04/25/2013 11:19:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSearch (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS543232A7A384 +++++
--- User ---
[MBR] e52199fbdec6c824d656df3a224d787c
[BSP] 177507aede73c8eab31fee7866ebab1f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 279643 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04252013_02d1119.txt >>
RKreport[1]_S_04252013_02d1117.txt ; RKreport[2]_D_04252013_02d1119.txt

Edited by shadow9, 25 April 2013 - 10:21 AM.

  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello shadow9

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
shadow9

shadow9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is Combofix.

ComboFix 13-04-25.01 - Owner 04/25/2013 15:07:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2850.1607 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\isRS-000.tmp
c:\windows\msvcr71.dll
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-03-25 to 2013-04-25 )))))))))))))))))))))))))))))))
.
.
2013-04-25 20:16 . 2013-04-25 20:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-25 20:16 . 2013-04-25 20:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-25 12:51 . 2012-04-09 05:39 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2013-04-25 12:39 . 2013-04-25 13:27 -------- d-----w- c:\programdata\SearchNewTab
2013-04-25 12:39 . 2013-04-25 12:39 -------- d-----w- c:\users\Owner\AppData\Roaming\SendSpace
2013-04-24 11:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 12:27 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7807387-B99E-49B2-BFA8-F7B3EA062459}\mpengine.dll
2013-04-19 04:03 . 2013-04-19 04:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-19 04:03 . 2013-04-04 10:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 14:32 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 14:32 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 14:32 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 14:32 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 14:32 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 14:32 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 14:32 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 14:32 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 16:10 . 2013-01-11 17:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-04-11 04:00 . 2013-01-13 00:05 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-10 19:23 . 2013-01-14 00:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 19:23 . 2013-01-14 00:35 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 06:10 . 2013-01-15 23:09 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-08 15:10 . 2013-01-13 18:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-08 15:10 . 2013-01-13 18:34 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-19 19:59 . 2013-01-15 23:47 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 19:56 . 2012-07-17 20:52 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 19:56 . 2013-01-15 23:37 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 19:55 . 2013-01-15 23:48 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 19:55 . 2013-01-15 23:47 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 19:54 . 2012-07-17 20:50 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 19:53 . 2013-01-15 23:47 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 19:53 . 2013-01-15 23:47 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 19:52 . 2012-07-17 20:48 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-03-13 14:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 14:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 14:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 14:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 14:54 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 14:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 00:48 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2013-03-05 35256]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2012-10-15 72312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HostManager"="c:\program files (x86)\Common Files\AOL\1358292628\ee\AOLSoftware.exe" [2010-03-08 41800]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-3 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2013-1-11 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0185391366906356mcinstcleanup;McAfee Application Installer Cleanup (0185391366906356);c:\windows\TEMP\018539~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-03-22 261632]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-05 340240]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2013-03-05 18360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-12 1255736]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-03-22 1136128]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-24 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-03-22 261632]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 03:45 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 19:23]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]
.
2013-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-05 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5gub6wtu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - ExtSQL: 2013-04-25 08:18; [email protected]; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\5gub6wtu.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-{34E204F5-DF5A-4793-950E-1F8DE87948EC} - c:\progra~3\INSTAL~1\{A45AA~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-25 15:21:36
ComboFix-quarantined-files.txt 2013-04-25 20:21
.
Pre-Run: 203,117,342,720 bytes free
Post-Run: 206,275,215,360 bytes free
.
- - End Of File - - 5FFAC43F60DC4F199D4EE16371FCA64D

The browser hijacker easylife app search engine is stiill there and I forgot to tell you it is also on my chrome.
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello shadow9

We need to reset Chrome back to defaults to completely clear out what is going on.

We can keep the bookmarks by exporting them - Export Bookmarks


Then I need you to go Google Sync and sign into your account

scroll down untill you see the "Stop and Clear" button and click on button

At the prompt click on "Ok"

Now we need to uninstall chrome

I want you to uninstall Chrome and if asked about user data or settings then remove this also

restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome

After you have Chrome reinstalled please check things out and let me know how it is doing.

Gringo
  • 0

#7
shadow9

shadow9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Gringo

The combofix fixed the problem in chrome I did not check it before sending the last reply should I do what you said to chrome to firefox instead.
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello shadow9

I want you to reset firefox back to defaults, this will remove everything from Firefox

I will let you keep your bookmarks so to do that you can go here - Export BookMarks

Now to reset firefox do the following.

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
  • 0

#9
shadow9

shadow9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello Gringo

Resetting firefox has seemed to do the trick and the browser hijacker has not come back on.
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello shadow9

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::



Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

Advertisements


#11
shadow9

shadow9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is my new combofix and I have not noticed any meaningful difference.

ComboFix 13-04-25.01 - Owner 04/26/2013 13:20:35.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2850.1483 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-03-26 to 2013-04-26 )))))))))))))))))))))))))))))))
.
.
2013-04-26 19:34 . 2013-04-26 19:34 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-04-26 19:34 . 2013-04-26 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-26 11:56 . 2013-04-26 11:56 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A89CBA7C-1C1F-48C1-B39F-90002ED7866D}\offreg.dll
2013-04-26 11:54 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A89CBA7C-1C1F-48C1-B39F-90002ED7866D}\mpengine.dll
2013-04-25 12:51 . 2012-04-09 05:39 48128 ----a-w- c:\windows\SysWow64\ff_acm.acm
2013-04-25 12:39 . 2013-04-25 13:27 -------- d-----w- c:\programdata\SearchNewTab
2013-04-25 12:39 . 2013-04-25 12:39 -------- d-----w- c:\users\Owner\AppData\Roaming\SendSpace
2013-04-24 11:11 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-19 04:03 . 2013-04-19 04:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-04-19 04:03 . 2013-04-04 10:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-10 14:32 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 14:32 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 14:32 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 14:32 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 14:32 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 14:32 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 14:32 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 14:32 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-25 16:10 . 2013-01-11 17:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-04-11 04:00 . 2013-01-13 00:05 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-10 19:23 . 2013-01-14 00:35 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 19:23 . 2013-01-14 00:35 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 06:10 . 2013-01-15 23:09 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-03-08 15:10 . 2013-01-13 18:34 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-08 15:10 . 2013-01-13 18:34 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-02-19 19:59 . 2013-01-15 23:47 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 19:56 . 2012-07-17 20:52 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 19:56 . 2013-01-15 23:37 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 19:55 . 2013-01-15 23:48 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 19:55 . 2013-01-15 23:47 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 19:54 . 2012-07-17 20:50 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 19:53 . 2013-01-15 23:47 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 19:53 . 2013-01-15 23:47 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 19:52 . 2012-07-17 20:48 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-03-13 14:54 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 14:54 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 14:54 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 14:54 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 14:54 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 14:54 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-26 00:48 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Overwolf"="c:\program files (x86)\Overwolf\Overwolf.exe" [2013-03-05 35256]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2012-10-15 72312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HostManager"="c:\program files (x86)\Common Files\AOL\1358292628\ee\AOLSoftware.exe" [2010-03-08 41800]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-19 2319536]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-3 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2013-1-11 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0185391366906356mcinstcleanup;McAfee Application Installer Cleanup (0185391366906356);c:\windows\TEMP\018539~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-03-22 261632]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-05 340240]
R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [2013-03-05 18360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-12 1255736]
R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-01-25 379520]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-03-22 1136128]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-02-24 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-03-22 261632]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-03-24 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 03:45 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 19:23]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]
.
2013-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-03 13:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-05 1933584]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-02-11 10361616]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3rffgnuo.default-1366990883745\
FF - ExtSQL: 2013-04-26 10:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3rffgnuo.default-1366990883745\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-26 10:51; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3rffgnuo.default-1366990883745\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-04-26 10:51; [email protected]; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3rffgnuo.default-1366990883745\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{34E204F5-DF5A-4793-950E-1F8DE87948EC} - c:\progra~3\INSTAL~1\{A45AA~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]
"ImagePath"="c:\windows\system32\xsherlock.xem"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-26 14:38:40
ComboFix-quarantined-files.txt 2013-04-26 19:38
ComboFix2.txt 2013-04-25 20:21
.
Pre-Run: 208,576,700,416 bytes free
Post-Run: 208,237,449,216 bytes free
.
- - End Of File - - 6B06AEE7383CEFEC0FD23B2BB02D5461
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello shadow9

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#13
shadow9

shadow9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
What do you need the report for.
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


to make sure that some vital programs are up to date and to give you instructions tailored to you if you have certain programs installed example is not to have you download malwarebytes if it is already installed


gringo
  • 0

#15
shadow9

shadow9

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok here it is

??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Alcor Micro USB Card Reader
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
ASUS AI Recovery
ASUS FaceLogon
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
AsusScr_K3 Series_ENG
AsusVibe2.0
ATK Package
Bandisoft MPEG-1 Decoder
Combined Community Codec Pack 2011-11-11
Complemento Messenger
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
ffdshow v1.2.4422 [2012-04-09]
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® WiDi
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
McAfee SecurityCenter
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nexon Game Manager
Nuance PDF Reader
NVIDIA PhysX
Overwolf
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Sonic Focus
syncables desktop SE
TechPowerUp GPU-Z
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP