Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Potentially Malicious Application Detected: dllhost.exe [Solved]

Started by brander38 , Nov 16 2014 12:40 PM

Virus Malware Spyware

This topic is locked

#1
brander38

Posted 16 November 2014 - 12:40 PM

Member

Member
24 posts

Hi,

Over the past few days, I've been receiving a "Potentially malicious application detected" notification from my Bitdefender security center. The message reads as follows: \\Windows\syswow64\dllhost.exe was detected as malicious. I would also like to identify if there are others issues of concern (malware, spyware,backdoor hacks...) affecting my computer - Thanks, Billy Ray

OTL:

OTL logfile created on: 11/16/2014 1:05:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Billy\Desktop\Malware-Fixes
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 26.56% Memory free
15.82 Gb Paging File | 7.64 Gb Available in Paging File | 48.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.98 Gb Total Space | 674.46 Gb Free Space | 73.71% Space Free | Partition Type: NTFS
Drive D: | 16.44 Gb Total Space | 2.02 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive J: | 2794.51 Gb Total Space | 2410.94 Gb Free Space | 86.27% Space Free | Partition Type: NTFS

Computer Name: BILLY-HP | User Name: Billy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/12 17:58:57 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/10/10 16:15:59 | 001,942,424 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/09/22 15:44:05 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/26 08:49:58 | 000,078,088 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/07/11 15:14:20 | 000,118,272 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2014/07/11 14:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2013/12/15 22:21:03 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\UtilityChest_49\bar\2.bin\49barsvc.exe
PRC - [2013/11/18 00:59:28 | 000,044,752 | ---- | M] (COMPANYVERS_NAME) -- C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebarsvc.exe
PRC - [2013/11/18 00:59:28 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebrmon.exe
PRC - [2013/05/20 17:21:42 | 001,332,360 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/08/16 17:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/03 09:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 09:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/13 19:19:16 | 002,692,392 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Cyberlink\Power2Go\Power2GoExpressServer.exe
PRC - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2014/11/12 08:38:12 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014/10/15 02:09:00 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014/10/15 02:08:58 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014/10/15 02:08:27 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\b8e72b75a31229c5ae9d34289305c52b\ReachFramework.ni.dll
MOD - [2014/10/15 02:06:03 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/15 02:05:57 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/15 02:05:53 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 02:05:52 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 02:05:52 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 02:05:51 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014/10/15 02:05:50 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014/10/15 02:05:50 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014/10/15 02:05:48 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 02:05:48 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/15 02:05:47 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/07/31 11:16:44 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/07/31 11:16:12 | 001,044,776 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/06/24 00:57:42 | 003,852,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/27 03:04:15 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/01 12:30:46 | 000,861,184 | ---- | M] () -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
MOD - [2010/07/02 01:13:28 | 001,004,840 | ---- | M] () -- c:\Program Files (x86)\Cyberlink\Power2Go\Language\Enu\P2GRC.dll
MOD - [2009/11/02 17:20:02 | 000,144,680 | ---- | M] () -- c:\Program Files (x86)\Cyberlink\Power2Go\CLVistaAudioMixer.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/11/12 09:00:56 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2014/11/12 09:00:55 | 001,527,360 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe -- (VSSERV)
SRV:64bit: - [2014/11/12 09:00:53 | 000,078,144 | ---- | M] (Bitdefender) [On_Demand | Stopped] -- C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2014/11/05 22:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/07/08 14:59:09 | 000,094,624 | ---- | M] (Bitdefender) [Disabled | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/06/03 15:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2014/11/12 08:38:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/22 15:44:05 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/08/26 08:49:58 | 000,078,088 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/07/11 14:58:08 | 007,241,728 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2014/06/24 00:57:42 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/15 22:21:03 | 000,088,648 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\UtilityChest_49\bar\2.bin\49barsvc.exe -- (UtilityChest_49Service)
SRV - [2013/11/18 00:59:28 | 000,044,752 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebarsvc.exe -- (HomeworkSimplified_7eService)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/20 17:21:42 | 001,332,360 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/03 09:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 09:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/24 03:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/11/12 09:00:57 | 000,452,040 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2014/11/12 09:00:35 | 001,288,472 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2014/11/12 09:00:23 | 000,263,032 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2014/05/16 12:04:02 | 000,647,752 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/11/13 14:41:29 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2013/11/04 14:47:36 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013/08/23 12:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/07/02 13:04:11 | 000,121,928 | ---- | M] (Bitdefender SRL) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys -- (bdfwfpf_pc)
DRV:64bit: - [2013/02/23 13:06:43 | 000,033,488 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\voxaldriverx64.sys -- (voxaldriver)
DRV:64bit: - [2013/02/05 21:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/10/29 13:23:56 | 000,107,080 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/31 13:23:02 | 000,070,016 | ---- | M] (Identive) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2012/07/05 21:21:30 | 001,874,016 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/04/17 13:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 17:09:22 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2011/12/19 16:44:29 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/12/19 16:44:29 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/19 03:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 02:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 05:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 06:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 09:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/09/21 00:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2009/09/21 00:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009/09/21 00:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/12 15:11:26 | 000,026,024 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rsdrvx64.sys -- (ElRawDisk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=27-12-2012
&tb_mrud=27-12-2012

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{a776248f-c424-4ce4-8b5e-65db029465d3}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\URLSearchHook: {3b86c427-928d-4b50-910c-117fa4830443} - No CLSID value found
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{0C434ECE-1520-4120-8170-39B3E7D3843A}: "URL" = http://www.search.as...rms}&psv=&pt=tb
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{1282B890-317B-4A9E-B460-3089AFE87E0F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect..._oid=27-12-2012
&tb_mrud=27-12-2012

IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{a776248f-c424-4ce4-8b5e-65db029465d3}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = https://search.yahoo...37,20028,0,31,0
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

========== FireFox ==========

FF - prefs.js..CT3289663.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=http://search.yahoo..../?fr=sfp-yff17"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "InternetHelper3.1 Customized Web Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20140937,20030,0,31,0"
FF - prefs.js..browser.search.selectedEngine: "InternetHelper3.1 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: addon%40defaulttab.com:2.4
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.4.20140604103324
FF - prefs.js..extensions.enabledAddons: 49ffxtbr%40UtilityChest_49.com:6.72.4.54396
FF - prefs.js..extensions.enabledAddons: %7B07cbf788-1359-421b-a4e3-5a8d041b90a3%7D:10.34.0.503
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - prefs.js..keyword.URL: "http://trovi.com/Res...459430&UM=4&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@HomeworkSimplified_7e.com/Plugin: C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\NP7eStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@UtilityChest_49.com/Plugin: C:\Program Files (x86)\UtilityChest_49\bar\2.bin\NP49Stub.dll (Mindspark)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2015\BDTBEXT [2014/10/02 14:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.0.21\coFFFw\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/10/10 16:54:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014/10/02 14:29:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/10/10 16:54:27 | 000,000,000 | ---D | M]

[2014/09/10 21:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Extensions
[2014/10/18 03:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions
[2014/10/18 03:01:51 | 000,000,000 | ---D | M] (InternetHelper3.1) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
[2014/06/23 22:51:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/12/15 22:39:55 | 000,000,000 | ---D | M] (SweetPacks) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
[2013/12/15 22:40:05 | 000,000,000 | ---D | M] (KeyBar 1.8) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}
[2014/09/18 23:01:58 | 000,000,000 | ---D | M] (Utility Chest) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\49ffxtbr@UtilityChest_49.com
[2013/02/01 23:57:53 | 000,000,000 | ---D | M] (HP Smart Print) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\[email protected]
[2014/05/08 21:09:09 | 000,050,921 | ---- | M] () (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\[email protected]
[2014/04/04 13:42:54 | 000,007,022 | ---- | M] () (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\[email protected]
[2014/10/10 16:17:44 | 000,687,155 | ---- | M] () (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\extensions\[email protected]
[2014/10/18 03:51:20 | 000,002,470 | ---- | M] () -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\ask-search.xml
[2013/04/23 17:46:50 | 000,002,308 | ---- | M] () -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\askcom.xml
[2014/11/01 07:42:53 | 000,001,148 | ---- | M] () -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\internethelper31-customized-web-search.xml
[2013/10/12 22:18:43 | 000,003,727 | ---- | M] () -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\safeguard-secure-search.xml
[2014/11/15 08:41:22 | 000,001,977 | ---- | M] () -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\search-here.xml
[2013/09/25 03:56:11 | 000,001,585 | ---- | M] () -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\Sweetpacks Search.xml
[2014/06/24 00:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/06/24 00:57:37 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/06/24 00:57:38 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/10/19 08:30:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/24 00:57:43 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/24 00:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2014/06/24 00:57:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/11/15 11:09:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2014/11/15 11:09:19 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2014/11/15 11:09:20 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2014/11/15 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/11/15 11:09:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/15 11:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\distribution\extensions
[2014/11/15 11:09:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\updated\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live? Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih\18.15.0_0\
CHR - Extension: No name found = C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Search Assistant BHO) - {ba55677a-9449-48b2-a399-f34f2d2bf47c} - C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eSrcAs.dll (MindSpark)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Toolbar BHO) - {e0f8558f-9d61-46ec-b986-65d0302cdb08} - C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebar.dll (MindSpark)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (HP Smart Print Helper) - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\pmbxie.dll (Bitdefender)
O3 - HKLM\..\Toolbar: (HomeworkSimplified) - {469f03b7-86ed-412b-a869-99c9f50bfe17} - C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\Toolbar\WebBrowser: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\pmbxie.dll (Bitdefender)
O3 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\..\Toolbar\WebBrowser: (HomeworkSimplified) - {469F03B7-86ED-412B-A869-99C9F50BFE17} - C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebar.dll (MindSpark)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [HomeworkSimplified Home Page Guard 64 bit] C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\AppIntegrator64.exe ()
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HomeworkSimplified Search Scope Monitor] C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [HomeworkSimplified_7e Browser Plugin Loader] C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Utility Chest EPM Support] C:\Program Files (x86)\UtilityChest_49\bar\2.bin\49medint.exe (Mindspark Interactive Network, Inc.)
O4 - HKLM..\Run: [UtilityChest_49 Browser Plugin Loader 64] C:\Program Files (x86)\UtilityChest_49\bar\2.bin\49brmon64.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe (Bitdefender)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O7 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print 2.1 - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\LaunchEspresso.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://online1.penf...ositEnabler.cab (EZTwainX by Dosadi)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A1CA1E5-1528-4090-8F64-C3AFE0526775}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/27 02:55:18 | 000,000,038 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5071cc92-817f-11e2-b3d6-386077b91a89}\Shell - "" = AutoRun
O33 - MountPoints2\{5071cc92-817f-11e2-b3d6-386077b91a89}\Shell\AutoRun\command - "" = K:\DTSP_Launcher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/11/15 09:23:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/15 09:12:31 | 000,000,000 | ---D | C] -- C:\Users\Billy\Desktop\Malware-Fixes
[2014/11/15 09:12:01 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/12 22:31:03 | 000,000,000 | -HSD | C] -- C:\Users\Billy\AppData\Local\EmieBrowserModeList
[2014/11/12 09:00:57 | 000,452,040 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2014/11/11 15:37:03 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/11/11 15:37:03 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/11 15:37:03 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/11 15:37:01 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2014/11/11 15:37:01 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2014/11/11 15:37:00 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/11/11 15:36:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2014/11/11 15:36:59 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2014/11/11 15:36:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/11 15:36:57 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/11 15:36:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/11 15:36:57 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/11 15:36:57 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/11 15:36:57 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/11 15:36:57 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/11 15:36:56 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/11 15:36:56 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/11 15:36:55 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/11 15:36:55 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/11 15:36:55 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/11 15:36:55 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/11 15:36:55 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/11 15:36:55 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/11 15:36:54 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/11 15:36:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/11 15:36:54 | 000,799,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/11 15:36:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/11 15:36:54 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/11 15:36:54 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/11 15:36:53 | 002,124,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/11 15:36:53 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/11 15:36:52 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/11 15:36:52 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/11 15:36:52 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/11 15:36:52 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/11 15:36:52 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/11 15:36:51 | 006,040,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/11 15:36:51 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/11 15:36:51 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/11 15:36:51 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/11 15:36:50 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/11 15:36:49 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/11 15:36:49 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/11 15:36:36 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IMJP10K.DLL
[2014/11/11 15:36:36 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IMJP10K.DLL
[2014/11/11 15:36:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/11/11 15:36:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/11/11 15:36:34 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2014/11/11 15:36:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2014/11/11 15:36:34 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2014/11/11 15:36:34 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2014/11/11 15:36:34 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2014/11/11 15:36:32 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2014/11/11 15:36:26 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/11/11 15:36:26 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/11/11 15:36:24 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/11/11 15:36:08 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2014/10/19 08:29:46 | 000,000,000 | ---D | C] -- C:\Users\Billy\AppData\Local\Skype
[2014/10/19 08:29:44 | 000,000,000 | ---D | C] -- C:\Users\Billy\AppData\Roaming\Skype
[2014/10/19 08:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/10/19 08:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/10/19 08:29:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/10/19 08:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2014/10/18 03:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/18 02:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
[2014/10/18 02:58:48 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2014/10/18 02:58:45 | 000,093,600 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\BdfNdisf6.sys
[2014/10/18 02:58:45 | 000,082,824 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2014/10/18 02:58:42 | 001,288,472 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/10/18 02:58:42 | 000,647,752 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2014/10/18 02:58:35 | 000,000,000 | ---D | C] -- C:\Users\Billy\AppData\Roaming\Bitdefender
[2014/10/18 02:56:33 | 000,150,256 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys
[2014/10/18 02:28:50 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/10/18 01:58:49 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll
[2014/10/18 01:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2014/10/18 01:58:34 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\capicom.dll
[2014/10/18 01:58:34 | 000,074,512 | ---- | C] (BitDefender SRL) -- C:\Windows\SysWow64\bdsandboxuiskin32.dll
[2014/10/18 01:58:28 | 000,263,032 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/10/18 01:56:45 | 000,084,848 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUISkin.dll
[2014/10/18 01:56:45 | 000,034,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\BDSandBoxUH.dll
[2014/10/18 01:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2014/10/18 01:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2014/10/18 01:56:10 | 000,000,000 | ---D | C] -- C:\Users\Billy\AppData\Roaming\QuickScan
[2014/10/18 01:50:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bitdefender
[2014/10/18 01:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Bitdefender
[2014/10/18 01:29:30 | 000,000,000 | ---D | C] -- C:\Users\Billy\AppData\Local\Microsoft Games
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/11/16 13:04:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/16 12:49:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA.job
[2014/11/16 12:38:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/16 12:18:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AffiliatedUpdate.job
[2014/11/16 10:13:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/16 08:49:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core.job
[2014/11/14 08:05:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/13 16:19:16 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBilly.job
[2014/11/12 22:36:45 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/12 22:36:45 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/12 22:34:39 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/12 22:34:39 | 000,662,712 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/12 22:34:39 | 000,122,766 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/12 22:30:01 | 000,000,632 | RHS- | M] () -- C:\Users\Billy\ntuser.pol
[2014/11/12 22:29:32 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2014/11/12 22:27:23 | 2073,964,543 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/12 09:00:57 | 000,452,040 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2014/11/12 09:00:35 | 001,288,472 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2014/11/12 09:00:23 | 000,263,032 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2014/11/12 08:38:12 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/11/12 08:38:12 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/11/12 03:29:01 | 000,347,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/10 20:04:54 | 000,193,757 | ---- | M] () -- C:\Users\Billy\Desktop\bufftech%20chesterfiled%20vinyl%20fence%20smooth.jpg
[2014/11/10 20:02:35 | 000,027,902 | ---- | M] () -- C:\Users\Billy\Desktop\lexington%20vinyl%20fence.jpg
[2014/11/10 19:59:46 | 000,000,173 | ---- | M] () -- C:\Users\Billy\AppData\Local\msmathematics.qat.Billy
[2014/11/05 23:03:50 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/11/05 22:47:03 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/11/05 22:46:12 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/11/05 22:46:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/11/05 22:44:28 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/11/05 22:35:59 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/11/05 22:31:48 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/11/05 22:30:22 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/11/05 22:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/11/05 22:29:18 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/11/05 22:23:57 | 006,040,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/11/05 22:20:18 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/11/05 22:16:23 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/11/05 22:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/11/05 22:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/11/05 22:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/11/05 22:07:29 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/11/05 22:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/11/05 22:02:05 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/11/05 22:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/11/05 22:00:51 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/11/05 21:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/11/05 21:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/11/05 21:57:38 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/11/05 21:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/11/05 21:41:26 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/11/05 21:41:26 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/11/05 21:39:39 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/11/05 21:38:25 | 002,124,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/11/05 21:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/11/05 21:36:47 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/11/05 21:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/11/05 21:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/11/05 20:53:19 | 000,799,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/11/05 20:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/11/05 12:56:54 | 000,304,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2014/11/05 12:56:36 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/11/05 12:52:22 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/10/27 15:59:31 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/26 14:16:19 | 000,230,359 | ---- | M] () -- C:\Users\Billy\Desktop\Frozen.pdf
[2014/10/25 11:23:02 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBILLY-HP$.job
[2014/10/24 20:57:59 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2014/10/24 20:32:37 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2014/10/23 14:50:52 | 000,071,680 | ---- | M] () -- C:\Users\Billy\Desktop\Fort Bragg Soldiers Train to Fight Ebola.msg
[2014/10/19 08:29:36 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/10/18 03:46:33 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/10/18 03:00:43 | 000,536,866 | ---- | M] () -- C:\ProgramData\1413618985.bdinstall.bin
[2014/10/18 02:59:42 | 000,253,404 | -H-- | M] () -- C:\bdr-ld01
[2014/10/18 02:59:42 | 000,009,216 | -H-- | M] () -- C:\bdr-ld01.mbr
[2014/10/18 02:59:42 | 000,000,684 | -H-- | M] () -- C:\bdr-cf01
[2014/10/18 02:59:19 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
[2014/10/18 02:28:50 | 000,074,512 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\bdsandboxuiskin32.dll
[2014/10/18 01:59:28 | 000,000,385 | ---- | M] () -- C:\Windows\SysNative\user_gensett.xml
[2014/10/18 01:58:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/10/17 22:21:13 | 002,152,401 | ---- | M] () -- C:\Users\Billy\Desktop\Official Transcript.pdf
[2014/10/17 21:56:00 | 000,099,851 | ---- | M] () -- C:\Users\Billy\Desktop\View-Print Answers GG14 Position.htm
[2014/10/17 21:05:23 | 000,861,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/11/10 20:12:45 | 000,193,757 | ---- | C] () -- C:\Users\Billy\Desktop\bufftech%20chesterfiled%20vinyl%20fence%20smooth.jpg
[2014/11/10 20:12:34 | 000,027,902 | ---- | C] () -- C:\Users\Billy\Desktop\lexington%20vinyl%20fence.jpg
[2014/10/26 14:16:19 | 000,230,359 | ---- | C] () -- C:\Users\Billy\Desktop\Frozen.pdf
[2014/10/23 14:50:52 | 000,071,680 | ---- | C] () -- C:\Users\Billy\Desktop\Fort Bragg Soldiers Train to Fight Ebola.msg
[2014/10/19 08:29:36 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/10/18 03:00:43 | 000,536,866 | ---- | C] () -- C:\ProgramData\1413618985.bdinstall.bin
[2014/10/18 02:59:42 | 000,000,684 | -H-- | C] () -- C:\bdr-cf01
[2014/10/18 02:59:19 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
[2014/10/18 02:58:31 | 049,563,064 | -H-- | C] () -- C:\bdr-im01.gz
[2014/10/18 02:58:31 | 003,271,472 | -H-- | C] () -- C:\bdr-bz01
[2014/10/18 02:58:31 | 000,009,216 | -H-- | C] () -- C:\bdr-ld01.mbr
[2014/10/18 02:58:30 | 000,253,404 | -H-- | C] () -- C:\bdr-ld01
[2014/10/18 01:59:28 | 000,000,385 | ---- | C] () -- C:\Windows\SysNative\user_gensett.xml
[2014/10/18 01:58:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_avchv_01009.Wdf
[2014/10/17 22:21:12 | 002,152,401 | ---- | C] () -- C:\Users\Billy\Desktop\Official Transcript.pdf
[2014/10/17 21:55:59 | 000,099,851 | ---- | C] () -- C:\Users\Billy\Desktop\View-Print Answers GG14 Position.htm
[2013/12/19 21:18:00 | 000,000,144 | ---- | C] () -- C:\Users\Billy\AppData\Roaming\WB.CFG
[2013/09/29 22:00:36 | 000,000,173 | ---- | C] () -- C:\Users\Billy\AppData\Local\msmathematics.qat.Billy
[2013/08/22 17:29:07 | 000,000,416 | ---- | C] () -- C:\Windows\Disney.ini
[2013/01/23 11:40:48 | 000,000,004 | ---- | C] () -- C:\Users\Billy\AppData\Roaming\skype.ini
[2012/12/04 22:03:36 | 000,006,656 | ---- | C] () -- C:\Users\Billy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/29 00:37:38 | 000,000,059 | ---- | C] () -- C:\Windows\spwdrhaa.INI
[2012/10/20 08:54:05 | 000,000,632 | RHS- | C] () -- C:\Users\Billy\ntuser.pol
[2012/10/19 05:44:24 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 181 bytes -> C:\ProgramData\Temp:2683706C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:EC2E1DEC

< End of report >

#2
Essexboy

Posted 16 November 2014 - 01:02 PM

GeekU Moderator

Retired Staff
69,964 posts

Hi I believe I know what this is but, I will need to run another analysis programme

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Select additions at the bottom
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please attach both logs generated.

#3
brander38

Posted 16 November 2014 - 02:35 PM

Member

Topic Starter
Member
24 posts

Thanks for the quick response. The requested files are attached.

Attached Files

Addition.txt 24.93KB 256 downloads
FRST.txt 148.4KB 483 downloads

#4
Essexboy

Posted 16 November 2014 - 02:52 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you let me know how the computer is after this run

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

HKLM\...\Run: [HomeworkSimplified Home Page Guard 64 bit] => C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\AppIntegrator64.exe [548936 2013-11-18] ()
HKLM-x32\...\Run: [HomeworkSimplified Search Scope Monitor] => C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eSrchMn.exe [44784 2013-11-18] (MindSpark)
HKLM-x32\...\Run: [HomeworkSimplified_7e Browser Plugin Loader] => C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebrmon.exe [30096 2013-11-18] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [Utility Chest EPM Support] => C:\Program Files (x86)\UtilityChest_49\bar\2.bin\49medint.exe [12872 2013-12-15] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [UtilityChest_49 Browser Plugin Loader 64] => C:\Program Files (x86)\UtilityChest_49\bar\2.bin\49brmon64.exe [71752 2013-12-15] (VER_COMPANY_NAME)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-03-31] (Ask)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-10-10] (APN)
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Group Policy restriction detected <======= ATTENTION
URLSearchHook: HKCU - (No Name) - {3b86c427-928d-4b50-910c-117fa4830443} - C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eSrcAs.dll (MindSpark)
SearchScopes: HKLM-x32 - {a776248f-c424-4ce4-8b5e-65db029465d3} URL = http://search.tb.ask...r={searchTerms}
SearchScopes: HKCU - {0C434ECE-1520-4120-8170-39B3E7D3843A} URL = http://www.search.as...rms}&psv=&pt=tb
SearchScopes: HKCU - {1282B890-317B-4A9E-B460-3089AFE87E0F} URL = http://www.mysearchr...q={searchTerms}
SearchScopes: HKCU - {a776248f-c424-4ce4-8b5e-65db029465d3} URL = http://search.tb.ask...r={searchTerms}
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
BHO-x32: Search Assistant BHO -> {ba55677a-9449-48b2-a399-f34f2d2bf47c} -> C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7eSrcAs.dll (MindSpark)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Toolbar BHO -> {e0f8558f-9d61-46ec-b986-65d0302cdb08} -> C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebar.dll (MindSpark)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - HomeworkSimplified - {469f03b7-86ed-412b-a869-99c9f50bfe17} - C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\7ebar.dll (MindSpark)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
Toolbar: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> No Name - {469F03B7-86ED-412B-A869-99C9F50BFE17} - No File
Toolbar: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
FF NewTab: hxxp://www.mysearchresults.com/?c=9998&t=01&nt=nt1&uid=ffffb796017dec81c8ea4188b64d7dfd
FF DefaultSearchEngine: InternetHelper3.1 Customized Web Search
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2: Ask.com
FF SelectedSearchEngine: InternetHelper3.1 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&CUI=UN11478538711459430&UM=4&SearchSource=13
FF Keyword.URL: hxxp://trovi.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN11478538711459430&UM=4&q=
FF Plugin-x32: @HomeworkSimplified_7e.com/Plugin -> C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\NP7eStub.dll (MindSpark)
FF Plugin-x32: @UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49\bar\2.bin\NP49Stub.dll (Mindspark)
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\internethelper31-customized-web-search.xml
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\search-here.xml
FF SearchPlugin: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\searchplugins\Sweetpacks Search.xml
FF Extension: Utility Chest - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\49ffxtbr@UtilityChest_49.com [2014-09-18]
FF Extension: InternetHelper3.1 - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} [2014-10-18]
FF Extension: SweetPacks - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d} [2013-12-15]
FF Extension: KeyBar 1.8 - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79} [2013-12-15]
FF Extension: Default Tab - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected] [2013-09-23]
FF Extension: LemurLeap - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected] [2013-08-31]
FF Extension: Shopping App by Ask - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected] [2014-10-10]
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-06-24]
FF Extension: WordOv - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-06-24]
CHR HKLM-x32\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Billy\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx []
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-22] (APN LLC.)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
Task: {AF7F2819-CFA5-429C-84F4-CCD80C4F54BF} - System32\Tasks\AffiliatedUpdate => C:\Users\Billy\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\AffiliatedUpdate.job => C:\Users\Billy\AppData\Roaming\AFFILI~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Billy\AppData\Roaming\skype.ini
C:\Users\Billy\AppData\Roaming\AFFILI~1
C:\Program Files (x86)\HomeworkSimplified_7e
C:\Program Files (x86)\UtilityChest_49
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\AskPartnerNetwork
EmptyTemp:
CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

FINALLY

Download and run farbar service scanner

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

#5
brander38

Posted 16 November 2014 - 03:44 PM

Member

Topic Starter
Member
24 posts

Ok,

The adwear cleaner files are attached. I am still getting the receiving the potentially malicious application warning lined to the dllhost.exe file.

Attached Files

AdwCleanerR1.txt 45.22KB 271 downloads
AdwCleanerS0.txt 46.42KB 249 downloads

#6
Essexboy

Posted 16 November 2014 - 03:45 PM

GeekU Moderator

Retired Staff
69,964 posts

Did you run the FRST fix ?

Could you run a fresh FRST scan for me please

#7
brander38

Posted 16 November 2014 - 03:51 PM

Member

Topic Starter
Member
24 posts

Farbar Service Scanner Version: 21-07-2014
Ran by Billy (administrator) on 16-11-2014 at 16:46:41
Running from "C:\Users\Billy\Desktop\Malware-Fixes"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
My system seems to be moving a lot faster when access the websites. Below is the FSS results:

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

#8
brander38

Posted 16 November 2014 - 03:52 PM

Member

Topic Starter
Member
24 posts

Standby I will re-run the FRST fix

#9
Essexboy

Posted 16 November 2014 - 03:55 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you post the fix log that it produces please

#10
brander38

Posted 16 November 2014 - 06:25 PM

Member

Topic Starter
Member
24 posts

I apologize for the delay. When I initially copied/pasted the fixlist script you created, I didn't realize I had also copied text from other parts of the page. I removed the additional text and ran the FRST Fix again. The resulting logs are attached:

Attached Files

AdwCleanerR2.txt 12.78KB 236 downloads
Fixlog.txt 18.03KB 289 downloads
FSS.txt 2.88KB 206 downloads

#11
Essexboy

Posted 17 November 2014 - 08:50 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you confirm that the alerts have now ceased also what other problems are you experiencing ?

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)

Select the language and click OK.

Accept the agreement

Make sure a checkmark is placed next to Enable the Free Trial and Launch Malwarebytes' Anti-Malware, then click on finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Scan Now".

The scan may take some time to finish,so please be patient.

When the scan is complete, click on Quarantine All,.

When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)

Upon restart, launch Malwarebytes Antimalware and select History.

Double click on the last scan done, then on Copy to Clipboard.

To submit your reply, click on Add Reply, then right click on the window and select Paste.

Submit your reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

#12
brander38

Posted 17 November 2014 - 11:54 PM

Member

Topic Starter
Member
24 posts

Essexboy,

The dllhost message is no longer showing up. Your script worked - Excellent! I really appreciate your help finding a solution for the dllhost issues and helping me clean up my computer. The results of my anti-malware are listed below:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/17/2014
Scan Time: 11:23:40 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.18.02
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Billy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 498077
Time Elapsed: 21 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 52
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{469F03B7-86ED-412B-A869-99C9F50BFE17}, Quarantined, [9aa0132a64182a0cc2d333c2c939be42],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{469F03B7-86ED-412B-A869-99C9F50BFE17}, Quarantined, [9aa0132a64182a0cc2d333c2c939be42],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{469F03B7-86ED-412B-A869-99C9F50BFE17}, Quarantined, [9aa0132a64182a0cc2d333c2c939be42],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{469F03B7-86ED-412B-A869-99C9F50BFE17}, Quarantined, [9aa0132a64182a0cc2d333c2c939be42],
PUP.Optional.Ask.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [1e1c78c5cab283b3a9873b7dcf33f709],
PUP.Optional.Ask.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [1e1c78c5cab283b3a9873b7dcf33f709],
PUP.Optional.Ask.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [1e1c78c5cab283b3a9873b7dcf33f709],
PUP.Optional.Ask.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [1e1c78c5cab283b3a9873b7dcf33f709],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA55677A-9449-48B2-A399-F34F2D2BF47C}, Quarantined, [59e19ca14735d363474a04f18d75a060],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{BA55677A-9449-48B2-A399-F34F2D2BF47C}, Quarantined, [59e19ca14735d363474a04f18d75a060],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA55677A-9449-48B2-A399-F34F2D2BF47C}, Quarantined, [59e19ca14735d363474a04f18d75a060],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{BA55677A-9449-48B2-A399-F34F2D2BF47C}, Quarantined, [59e19ca14735d363474a04f18d75a060],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [45f5c27b0676b2848e682ec7a062d828],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [45f5c27b0676b2848e682ec7a062d828],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [45f5c27b0676b2848e682ec7a062d828],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, Quarantined, [45f5c27b0676b2848e682ec7a062d828],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E0F8558F-9D61-46EC-B986-65D0302CDB08}, Quarantined, [7ebcb38af389df577e15e80d1ae804fc],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E0F8558F-9D61-46EC-B986-65D0302CDB08}, Quarantined, [7ebcb38af389df577e15e80d1ae804fc],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E0F8558F-9D61-46EC-B986-65D0302CDB08}, Quarantined, [7ebcb38af389df577e15e80d1ae804fc],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E0F8558F-9D61-46EC-B986-65D0302CDB08}, Quarantined, [7ebcb38af389df577e15e80d1ae804fc],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.SkinLauncherSettings, Quarantined, [b189f14c720aa294c11d767da16104fc],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\CLASSES\HomeworkSimplified_7e.SkinLauncherSettings.1, Quarantined, [1723e15c423aae882faf35bed131f50b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.SkinLauncherSettings, Quarantined, [1723e15c423aae882faf35bed131f50b],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\HomeworkSimplified_7e.SkinLauncherSettings.1, Quarantined, [1723e15c423aae882faf35bed131f50b],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\HomeworkSimplified_7e, Quarantined, [93a72d10afcd290db39bb2f23bc9f808],
PUP.Optional.MindSpark.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\HomeworkSimplified_7eService, Quarantined, [47f3fc41681480b6f15f02a2976de020],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeworkSimplified_7e, Quarantined, [7cbe2e0f6517999d27289c083ec6ba46],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HomeworkSimplified_7e, Quarantined, [ed4d48f55a220135203a332509fa26da],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, Quarantined, [4feb0c31c0bced493630dd96fe0504fc],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeworkSimplified_7e, Quarantined, [a991f449d2aa2313bd9251530301ca36],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [2911bb82a1db290d3b25dac3b64e4db3],
PUP.Optional.DealsPlugin.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Deals Plugin, Quarantined, [06345be285f753e3ab3f35232ad924dc],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [142687b6483465d105da086d19eac937],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HomeworkSimplified_7e, Quarantined, [fc3e7ac37ffda1952c2e9eba847fb24e],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\UtilityChest_49, Quarantined, [8fab8bb2c6b646f0a48b93c5fe056b95],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [6bcfc6776517023496ddc4c89f65fd03],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeworkSimplified_7e, Quarantined, [fa402518adcf45f195ba0a9a669eba46],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [201a182574088bab9ec237664fb505fb],
PUP.Optional.DealsPlugin.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Deals Plugin, Quarantined, [02388cb14c302115e40698c0b54e53ad],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [330756e70a721e18b52af085f70cdb25],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HomeworkSimplified_7e, Quarantined, [a2980b321d5f2b0bf46676e2dc278080],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\UtilityChest_49, Quarantined, [7bbf55e84735f046b07f1b3d2ad95ca4],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [e258211ccfad52e4a2d1b5d7ac58639d],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\HomeworkSimplified_7e, Quarantined, [7dbd5ce1fe7eeb4be26daff517eda45c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [d8629ca113698aacd0900697976d7789],
PUP.Optional.DealsPlugin.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Deals Plugin, Quarantined, [1129eb52f18ba393fbef0c4c26dd58a8],
PUP.Optional.DefaultTab.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DefaultTab, Quarantined, [0a30e15c25572610f3ec3243877c8779],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HomeworkSimplified_7e, Quarantined, [89b12716502c6ccad387c98fcf34f010],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\UtilityChest_49, Quarantined, [53e7b4897606181e7ab5550342c14db3],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [ce6c64d9a1dbd561dc976329887c6c94],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HomeworkSimplified_7e, Quarantined, [2416bd80e597142275e501570af96898],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\UtilityChest_49, Quarantined, [be7c1d20c5b767cf5ad532260df6857b],

Registry Values: 9
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [1e1c78c5cab283b3a9873b7dcf33f709]
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{3b86c427-928d-4b50-910c-117fa4830443}, Quarantined, [4befdf5e94e81620028a9b5a4fb3ed13],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{3B86C427-928D-4B50-910C-117FA4830443}, Quarantined, [4befdf5e94e81620028a9b5a4fb3ed13],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{3B86C427-928D-4B50-910C-117FA4830443}, Quarantined, [4befdf5e94e81620028a9b5a4fb3ed13],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{3b86c427-928d-4b50-910c-117fa4830443}, Quarantined, [f446a796aece82b4dbb1e4111ce61be5],
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [3406ea53a2da1620052b07b140c227d9],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 4222, Quarantined, [6bcfc6776517023496ddc4c89f65fd03]
PUP.Optional.Wajam.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 4222, Quarantined, [e258211ccfad52e4a2d1b5d7ac58639d]
PUP.Optional.Wajam.A, HKU\S-1-5-21-2929616351-1660927109-1562995560-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 4222, Quarantined, [ce6c64d9a1dbd561dc976329887c6c94]

Registry Data: 0
(No malicious items detected)

Folders: 25
PUP.Optional.ValueApps.A, C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\valueApps, Quarantined, [78c283ba1b6150e6768c10fc53b00df3],
PUP.Optional.ValueApps.A, C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\valueApps\CT3289663, Quarantined, [78c283ba1b6150e6768c10fc53b00df3],
PUP.Optional.MindSpark.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\49ffxtbr@UtilityChest_49.com, Quarantined, [16248cb191ebcd69359116f7e81bc53b],
PUP.Optional.MindSpark.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\49ffxtbr@UtilityChest_49.com\chrome, Quarantined, [16248cb191ebcd69359116f7e81bc53b],
PUP.Optional.MindSpark.A, C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\49ffxtbr@UtilityChest_49.com, Quarantined, [aa90d4696f0dc472f3d3c7469172d030],
PUP.Optional.MindSpark.A, C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\49ffxtbr@UtilityChest_49.com\chrome, Quarantined, [aa90d4696f0dc472f3d3c7469172d030],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\chrome, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\plugins, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\chrome, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\plugins, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\UtilityChest_49, Quarantined, [25152914ea927fb77e2b7a95986b8a76],
PUP.Optional.CrossRider.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_loaalbhdjmjgdckmmeflpmbacffgnmme_0, Quarantined, [ef4b5de00775c86e68a7de3424dfcc34],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\History, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Settings, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\LocalLow\HomeworkSimplified_7e, Quarantined, [83b78fae5f1d5ed8b464a7707c87a15f],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\LocalLow\HomeworkSimplified_7e\bar, Quarantined, [83b78fae5f1d5ed8b464a7707c87a15f],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\LocalLow\HomeworkSimplified_7e\bar\Settings, Quarantined, [83b78fae5f1d5ed8b464a7707c87a15f],
PUP.Optional.SweetPacks.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\banjjklfojcdbofbhbgiedekefohoaff, Quarantined, [e05a66d7a2dad75f8067f73929da4eb2],

Files: 59
PUP.Optional.SweetIM, C:\Users\Alyana\AppData\Roaming\Smilebox\sbtb_install.exe, Quarantined, [6cce3904d2aa181e7b9dfe73040122de],
PUP.Optional.InstallCore, C:\Program Files (x86)\FLV Player\FLVPlayer.exe, Quarantined, [e45677c6fc80fa3c45cac8643fc1d030],
PUP.Optional.Conduit.A, C:\Users\Alyana\Downloads\Productivity_3_1_B (1).exe, Quarantined, [1426b489f28a0432d9599d993cc5ad53],
PUP.Optional.Conduit.A, C:\Users\Alyana\Downloads\Productivity_3_1_B.exe, Quarantined, [2f0bb38ac2ba86b037fb4ee89f62e51b],
PUP.Optional.Conduit.A, C:\Users\Alyana\Downloads\Translator_3_1.exe, Quarantined, [4cee9ca13e3e8caa43efac8a29d8926e],
PUP.Optional.SaferInstall, C:\Users\Billy\Downloads\mediaplayer_setup.exe, Quarantined, [87b3c17cf4887eb8654ee5f443be7e82],
PUP.Optional.Conduit.A, C:\Users\Billy\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx, Quarantined, [fc3eef4e5c20320463da92a802010000],
PUP.Optional.SweetPacks.A, C:\Users\Billy\AppData\Local\CRE\banjjklfojcdbofbhbgiedekefohoaff.crx, Quarantined, [c575231a0676d85e29bf95a5b74ce31d],
PUP.Optional.MindSpark.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\49ffxtbr@UtilityChest_49.com\bootstrap.js, Quarantined, [16248cb191ebcd69359116f7e81bc53b],
PUP.Optional.MindSpark.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\49ffxtbr@UtilityChest_49.com\chrome.manifest, Quarantined, [16248cb191ebcd69359116f7e81bc53b],
PUP.Optional.MindSpark.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\49ffxtbr@UtilityChest_49.com\install.rdf, Quarantined, [16248cb191ebcd69359116f7e81bc53b],
PUP.Optional.MindSpark.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\49ffxtbr@UtilityChest_49.com\installKeys.js, Quarantined, [16248cb191ebcd69359116f7e81bc53b],
PUP.Optional.MindSpark.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\37aks078.default\extensions\49ffxtbr@UtilityChest_49.com\chrome\49ffxtbr.jar, Quarantined, [16248cb191ebcd69359116f7e81bc53b],
PUP.Optional.MindSpark.A, C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\49ffxtbr@UtilityChest_49.com\bootstrap.js, Quarantined, [aa90d4696f0dc472f3d3c7469172d030],
PUP.Optional.MindSpark.A, C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\49ffxtbr@UtilityChest_49.com\chrome.manifest, Quarantined, [aa90d4696f0dc472f3d3c7469172d030],
PUP.Optional.MindSpark.A, C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\49ffxtbr@UtilityChest_49.com\install.rdf, Quarantined, [aa90d4696f0dc472f3d3c7469172d030],
PUP.Optional.MindSpark.A, C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\49ffxtbr@UtilityChest_49.com\installKeys.js, Quarantined, [aa90d4696f0dc472f3d3c7469172d030],
PUP.Optional.MindSpark.A, C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\extensions\49ffxtbr@UtilityChest_49.com\chrome\49ffxtbr.jar, Quarantined, [aa90d4696f0dc472f3d3c7469172d030],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\bootstrap.js, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\chrome.manifest, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\install.rdf, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\install_no_bootstrap.rdf, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\chrome\49ffxtbr.jar, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF\manifest.mf, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF\zigbert.rsa, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF\zigbert.sf, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Kaliyah\AppData\Roaming\Mozilla\Firefox\Profiles\fd33t34s.default\extensions\49ffxtbr@UtilityChest_49.com\plugins\FF-NativeMessagingDispatcher.dll, Quarantined, [72c80e2f88f400363f877f8ed330ee12],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\bootstrap.js, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\chrome.manifest, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\install.rdf, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\install_no_bootstrap.rdf, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\chrome\49ffxtbr.jar, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF\manifest.mf, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF\zigbert.rsa, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\META-INF\zigbert.sf, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Nyjah\AppData\Roaming\Mozilla\Firefox\Profiles\ao6m9a7j.default\extensions\49ffxtbr@UtilityChest_49.com\plugins\FF-NativeMessagingDispatcher.dll, Quarantined, [a298a8956616ca6cbe088588fb08b947],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\UtilityChest_49\6B146627-5F72-4B5F-971C-5FA30902296B.sqlite, Quarantined, [25152914ea927fb77e2b7a95986b8a76],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\UtilityChest_49\STUB.sqlite, Quarantined, [25152914ea927fb77e2b7a95986b8a76],
PUP.Optional.CrossRider.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_loaalbhdjmjgdckmmeflpmbacffgnmme_0\3, Quarantined, [ef4b5de00775c86e68a7de3424dfcc34],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DA87F, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAA05, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAA44.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAAA1.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAAD0.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAB1E.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAB6C.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAB9B.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DABD9.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAC18.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAC56.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\035DAC85.bmp, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Cache\files.ini, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\History\search3, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.MindSpark.A, C:\Users\Billy\AppData\LocalLow\HomeworkSimplified_7e\bar\Settings\prevcfg2.htm, Quarantined, [eb4f43faeb914aec55c39285877ce719],
PUP.Optional.SweetPacks.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\banjjklfojcdbofbhbgiedekefohoaff\000045.log, Quarantined, [e05a66d7a2dad75f8067f73929da4eb2],
PUP.Optional.SweetPacks.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\banjjklfojcdbofbhbgiedekefohoaff\CURRENT, Quarantined, [e05a66d7a2dad75f8067f73929da4eb2],
PUP.Optional.SweetPacks.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\banjjklfojcdbofbhbgiedekefohoaff\LOCK, Quarantined, [e05a66d7a2dad75f8067f73929da4eb2],
PUP.Optional.SweetPacks.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\banjjklfojcdbofbhbgiedekefohoaff\LOG, Quarantined, [e05a66d7a2dad75f8067f73929da4eb2],
PUP.Optional.SweetPacks.A, C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\banjjklfojcdbofbhbgiedekefohoaff\MANIFEST-000043, Quarantined, [e05a66d7a2dad75f8067f73929da4eb2],

Physical Sectors: 0
(No malicious items detected)

(end)

#13
Essexboy

Posted 18 November 2014 - 08:39 AM

GeekU Moderator

Retired Staff
69,964 posts

Well that cleared all the other adware I could not see

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:

#14
Essexboy

Posted 21 November 2014 - 09:55 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: Virus, Malware, Spyware

Security → Virus, Spyware, Malware Removal → Having Powersheel.exe Issues ... Need fixlist.txt Started by raj0171 , 19 Mar 2024 Virus, HELP, Malwarebytes	5 replies 2,672 views	DR M 06 Apr 2024
Security → Virus, Spyware, Malware Removal → Hijacked Windows defender [Closed] Started by relay , 17 Nov 2023 shell, spyware, keylogger and 2 more...	8 replies 3,050 views	DR M 23 Nov 2023
Security → Virus, Spyware, Malware Removal → HP desktop - google.com is in Norwegian [Solved] Started by wayneman50 , 23 Jul 2023 internet, google, virus and 1 more... 1 2 3	Hot 41 replies 24,300 views	wayneman50 17 Aug 2023
Security → Virus, Spyware, Malware Removal → Possible Malware infection - help request [Solved] Started by Maffu , 07 May 2023 malware, advapi and 1 more... 1 2 3 4	Hot 51 replies 12,735 views	DR M 26 Jun 2023
Security → Virus, Spyware, Malware Removal → Help getting started checking laptop for malware [Solved] Started by triedeverything , 12 Apr 2023 help, malware, spyware 1 2	Hot 19 replies 5,806 views	DR M 16 Apr 2023