Hello,
I have been noticing adds for a "fake" flash player update on almost every web page I go to. My web browsers have also been opening up on the "EasyLifeApp" web page instead of their normal home pages. I ran MalwareBytes and Hitman Pro already. Below I pasted my Malware Bytes Log along with the DDS.txt log. I have also attached the attach.txt and ARK.txt zip files.
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download
Database version: v2013.04.24.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ryan Laptop :: RYANLAPTOP-HP [administrator]
4/23/2013 10:48:19 PM
mbam-log-2013-04-23 (22-48-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208659
Time elapsed: 4 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKCR\CLSID\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCR\CLSID\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\ProgramData\SearchNewTab\517742aae83f5.dll (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\ProgramData\BrowSoe2asaaveey\5162314f3793a.dll (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Ryan Laptop\AppData\Local\Temp\{DEF4C352-4C18-4891-AA7A-043A0517E1A4}\Addons\NewTabEasyLife_setup.exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Ryan Laptop\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2
Run by Ryan Laptop at 23:33:17 on 2013-04-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6163 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIH5A.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.mueller-inc.com//login.aspx
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: GetSavin 5.0: {8D5FF1C6-0BFA-46DE-A0E6-8595DAC41FAE} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIH5A.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4020 Series"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{079518C6-E768-4B5B-BA26-8E8D31E44262} : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\358656271647F6E602355796475637027457563747 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\358656271647F6E602C4F6262697 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\76F6563786 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\8324854373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\84F4A4F434F48523 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\E45445745414250353 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Local\Citrix\Plugins\97\npappdetector.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\plugins\npwidevinemediaoptimizer.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\npMSDM.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-03-04 01:57; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
FF - ExtSQL: 2013-04-07 22:55; rxgea9lhd@ae-iooy.co.uk; C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\rxgea9lhd@ae-iooy.co.uk
FF - ExtSQL: 2013-04-23 22:25; baxhvaqts@ezjqymf.com; C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\baxhvaqts@ezjqymf.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-12-11 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-3-17 552832]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-4-23 109352]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-27 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-27 2413056]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-27 2656536]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-27 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-27 338536]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-2-27 1145448]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/11/12 16:37:15;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 428136]
S3 SRS_AE_Service;SRS Audio;C:\Windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-24 02:47:45 -------- d-----w- C:\Users\Ryan Laptop\AppData\Roaming\Malwarebytes
2013-04-24 02:47:29 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-24 02:47:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-24 02:47:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 02:47:12 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\Programs
2013-04-24 02:45:53 905296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9C11748-F3D4-49C8-B939-D4F9FABDA569}\gapaengine.dll
2013-04-24 02:45:41 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BECF1AAE-3D51-4415-BE89-FCDC94A58C47}\mpengine.dll
2013-04-24 02:04:09 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-04-24 01:58:41 -------- d-----w- C:\Program Files\HitmanPro
2013-04-24 01:46:49 -------- d-----w- C:\ProgramData\SearchNewTab
2013-04-24 01:45:17 -------- d-----w- C:\ProgramData\HitmanPro
2013-04-23 02:39:50 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-22 03:22:08 -------- d-----w- C:\Users\Ryan Laptop\AppData\Roaming\WinZip
2013-04-22 03:18:28 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\WinZip
2013-04-20 01:41:26 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 01:52:29 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{184880E3-471E-4141-BEB0-49584D7B5C9A}
2013-04-12 22:42:54 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{FD0C4B2E-12E4-409F-9EA8-3FF967A81705}
2013-04-12 05:58:35 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{3D6BC375-F2FE-4CFA-8150-BC4247BDE7D8}
2013-04-10 22:01:27 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{BA1F441A-D1EA-442E-93B9-2E5DDE8727DD}
2013-04-10 03:08:05 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 03:08:04 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 03:08:04 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 03:08:04 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 03:08:04 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 03:08:04 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 03:05:15 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 03:03:57 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 02:17:43 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{7AF40B94-8643-49DC-9076-C5042A1307AC}
2013-04-09 00:43:23 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{5A810E72-0E75-4678-93E1-B7D60FFB848A}
2013-04-08 04:52:46 -------- d-----w- C:\Program Files (x86)\Microsoft Streets & Trips 2013
2013-04-08 02:55:14 -------- d-----w- C:\ProgramData\BrowSoe2asaaveey
2013-04-06 21:03:44 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{72451E13-25C7-4A17-8823-CFE972972339}
2013-04-05 22:19:05 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{870D3C89-3101-49B0-BEEE-CF0B5612BE90}
2013-04-05 22:18:54 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{FEBBB976-BF40-42BA-9AAF-0113A42C1753}
2013-04-04 17:56:39 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{8CC122C5-4363-489E-A99B-FA63B831427F}
2013-04-04 00:11:10 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{57ACA871-EC6F-4BA6-993B-95EFC7517E05}
2013-03-31 01:24:24 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{E367F885-6E36-4672-AD7C-C5321C349D75}
2013-03-29 23:35:06 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{671BE4E0-9BED-473F-9D27-614F77ABE056}
2013-03-29 00:39:28 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{3F370D63-7976-4B07-917A-BFF28A696ECE}
2013-03-27 21:24:28 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{F150F0B3-F325-40D2-9466-62F0E4798E14}
2013-03-27 02:26:32 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{E066D89F-60D3-414D-ABBF-0001D580BCA1}
.
==================== Find3M ====================
.
2013-04-22 03:37:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-22 03:37:49 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-09 03:52:12 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 03:52:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-02 05:56:00 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-03-02 04:58:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-02 03:57:05 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-02 03:22:06 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-24 16:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll
.
============= FINISH: 23:33:40.94 ===============
I have been noticing adds for a "fake" flash player update on almost every web page I go to. My web browsers have also been opening up on the "EasyLifeApp" web page instead of their normal home pages. I ran MalwareBytes and Hitman Pro already. Below I pasted my Malware Bytes Log along with the DDS.txt log. I have also attached the attach.txt and ARK.txt zip files.
Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download
Database version: v2013.04.24.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Ryan Laptop :: RYANLAPTOP-HP [administrator]
4/23/2013 10:48:19 PM
mbam-log-2013-04-23 (22-48-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208659
Time elapsed: 4 minute(s), 46 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 8
HKCR\CLSID\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9398E847-C975-01A5-256C-DDBF5105FDE7} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCR\CLSID\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD94B2AE-8FDD-C517-8D01-1DD9C84E8F3D} (Adware.MultiPlug) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\ProgramData\SearchNewTab\517742aae83f5.dll (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\ProgramData\BrowSoe2asaaveey\5162314f3793a.dll (Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Ryan Laptop\AppData\Local\Temp\{DEF4C352-4C18-4891-AA7A-043A0517E1A4}\Addons\NewTabEasyLife_setup.exe (PUP.Adware.MultiPlug) -> Quarantined and deleted successfully.
C:\Users\Ryan Laptop\Downloads\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully.
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2
Run by Ryan Laptop at 23:33:17 on 2013-04-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8140.6163 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATIH5A.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.mueller-inc.com//login.aspx
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: GetSavin 5.0: {8D5FF1C6-0BFA-46DE-A0E6-8595DAC41FAE} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATIH5A.EXE /EPT "EPLTarget\P0000000000000000" /M "WP-4020 Series"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{079518C6-E768-4B5B-BA26-8E8D31E44262} : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\358656271647F6E602355796475637027457563747 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\358656271647F6E602C4F6262697 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\76F6563786 : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\8324854373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\84F4A4F434F48523 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2E6A78A9-7094-4E4D-B45D-9B77C9F6CD0E}\E45445745414250353 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {0CE7EBAF-157D-4111-9146-057CB2A4023E} - msiexec /fu {0CE7EBAF-157D-4111-9146-057CB2A4023E} /qn
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Local\Citrix\Plugins\97\npappdetector.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}\plugins\npwidevinemediaoptimizer.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Windows\npMSDM.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-03-04 01:57; {2d3fbcf7-be69-4433-8858-c621a8d0e58d}; C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}
FF - ExtSQL: 2013-04-07 22:55; rxgea9lhd@ae-iooy.co.uk; C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\rxgea9lhd@ae-iooy.co.uk
FF - ExtSQL: 2013-04-23 22:25; baxhvaqts@ezjqymf.com; C:\Users\Ryan Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\v0f7rfq6.default\extensions\baxhvaqts@ezjqymf.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-12-11 89600]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-3-17 552832]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-4-23 109352]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-27 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-2-27 2413056]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-27 2656536]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-27 317440]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-10 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-10 208896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-2-27 338536]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2012-2-27 1145448]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2012/11/12 16:37:15;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-12 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-27 428136]
S3 SRS_AE_Service;SRS Audio;C:\Windows\System32\drivers\SRS_AE_amd64.sys [2012-6-21 549704]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-12 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-12 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-12 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-04-24 02:47:45 -------- d-----w- C:\Users\Ryan Laptop\AppData\Roaming\Malwarebytes
2013-04-24 02:47:29 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-24 02:47:28 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-24 02:47:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-24 02:47:12 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\Programs
2013-04-24 02:45:53 905296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9C11748-F3D4-49C8-B939-D4F9FABDA569}\gapaengine.dll
2013-04-24 02:45:41 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BECF1AAE-3D51-4415-BE89-FCDC94A58C47}\mpengine.dll
2013-04-24 02:04:09 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-04-24 01:58:41 -------- d-----w- C:\Program Files\HitmanPro
2013-04-24 01:46:49 -------- d-----w- C:\ProgramData\SearchNewTab
2013-04-24 01:45:17 -------- d-----w- C:\ProgramData\HitmanPro
2013-04-23 02:39:50 9317456 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-22 03:22:08 -------- d-----w- C:\Users\Ryan Laptop\AppData\Roaming\WinZip
2013-04-22 03:18:28 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\WinZip
2013-04-20 01:41:26 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-14 01:52:29 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{184880E3-471E-4141-BEB0-49584D7B5C9A}
2013-04-12 22:42:54 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{FD0C4B2E-12E4-409F-9EA8-3FF967A81705}
2013-04-12 05:58:35 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{3D6BC375-F2FE-4CFA-8150-BC4247BDE7D8}
2013-04-10 22:01:27 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{BA1F441A-D1EA-442E-93B9-2E5DDE8727DD}
2013-04-10 03:08:05 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 03:08:04 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 03:08:04 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 03:08:04 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 03:08:04 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 03:08:04 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 03:05:15 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 03:03:57 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 02:17:43 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{7AF40B94-8643-49DC-9076-C5042A1307AC}
2013-04-09 00:43:23 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{5A810E72-0E75-4678-93E1-B7D60FFB848A}
2013-04-08 04:52:46 -------- d-----w- C:\Program Files (x86)\Microsoft Streets & Trips 2013
2013-04-08 02:55:14 -------- d-----w- C:\ProgramData\BrowSoe2asaaveey
2013-04-06 21:03:44 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{72451E13-25C7-4A17-8823-CFE972972339}
2013-04-05 22:19:05 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{870D3C89-3101-49B0-BEEE-CF0B5612BE90}
2013-04-05 22:18:54 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{FEBBB976-BF40-42BA-9AAF-0113A42C1753}
2013-04-04 17:56:39 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{8CC122C5-4363-489E-A99B-FA63B831427F}
2013-04-04 00:11:10 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{57ACA871-EC6F-4BA6-993B-95EFC7517E05}
2013-03-31 01:24:24 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{E367F885-6E36-4672-AD7C-C5321C349D75}
2013-03-29 23:35:06 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{671BE4E0-9BED-473F-9D27-614F77ABE056}
2013-03-29 00:39:28 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{3F370D63-7976-4B07-917A-BFF28A696ECE}
2013-03-27 21:24:28 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{F150F0B3-F325-40D2-9466-62F0E4798E14}
2013-03-27 02:26:32 -------- d-----w- C:\Users\Ryan Laptop\AppData\Local\{E066D89F-60D3-414D-ABBF-0001D580BCA1}
.
==================== Find3M ====================
.
2013-04-22 03:37:49 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-22 03:37:49 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-02 10:34:28 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-09 03:52:12 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-09 03:52:12 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-02 06:04:53 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-02 05:56:00 1188864 ----a-w- C:\Windows\System32\wininet.dll
2013-03-02 04:58:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-03-02 03:57:05 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-03-02 03:22:06 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-01-24 16:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll
.
============= FINISH: 23:33:40.94 ===============