Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Virus and Malware on My PC [Solved]


  • This topic is locked This topic is locked

#1
brander38

brander38

    Member

  • Member
  • PipPip
  • 24 posts

Hi, I receive a pop-up message stating that my computer is infected. I can't view some sites because the pages are littered advertisements (pop-up and non pop-up. I would like to make sure my computer is free of viruses and malware.

-------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by Billy (administrator) on BILLY-HP (04-09-2015 22:35:56)
Running from C:\Users\Billy\Desktop
Loaded Profiles: Billy (Available Profiles: Billy & Nyjah & Alyana & Kaliyah & Aiden & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwtxapps.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\Power2Go\Power2GoExpressServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalsystray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-23] (Bitdefender)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-05-20] (PDF Complete Inc)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-23] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2013-08-17]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-01-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6A1CA1E5-1528-4090-8F64-C3AFE0526775}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> {DBC656EF-3261-43F7-9BCA-25DA99E8CB54} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-21] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll [2012-12-14] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://online8.penfed.org/PenFedOnline/Forms/WebCapture/CheckDepositEnabler.cab

FireFox:
========
FF ProfilePath: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: HP Smart Print - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected] [2013-02-02]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-10-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.0.21\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo...37,20033,0,31,0
CHR DefaultSearchURL: Default -> "url":"https://search.yahoo...37,20034,0,31,0"
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultNewTabURL: Default -> https://us.search.ya...034,0,IE11,9284
CHR DefaultSuggestURL: Default -> http://ff.search.yah...nd={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Flash) - internal-remoting-viewer
CHR Plugin: (Chrome Remote Desktop Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\pdf.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Norton Confidential) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Live? Photo Gallery) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (Google Search) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-10-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (No Name) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-17] (Bitdefender)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-07-12] (WildTangent)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2013-05-20] (PDF Complete Inc)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-23] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-06-23] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-06-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-06-23] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
R1 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-10] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-06-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-19] ()
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [70016 2012-07-31] (Identive)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-03-14] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-23] (BitDefender S.R.L.)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [33488 2013-02-23] ()
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 22:35 - 2015-09-04 22:36 - 00024347 _____ C:\Users\Billy\Desktop\FRST.txt
2015-09-04 22:32 - 2015-09-04 22:32 - 02188800 _____ (Farbar) C:\Users\Billy\Desktop\FRST64.exe
2015-09-04 22:31 - 2015-09-04 22:31 - 02188800 _____ (Farbar) C:\Users\Billy\Downloads\FRST64.exe
2015-08-25 22:34 - 2015-09-04 20:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2015-08-19 23:20 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 23:20 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 23:20 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 23:20 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-14 20:24 - 2015-08-14 20:28 - 00242768 _____ C:\Users\Billy\Downloads\Firefox Setup Stub 40.0.2.exe
2015-08-13 03:17 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:17 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:40 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 09:40 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 09:40 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 09:40 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 09:40 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 09:40 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 09:40 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 09:40 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 09:40 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 09:40 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 09:40 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 09:40 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 09:40 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 09:40 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 09:40 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 09:40 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 09:40 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 09:40 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 09:40 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 09:40 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 09:40 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 09:40 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 09:40 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 09:40 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 09:40 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 09:40 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 09:40 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 09:40 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 09:40 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 09:40 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 09:40 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 09:39 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 09:39 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 09:39 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 09:39 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 09:39 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 09:39 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 09:39 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 09:39 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 09:39 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 09:39 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 09:39 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 09:39 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 09:39 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 09:39 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 09:39 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 09:39 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 09:39 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 09:39 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 09:39 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 09:39 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 09:39 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 09:39 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 09:39 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 09:39 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 09:39 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 09:39 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 09:39 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 09:39 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 09:39 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 09:39 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 09:39 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 09:39 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 09:39 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 09:39 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 09:39 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 09:39 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 09:39 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 09:39 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 09:39 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 09:39 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 09:39 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 09:39 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 09:39 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 09:39 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 09:39 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 09:39 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 09:39 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 09:39 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 09:39 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 09:39 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 09:39 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 09:39 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 09:39 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 09:39 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 09:39 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 09:39 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 09:39 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 09:39 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 09:39 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 09:39 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 09:39 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 09:39 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 09:39 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 09:39 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 09:39 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 09:39 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 09:39 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 09:39 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 09:39 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 09:39 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 09:39 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 09:39 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 09:39 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 09:39 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 09:39 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 09:39 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 09:39 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 09:39 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-07 03:06 - 2015-06-09 14:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-07 03:06 - 2015-06-09 14:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-07 03:06 - 2015-06-03 16:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-08-07 03:06 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-08-05 21:06 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-08-05 21:06 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-08-05 21:06 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-08-05 21:06 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-08-05 21:05 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-08-05 21:05 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-08-05 21:05 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-08-05 21:05 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-08-05 21:05 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-08-05 21:05 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-08-05 21:01 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-08-05 21:01 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-08-05 21:01 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-08-05 21:01 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-05 20:54 - 2015-07-20 14:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-05 20:54 - 2015-07-20 14:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-05 20:54 - 2015-07-20 14:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-05 20:54 - 2015-07-20 13:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-05 20:54 - 2015-07-20 13:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-05 20:54 - 2015-07-20 13:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-05 20:54 - 2015-07-20 13:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-05 20:54 - 2015-07-20 13:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-05 20:54 - 2015-03-13 23:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-08-05 20:54 - 2015-03-13 23:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-08-05 20:54 - 2015-03-13 23:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-08-05 20:54 - 2015-03-13 23:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-08-05 20:53 - 2015-07-28 16:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-05 20:53 - 2015-07-28 16:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-05 20:53 - 2015-07-28 16:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-05 20:53 - 2015-07-28 16:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-05 20:53 - 2015-07-28 16:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-05 20:53 - 2015-07-28 16:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-05 20:53 - 2015-07-28 16:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-05 20:53 - 2015-07-28 15:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-05 20:51 - 2015-05-09 14:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-04 22:35 - 2014-11-15 10:12 - 00000000 ____D C:\FRST
2015-09-04 22:34 - 2012-10-21 23:57 - 00000000 ____D C:\Users\Billy\Documents\Outlook Files
2015-09-04 22:15 - 2014-11-18 00:21 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-04 21:51 - 2014-05-03 14:14 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA.job
2015-09-04 21:39 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-04 21:39 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-04 21:38 - 2013-02-26 23:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 21:34 - 2012-10-20 09:54 - 00000632 __RSH C:\Users\Billy\ntuser.pol
2015-09-04 21:34 - 2012-10-19 02:08 - 00000000 ____D C:\Users\Billy
2015-09-04 21:13 - 2012-10-20 12:15 - 00001232 __RSH C:\Users\Nyjah\ntuser.pol
2015-09-04 21:13 - 2012-10-20 12:15 - 00000000 ____D C:\Users\Nyjah
2015-09-04 21:11 - 2012-10-20 12:16 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1BEEFD9-55BC-4BF7-B6BD-B2F14FAD15E5}
2015-09-04 21:11 - 2012-10-19 02:07 - 01884632 _____ C:\Windows\WindowsUpdate.log
2015-09-04 21:00 - 2013-12-04 19:25 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-04 21:00 - 2011-12-19 18:05 - 00000000 ____D C:\ProgramData\PDFC
2015-09-04 21:00 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-04 21:00 - 2009-07-14 00:51 - 00098107 _____ C:\Windows\setupact.log
2015-09-03 21:30 - 2015-08-01 17:54 - 00000108 _____ C:\Users\Billy\Documents\pswd.txt
2015-09-03 19:21 - 2012-10-29 17:01 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-03 18:57 - 2012-10-19 02:14 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F712B571-DB13-4E6F-8446-176E61B089BC}
2015-09-03 18:46 - 2010-11-20 23:47 - 02838922 _____ C:\Windows\PFRO.log
2015-09-01 21:14 - 2014-10-19 03:20 - 00253404 ____H C:\bdr-ld01
2015-09-01 21:14 - 2014-10-19 03:20 - 00009216 ____H C:\bdr-ld01.mbr
2015-09-01 21:14 - 2014-10-18 03:59 - 00000682 ____H C:\bdr-cf01
2015-09-01 16:22 - 2013-09-29 23:00 - 00000173 _____ C:\Users\Billy\AppData\Local\msmathematics.qat.Billy
2015-08-30 11:45 - 2014-05-03 14:14 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core.job
2015-08-29 23:06 - 2012-10-28 07:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-08-28 18:18 - 2012-10-28 09:34 - 00000906 __RSH C:\Users\Alyana\ntuser.pol
2015-08-28 18:18 - 2012-10-28 09:34 - 00000000 ____D C:\Users\Alyana
2015-08-28 06:26 - 2012-10-29 17:01 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 06:26 - 2012-10-29 17:01 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 06:26 - 2012-10-29 17:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 06:26 - 2012-10-29 17:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 06:21 - 2012-10-28 09:34 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{03757946-5D3C-46A6-8298-C487E1865794}
2015-08-26 16:15 - 2012-12-14 02:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-23 22:19 - 2015-07-25 23:20 - 00000136 _____ C:\Windows\system32\rblcache.dat
2015-08-23 21:27 - 2012-10-20 09:50 - 00000000 ____D C:\Users\Billy\AppData\Local\CrashDumps
2015-08-23 21:05 - 2012-10-19 02:14 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBilly
2015-08-23 21:05 - 2012-10-19 02:14 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForBilly.job
2015-08-21 20:21 - 2012-10-26 08:16 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBILLY-HP$
2015-08-21 20:21 - 2012-10-26 08:16 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForBILLY-HP$.job
2015-08-21 19:40 - 2015-01-14 14:53 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9D109E50-BAD0-405A-A219-E6AFF65A86CA}
2015-08-21 16:28 - 2015-01-14 14:53 - 00001232 __RSH C:\Users\Aiden\ntuser.pol
2015-08-21 16:28 - 2015-01-14 14:53 - 00000000 ____D C:\Users\Aiden
2015-08-18 12:10 - 2012-11-01 16:07 - 00001236 __RSH C:\Users\Kaliyah\ntuser.pol
2015-08-18 12:10 - 2012-11-01 16:07 - 00000000 ____D C:\Users\Kaliyah
2015-08-16 18:24 - 2009-07-14 01:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-14 21:47 - 2015-04-04 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-14 21:47 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:47 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 21:47 - 2012-10-29 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 21:47 - 2011-12-19 18:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-08-14 21:47 - 2011-12-19 18:00 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-14 21:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-08-14 20:28 - 2014-10-19 09:29 - 00000000 ____D C:\Users\Billy\AppData\Roaming\Skype
2015-08-14 20:28 - 2014-10-19 09:29 - 00000000 ____D C:\ProgramData\Skype
2015-08-13 03:35 - 2009-07-14 00:45 - 00347504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:17 - 2013-03-14 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:15 - 2012-10-19 21:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:11 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2015-08-13 03:10 - 2013-07-22 03:04 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 03:00 - 2012-11-03 13:36 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 20:38 - 2013-02-26 23:16 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 20:38 - 2013-02-26 23:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 20:38 - 2011-12-19 18:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-06 03:17 - 2009-07-13 23:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-06 03:15 - 2014-12-11 07:52 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-06 03:15 - 2014-05-02 00:31 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-05 21:05 - 2011-12-19 17:47 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-05 21:00 - 2011-12-19 17:53 - 00006862 _____ C:\Windows\system32\RaCoInst.log

==================== Files in the root of some directories =======

2013-12-03 14:51 - 2013-12-03 14:51 - 49940480 _____ () C:\Program Files (x86)\GUTF95E.tmp
2013-02-23 14:06 - 2013-02-23 14:06 - 0001250 _____ () C:\Users\Billy\AppData\Roaming\trace_FilterInstaller.txt
2013-02-23 14:06 - 2013-02-23 14:06 - 0000000 _____ () C:\Users\Billy\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-12-19 22:18 - 2014-01-29 21:18 - 0000144 _____ () C:\Users\Billy\AppData\Roaming\WB.CFG
2012-12-04 23:03 - 2012-12-05 01:01 - 0006656 _____ () C:\Users\Billy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-29 23:00 - 2015-09-01 16:22 - 0000173 _____ () C:\Users\Billy\AppData\Local\msmathematics.qat.Billy
2014-10-18 04:00 - 2014-10-18 04:00 - 0536866 _____ () C:\ProgramData\1413618985.bdinstall.bin
2012-10-19 06:44 - 2012-10-19 06:44 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-01 20:25

==================== End of FRST.txt ============================

 

----------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by Billy (2015-09-04 22:36:41)
Running from C:\Users\Billy\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2929616351-1660927109-1562995560-500 - Administrator - Disabled) => C:\Users\Administrator
Aiden (S-1-5-21-2929616351-1660927109-1562995560-1007 - Limited - Enabled) => C:\Users\Aiden
Alyana (S-1-5-21-2929616351-1660927109-1562995560-1004 - Limited - Enabled) => C:\Users\Alyana
Billy (S-1-5-21-2929616351-1660927109-1562995560-1000 - Administrator - Enabled) => C:\Users\Billy
Guest (S-1-5-21-2929616351-1660927109-1562995560-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2929616351-1660927109-1562995560-1002 - Limited - Enabled)
Kaliyah (S-1-5-21-2929616351-1660927109-1562995560-1005 - Limited - Enabled) => C:\Users\Kaliyah
Nyjah (S-1-5-21-2929616351-1660927109-1562995560-1003 - Limited - Enabled) => C:\Users\Nyjah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Videosoft 3GP Video Converter 5.0.8 (HKLM-x32\...\{BCCF882E-8442-4323-82D5-624B8BC74F49}_is1) (Version:  - )
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Disney Mix Stick (HKLM-x32\...\{06E76F86-A913-4FCE-9B0E-1D4AD820368F}) (Version:  - )
Disney's Mickey Mouse Toddler (HKLM-x32\...\Mickey Mouse Toddler) (Version:  - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Smart Print 2.1 (HKLM-x32\...\{8046B41C-FB30-4614-898F-57D44D0C66EB}) (Version: 2.1.0.235 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keyboard Master II 2.15 Trial (HKLM-x32\...\mk215e_is1) (Version: 2.15e - Nahlik Soft)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Didj Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28770 - Barnesandnoble.com)
Number Concepts Plinko Interactive Game (HKLM-x32\...\Number Concepts Plinko Interactive Game) (Version: 1.5.0.0 - Lakeshore Learning Materials)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.45 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin) (HKLM-x32\...\DidjPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version:  - LeapFrog)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-08-2015 23:20:33 Windows Update
25-08-2015 16:37:06 Windows Update
01-09-2015 16:10:27 Windows Update
04-09-2015 21:08:40 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DF2A53C-A60B-48A0-A406-69A3784D6D46} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.1.0.14\SymErr.exe
Task: {28BE7321-41DA-4CD6-9EB3-3DD1DE92534D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2E3F892A-EB0A-4B5E-8732-0FE033F63C55} - System32\Tasks\{C4FAD01E-EB2D-4080-9393-C622EAE92B23} => pcalua.exe -a "C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNAVEPV4\wlsetup-web.exe" -d C:\Users\Billy\Desktop
Task: {2EAC283F-B216-4D91-8C7D-2F13A5E8A3C2} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-06-23] (Bitdefender)
Task: {39009FFD-6D33-4009-A1CD-900076B975E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3961ED56-9109-45D6-9B00-6504967A048F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN1AD1K3N005KD => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {3DEFC87F-B9DB-4844-9433-8506E352FE37} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {45481AB3-7C44-4F28-81B7-98DF7FB8DEF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {46CF274F-30A8-4097-87B2-53CD79A70B68} - System32\Tasks\{169B9BB8-98E6-4DFA-82EA-4C29A4299204} => pcalua.exe -a C:\Users\Billy\Documents\InstallRoot_v3.16A.exe -d C:\Users\Billy\Documents
Task: {479707A1-DB58-4EAF-A77D-4D8E278F8C91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5A52C461-2CF0-43D2-B7ED-EC6109512A18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {78C746EB-9156-4310-AA96-80D315B14771} - System32\Tasks\{98AF2B71-0F41-43A2-B5CE-E7AC489A2857} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {80535741-DAC6-4464-B349-1994A08C25B8} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.1.0.14\SymErr.exe
Task: {82F64486-E9ED-48FA-8CFB-673DBC651377} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8BDE3788-5D9F-4C08-BFC8-B9738519EB38} - System32\Tasks\HPCeeScheduleForBILLY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {91C3C01F-1406-4A44-9428-B5C0905F838D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {920626D5-9BAD-4876-8635-A3B20B426457} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {9A1B1E45-B8D2-46E0-B302-475B0F32FBF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {9EB8E410-A67A-4E53-AB15-B8130BEE280D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B0DCDAEA-BC01-448E-8018-798115C4C132} - System32\Tasks\{F709531D-85C5-406D-ACF1-A8674054D529} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {B0FAD8FB-1F61-4598-B2C5-1C34D4A4AEEF} - System32\Tasks\{7A7DEF06-5117-4E73-9376-93B1C72DDC4E} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {B6EEDE58-8DED-4D86-BFFD-36772D107267} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {D28D20F9-AB6A-4474-9D0C-323E0BFBCB34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)
Task: {D37B0D7C-F513-4E7E-A8C6-5C08186439AF} - System32\Tasks\HPCeeScheduleForBilly => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D42D3E24-A776-4388-A7FB-56B18A79E092} - System32\Tasks\{906A6E63-D5B4-4F26-A528-84A5995B49BA} => pcalua.exe -a "C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MASO2FRI\MP10Setup.exe" -d C:\Users\Billy\Desktop
Task: {E9F1BCC4-16F5-495D-B713-446E69D2D0AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F097AE4F-66B4-49B5-B378-B32EBA0FF74F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core.job => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA.job => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBILLY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBilly.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-18 03:58 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-10-18 03:58 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-10-18 03:58 - 2014-10-02 15:19 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-10-18 03:58 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-09-04 21:08 - 2015-09-04 21:08 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpbr.mdl
2015-09-04 21:08 - 2015-09-04 21:08 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpdsp.mdl
2015-09-04 21:08 - 2015-09-04 21:08 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpph.mdl
2015-09-04 21:08 - 2015-09-04 21:08 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttprbl.mdl
2012-12-27 01:44 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-08-27 07:31 - 2015-08-27 07:31 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_009\ashttpbr.mdl
2015-08-27 07:31 - 2015-08-27 07:31 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_009\ashttpdsp.mdl
2015-08-27 07:31 - 2015-08-27 07:31 - 03226336 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_009\ashttpf.mdl
2015-08-27 07:31 - 2015-08-27 07:32 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00750_009\ashttprbl.mdl
2011-12-19 17:44 - 2011-09-19 03:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2010-07-02 02:13 - 2010-07-02 02:13 - 01004840 _____ () c:\Program Files (x86)\CyberLink\Power2Go\Language\ENU\P2GRC.dll
2009-11-02 18:20 - 2009-11-02 18:20 - 00144680 _____ () c:\Program Files (x86)\CyberLink\Power2Go\CLVistaAudioMixer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:2683706C
AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC
AlternateDataStreams: C:\Users\Alyana\Downloads\LeapFrogConnectSetup_LeapReader.exe:BDU
AlternateDataStreams: C:\Users\Billy\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\adwcleaner_4.103.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\delfix_10.8.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 33.0.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 35.0.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 40.0.2.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\FRST64(1).exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\insetup.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\install_flash_player_ax.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Math_Games_Multiplication_Downloader.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\SecurityTaskManager_Setup.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR320 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR320.SYS => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\army.mil -> hxxps://akocac.us.army.mil
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\disa.mil -> hxxps://esd-crm.csd.disa.mil

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{32222861-369C-4250-B827-8592A3895E09}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{AE9A3FF5-554B-4B60-86C2-C19B450F7B16}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{3501BE3F-C169-4D6B-93EB-CA7C9C6E3E97}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{BD1BD8AC-E30B-48D3-8274-25229B47E483}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{F105A4E1-9A90-4265-9EAC-6D63E7C2013F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{74E42891-5F22-4A6F-82BA-656D1487CD56}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3A6AC396-11C1-4239-9FC7-BE66C3C1E234}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{808A21C5-EE43-4044-9152-0BC2BAAA6972}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19B7CE63-541B-4FE6-89D5-3B076D4F23BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42980D8C-88C6-480B-9015-208E9290D3AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F88042DD-C182-4093-B15E-3724DCA040CA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [{12A22857-C40D-403C-847E-8FDAEDE696EE}] => (Allow) C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{02E57B84-D1AB-4C9A-A430-2E40E4451C7F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{C425ADAF-9FCA-4D17-95FB-5A6985D2FB7D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{8173BED5-B219-47A4-808A-07A54F0C53D4}] => (Allow) C:\Program Files (x86)\Barnes & Noble\NOOKstudy\NOOKStudy.exe
FirewallRules: [{59F0F0BC-3C25-431C-BDA2-E2136ADF8BFE}] => (Allow) C:\Program Files (x86)\Barnes & Noble\NOOKstudy\NOOKStudy.exe
FirewallRules: [{F4DFE97B-86A1-4B19-8343-BFAF66A4A5CC}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{D2673753-A8AA-485B-8327-55D94FB594A2}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F0AF936C-34EE-4F46-A4A9-14C48570A943}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{49CE8AE0-755A-4B6B-894B-E1CF894BE24C}] => (Allow) LPort=2869
FirewallRules: [{D8AE8F19-80FF-4BB0-9F72-67B2A665D7DA}] => (Allow) LPort=1900
FirewallRules: [{FB62EB89-010B-4FD0-B6C0-9661CBFC137C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9F85B216-8DD3-4A3A-BFB9-E7AE90677F26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F63A0E71-ED1F-4DF4-BBAC-B4629D63E1DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{B1BE8BAF-136F-440D-87AE-70D200718517}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe
FirewallRules: [UDP Query User{D28E15B3-F10B-443B-9CFB-F815FE0C1057}C:\windows\syswow64\svchost.exe] => (Block) C:\windows\syswow64\svchost.exe
FirewallRules: [{31DA4D94-0F95-4141-B3D9-26CFAE916416}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{F5F6FE5B-6392-41B0-A623-13C9FBEC5C4F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ElRawDisk
Description: ElRawDisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ElRawDisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2015 10:10:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ad8

Start Time: 01d0e77b057c98c5

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/28/2015 09:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ea8

Start Time: 01d0e1ec1fa460b0

Termination Time: 593

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/25/2015 05:01:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18b4

Start Time: 01d0df76a00f95f4

Termination Time: 70

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/23/2015 09:27:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17937, time stamp: 0x55a7f8da
Faulting module name: MSHTML.dll, version: 11.0.9600.17963, time stamp: 0x55c93f44
Exception code: 0xc0000005
Fault offset: 0x00f6cc19
Faulting process id: 0x18c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/21/2015 08:41:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 14.0.7155.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dc8

Start Time: 01d0dc72f6755d16

Termination Time: 5

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id: 851e33a2-4866-11e5-a25f-386077b91a89

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2015 04:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992

Error: (08/21/2015 04:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992

System errors:
=============
Error: (09/04/2015 10:29:29 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/04/2015 10:11:55 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/04/2015 09:59:30 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/04/2015 09:54:20 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/04/2015 09:26:25 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/04/2015 09:16:04 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/04/2015 09:00:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ElRawDisk

Error: (09/03/2015 11:37:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (09/03/2015 11:31:35 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/03/2015 11:13:13 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Microsoft Office:
=========================
Error: (09/04/2015 10:10:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.179371ad801d0e77b057c98c50C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/28/2015 09:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.179371ea801d0e1ec1fa460b0593C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/25/2015 05:01:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1793718b401d0df76a00f95f470C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/23/2015 09:27:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1793755a7f8daMSHTML.dll11.0.9600.1796355c93f44c000000500f6cc1918c01d0de09bafa9d68C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll3dd6978f-49ff-11e5-8c26-386077b91a89

Error: (08/21/2015 08:41:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7155.50001dc801d0dc72f6755d165C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE851e33a2-4866-11e5-a25f-386077b91a89

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2015 04:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992

Error: (08/21/2015 04:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4992

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 47%
Total physical RAM: 8098.52 MB
Available physical RAM: 4260.36 MB
Total Virtual: 16195.23 MB
Available Virtual: 12741.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.98 GB) (Free:636.87 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.44 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2387.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5266F27B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks To Go! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please download to and run all requested tools from your Desktop.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:

Hello :)

I'm not seeing any overt infections in your logs, but there are some items that need removing. So, let's clean up what's there and run some further scans. Upon completion of these steps, please give me an update on how the computer is running.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Restriction detected <======= ATTENTION
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:2683706C
AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 2: Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\
Step 4: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

Question: How is the machine running?

  • 0

#3
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

Pystryker I really appreciate your help. You guys are awesome. My Fixlog is posted below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by Billy (2015-09-07 10:15:44) Run:5
Running from C:\Users\Billy\Desktop
Loaded Profiles: Billy (Available Profiles: Billy & Nyjah & Alyana & Kaliyah & Aiden & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Restriction detected <======= ATTENTION
S1 ElRawDisk; \??\C:\Windows\system32\drivers\rsdrvx64.sys [X]
AlternateDataStreams: C:\ProgramData\Temp:2683706C
AlternateDataStreams: C:\ProgramData\Temp:EC2E1DEC
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User => moved successfully
ElRawDisk => service removed successfully
C:\ProgramData\Temp => ":2683706C" ADS removed successfully.
C:\ProgramData\Temp => ":EC2E1DEC" ADS removed successfully.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state on =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


  • 0

#4
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Home Premium x64
Ran by Billy on Mon 09/07/2015 at 10:38:01.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

Successfully deleted: [Service] bdsandbox [Reboot required]
Successfully deleted: [Service] swdumon [Reboot required]

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Windows\system32\drivers\swdumon.sys
Successfully deleted: [File] C:\Program Files (x86)\GUTF95E.tmp
Successfully deleted: [File] C:\ProgramData\1413618985.bdinstall.bin
Successfully deleted: [File] C:\Users\Billy\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.ask.com_0.localstorage
Successfully deleted: [File] C:\Users\Billy\Appdata\Local\google\chrome\user data\default\local storage\hxxp_www.ask.com_0.localstorage-journal

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\driverupdate
Successfully deleted: [Folder] C:\Users\Billy\Appdata\Local\ysearchutil
Successfully deleted: [Folder] C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\flv player
Successfully deleted: [Folder] C:\Users\Billy\Documents\add-in express
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers

 

~~~ Chrome

[C:\Users\Billy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Billy\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Billy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Billy\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  iaimhpklononapfjngelgdokckfjekfc
]

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/07/2015 at 10:40:46.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


  • 0

#5
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

AdwCleaner Log: 

 

AdwCleaner v5.006 - Logfile created 07/09/2015 at 11:02:36
# Updated 06/09/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Billy - BILLY-HP
# Running from : C:\Users\Billy\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\FLV Player
[-] Folder Deleted : C:\Users\Aiden\AppData\Roaming\Mozilla\Firefox\Profiles\k7mgc3m1.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Not Deleted : C:\Users\Aiden\AppData\Roaming\Mozilla\Firefox\Profiles\k7mgc3m1.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder Deleted : C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[!] Folder Not Deleted : C:\Users\Alyana\AppData\Roaming\Mozilla\Firefox\Profiles\jyvn16ad.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[-] Folder Deleted : C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\Alyana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage
[-] File Deleted : C:\Users\Alyana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nortonsafe.search.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Alyana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage
[-] File Deleted : C:\Users\Alyana\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal
[-] File Deleted : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jlnfdbbladgcmhhamgkioifhbobjaoof
[-] File Deleted : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nemfjadlboooiffmcelkafilagddogim
[-] File Deleted : C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpaiibklhaneknloaoccoidbaffjjlnb

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

[-] [C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mysearch.sweetpacks.com
[-] [C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.conduit.com
[-] [C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Nyjah\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Nyjah\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Alyana\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search here
[-] [C:\Users\Alyana\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Alyana\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Aiden\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: Chrome policies deleted

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [4645 bytes] ##########


  • 0

#6
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts

New FRST Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:06-09-2015 01
Ran by Billy (administrator) on BILLY-HP (07-09-2015 11:37:41)
Running from C:\Users\Billy\Desktop
Loaded Profiles: Billy (Available Profiles: Billy & Nyjah & Alyana & Kaliyah & Aiden & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalsystray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\Power2Go\Power2GoExpressServer.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_18_0_0_232_ActiveX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [892608 2014-03-31] (Microsoft Corporation)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-23] (Bitdefender)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-05-20] (PDF Complete Inc)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-23] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2013-08-17]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2014-01-06]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6A1CA1E5-1528-4090-8F64-C3AFE0526775}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000 -> {DBC656EF-3261-43F7-9BCA-25DA99E8CB54} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-07] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-07] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Smart Print Helper -> {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} -> C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.1\Espresso.dll [2012-12-14] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-07-18] (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-07-18] (Google Inc.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} hxxps://online8.penfed.org/PenFedOnline/Forms/WebCapture/CheckDepositEnabler.cab

FireFox:
========
FF ProfilePath: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default
FF Homepage: hxxps://www.yahoo.com/?fr=yset_ff_syc_oracle&type=orcl_hpset
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Extension: HP Smart Print - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected] [2013-02-02]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-10-18]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.9.0.21\coFFFw
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HomePage: Default -> https://search.yahoo...37,20033,0,31,0
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Flash) - internal-remoting-viewer
CHR Plugin: (Chrome Remote Desktop Viewer) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\pdf.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll No File
CHR Plugin: (Norton Confidential) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Adobe Acrobat) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Windows Live? Photo Gallery) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-30]
CHR Extension: (Google Search) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2014-10-18]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-28]
CHR Extension: (No Name) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]
CHR Extension: (Gmail) - C:\Users\Billy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-30]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.goo...ice/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-17] (Bitdefender)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-07-12] (WildTangent)
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1332360 2013-05-20] (PDF Complete Inc)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-12] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-23] (Bitdefender)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-06-23] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-06-23] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-06-23] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
R1 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-06-23] (BitDefender LLC)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-19] ()
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [70016 2012-07-31] (Identive)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-23] (BitDefender S.R.L.)
R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [33488 2013-02-23] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 11:06 - 2015-09-07 11:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-07 10:48 - 2015-09-07 10:48 - 01654784 _____ C:\Users\Billy\Desktop\AdwCleaner.exe
2015-09-07 10:40 - 2015-09-07 10:40 - 00002127 _____ C:\Users\Billy\Desktop\JRT.txt
2015-09-07 10:34 - 2015-09-07 10:34 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Billy\Desktop\JRT.exe
2015-09-07 10:14 - 2015-09-07 10:14 - 00000762 _____ C:\Users\Billy\Desktop\fixlist.txt
2015-09-07 10:14 - 2015-09-07 10:14 - 00000000 ____D C:\Users\Billy\Desktop\FRST-OlderVersion
2015-09-07 08:38 - 2015-09-07 08:38 - 00000000 ____D C:\Users\Billy\AppData\Roaming\Sun
2015-09-07 08:38 - 2015-09-07 08:38 - 00000000 ____D C:\Users\Billy\.oracle_jre_usage
2015-09-04 23:10 - 2015-09-04 23:10 - 00386560 _____ (Free-backup.info) C:\Users\Billy\Downloads\justzipit.exe
2015-09-04 22:36 - 2015-09-07 11:33 - 00041237 _____ C:\Users\Billy\Desktop\Addition.txt
2015-09-04 22:35 - 2015-09-07 11:37 - 00023014 _____ C:\Users\Billy\Desktop\FRST.txt
2015-09-04 22:32 - 2015-09-07 10:14 - 02190336 _____ (Farbar) C:\Users\Billy\Desktop\FRST64.exe
2015-09-04 22:31 - 2015-09-04 22:31 - 02188800 _____ (Farbar) C:\Users\Billy\Downloads\FRST64.exe
2015-08-25 22:34 - 2015-09-04 20:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2015-08-19 23:20 - 2015-08-10 21:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 23:20 - 2015-08-10 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-19 23:20 - 2015-08-10 20:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-19 23:20 - 2015-08-10 20:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-14 20:24 - 2015-08-14 20:28 - 00242768 _____ C:\Users\Billy\Downloads\Firefox Setup Stub 40.0.2.exe
2015-08-13 03:17 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:17 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:40 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-12 09:40 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-12 09:40 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-12 09:40 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-12 09:40 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-12 09:40 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-12 09:40 - 2015-07-15 14:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-12 09:40 - 2015-07-15 14:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-12 09:40 - 2015-07-15 14:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-12 09:40 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-12 09:40 - 2015-07-15 14:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-12 09:40 - 2015-07-15 14:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-12 09:40 - 2015-07-15 14:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-12 09:40 - 2015-07-15 14:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-12 09:40 - 2015-07-15 14:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-12 09:40 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-12 09:40 - 2015-07-15 14:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-12 09:40 - 2015-07-15 14:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-12 09:40 - 2015-07-15 14:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-12 09:40 - 2015-07-15 14:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 14:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-12 09:40 - 2015-07-15 13:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-12 09:40 - 2015-07-15 13:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-12 09:40 - 2015-07-15 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-12 09:40 - 2015-07-15 13:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-12 09:40 - 2015-07-15 13:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-12 09:40 - 2015-07-15 13:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-12 09:40 - 2015-07-15 13:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-12 09:40 - 2015-07-15 13:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-12 09:40 - 2015-07-15 13:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 13:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-12 09:40 - 2015-07-15 12:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-12 09:40 - 2015-07-15 12:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-12 09:40 - 2015-07-15 12:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-12 09:40 - 2015-07-15 12:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-12 09:40 - 2015-07-15 12:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 09:40 - 2015-07-15 12:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 09:40 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 09:40 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-12 09:39 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-12 09:39 - 2015-07-30 14:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-12 09:39 - 2015-07-30 13:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-12 09:39 - 2015-07-30 13:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-12 09:39 - 2015-07-30 12:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 09:39 - 2015-07-30 12:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 09:39 - 2015-07-30 12:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-12 09:39 - 2015-07-20 20:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-12 09:39 - 2015-07-20 20:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-12 09:39 - 2015-07-16 16:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-12 09:39 - 2015-07-16 16:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-12 09:39 - 2015-07-16 16:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 09:39 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 09:39 - 2015-07-16 16:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-12 09:39 - 2015-07-16 16:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 09:39 - 2015-07-16 16:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-12 09:39 - 2015-07-16 16:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 09:39 - 2015-07-16 16:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 09:39 - 2015-07-16 16:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-12 09:39 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-12 09:39 - 2015-07-16 16:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 09:39 - 2015-07-16 16:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-12 09:39 - 2015-07-16 16:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 09:39 - 2015-07-16 16:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-12 09:39 - 2015-07-16 16:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-12 09:39 - 2015-07-16 16:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 09:39 - 2015-07-16 16:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 09:39 - 2015-07-16 15:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-12 09:39 - 2015-07-16 15:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 09:39 - 2015-07-16 15:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-12 09:39 - 2015-07-16 15:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 09:39 - 2015-07-16 15:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-12 09:39 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-12 09:39 - 2015-07-16 15:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-12 09:39 - 2015-07-16 15:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-12 09:39 - 2015-07-16 15:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-12 09:39 - 2015-07-16 15:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-12 09:39 - 2015-07-16 15:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-12 09:39 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-12 09:39 - 2015-07-16 15:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-12 09:39 - 2015-07-16 15:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-12 09:39 - 2015-07-16 15:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-12 09:39 - 2015-07-16 15:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 09:39 - 2015-07-16 15:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-12 09:39 - 2015-07-16 15:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 09:39 - 2015-07-16 15:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-12 09:39 - 2015-07-16 15:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 09:39 - 2015-07-16 15:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-12 09:39 - 2015-07-16 15:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 09:39 - 2015-07-16 15:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-12 09:39 - 2015-07-16 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-12 09:39 - 2015-07-16 15:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-12 09:39 - 2015-07-16 15:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-12 09:39 - 2015-07-16 15:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 09:39 - 2015-07-16 15:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-12 09:39 - 2015-07-16 15:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-12 09:39 - 2015-07-16 15:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-12 09:39 - 2015-07-16 15:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-12 09:39 - 2015-07-16 15:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 09:39 - 2015-07-16 14:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-12 09:39 - 2015-07-16 14:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-12 09:39 - 2015-07-16 14:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-12 09:39 - 2015-07-16 14:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-12 09:39 - 2015-07-14 23:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 09:39 - 2015-07-14 23:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 09:39 - 2015-07-14 23:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-12 09:39 - 2015-07-14 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-12 09:39 - 2015-07-14 22:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-12 09:39 - 2015-07-14 22:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-12 09:39 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-12 09:39 - 2015-07-14 22:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-12 09:39 - 2015-07-10 13:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 09:39 - 2015-07-10 13:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-12 09:39 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 09:39 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 09:39 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-12 09:39 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 09:39 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-12 09:39 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-12 09:39 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 11:37 - 2014-11-15 10:12 - 00000000 ____D C:\FRST
2015-09-07 11:27 - 2011-12-19 17:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-07 11:14 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-07 11:14 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-07 11:10 - 2012-10-20 09:54 - 00000632 __RSH C:\Users\Billy\ntuser.pol
2015-09-07 11:10 - 2012-10-19 02:08 - 00000000 ____D C:\Users\Billy
2015-09-07 11:09 - 2012-10-19 02:07 - 02003259 _____ C:\Windows\WindowsUpdate.log
2015-09-07 11:06 - 2013-12-04 19:25 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-09-07 11:06 - 2011-12-19 18:05 - 00000000 ____D C:\ProgramData\PDFC
2015-09-07 11:05 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 11:05 - 2009-07-14 00:51 - 00098219 _____ C:\Windows\setupact.log
2015-09-07 11:02 - 2014-11-15 10:23 - 00000000 ____D C:\AdwCleaner
2015-09-07 10:51 - 2014-05-03 14:14 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA.job
2015-09-07 10:38 - 2013-02-26 23:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-07 09:45 - 2013-10-27 09:28 - 00000000 ____D C:\ProgramData\Oracle
2015-09-07 09:32 - 2012-10-21 23:57 - 00000000 ____D C:\Users\Billy\Documents\Outlook Files
2015-09-07 08:39 - 2014-10-06 07:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-07 08:39 - 2013-06-25 22:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-07 08:39 - 2012-10-19 02:14 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F712B571-DB13-4E6F-8446-176E61B089BC}
2015-09-07 08:37 - 2014-10-06 07:58 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-09-07 08:30 - 2012-10-19 02:14 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForBilly.job
2015-09-06 12:59 - 2015-07-25 23:20 - 00000336 _____ C:\Windows\system32\rblcache.dat
2015-09-06 07:51 - 2014-05-03 14:14 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core.job
2015-09-05 21:42 - 2012-10-19 02:14 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBilly
2015-09-05 21:41 - 2012-10-28 07:55 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-05 17:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-09-04 21:13 - 2012-10-20 12:15 - 00001232 __RSH C:\Users\Nyjah\ntuser.pol
2015-09-04 21:13 - 2012-10-20 12:15 - 00000000 ____D C:\Users\Nyjah
2015-09-04 21:11 - 2012-10-20 12:16 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A1BEEFD9-55BC-4BF7-B6BD-B2F14FAD15E5}
2015-09-03 21:30 - 2015-08-01 17:54 - 00000108 _____ C:\Users\Billy\Documents\pswd.txt
2015-09-03 19:21 - 2012-10-29 17:01 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-03 18:46 - 2010-11-20 23:47 - 02838922 _____ C:\Windows\PFRO.log
2015-09-01 21:14 - 2014-10-19 03:20 - 00253404 ____H C:\bdr-ld01
2015-09-01 21:14 - 2014-10-19 03:20 - 00009216 ____H C:\bdr-ld01.mbr
2015-09-01 21:14 - 2014-10-18 03:59 - 00000682 ____H C:\bdr-cf01
2015-09-01 16:22 - 2013-09-29 23:00 - 00000173 _____ C:\Users\Billy\AppData\Local\msmathematics.qat.Billy
2015-08-28 18:18 - 2012-10-28 09:34 - 00000906 __RSH C:\Users\Alyana\ntuser.pol
2015-08-28 18:18 - 2012-10-28 09:34 - 00000000 ____D C:\Users\Alyana
2015-08-28 06:26 - 2012-10-29 17:01 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-28 06:26 - 2012-10-29 17:01 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 06:26 - 2012-10-29 17:01 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 06:26 - 2012-10-29 17:01 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 06:21 - 2012-10-28 09:34 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{03757946-5D3C-46A6-8298-C487E1865794}
2015-08-26 16:15 - 2012-12-14 02:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-23 21:27 - 2012-10-20 09:50 - 00000000 ____D C:\Users\Billy\AppData\Local\CrashDumps
2015-08-21 20:21 - 2012-10-26 08:16 - 00003218 _____ C:\Windows\System32\Tasks\HPCeeScheduleForBILLY-HP$
2015-08-21 20:21 - 2012-10-26 08:16 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForBILLY-HP$.job
2015-08-21 19:40 - 2015-01-14 14:53 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9D109E50-BAD0-405A-A219-E6AFF65A86CA}
2015-08-21 16:28 - 2015-01-14 14:53 - 00001232 __RSH C:\Users\Aiden\ntuser.pol
2015-08-21 16:28 - 2015-01-14 14:53 - 00000000 ____D C:\Users\Aiden
2015-08-18 12:10 - 2012-11-01 16:07 - 00001236 __RSH C:\Users\Kaliyah\ntuser.pol
2015-08-18 12:10 - 2012-11-01 16:07 - 00000000 ____D C:\Users\Kaliyah
2015-08-16 18:24 - 2009-07-14 01:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-14 21:47 - 2015-04-04 03:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-08-14 21:47 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-14 21:47 - 2013-03-14 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-14 21:47 - 2012-10-29 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 21:47 - 2011-12-19 18:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-08-14 21:47 - 2011-12-19 18:00 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-14 21:47 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-14 21:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-08-14 20:28 - 2014-10-19 09:29 - 00000000 ____D C:\Users\Billy\AppData\Roaming\Skype
2015-08-14 20:28 - 2014-10-19 09:29 - 00000000 ____D C:\ProgramData\Skype
2015-08-13 03:35 - 2009-07-14 00:45 - 00347504 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-13 03:17 - 2013-03-14 03:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 03:15 - 2012-10-19 21:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-13 03:11 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2015-08-13 03:10 - 2013-07-22 03:04 - 00000000 ____D C:\Windows\system32\MRT
2015-08-13 03:00 - 2012-11-03 13:36 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-11 20:38 - 2013-02-26 23:16 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 20:38 - 2013-02-26 23:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 20:38 - 2011-12-19 18:03 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-02-23 14:06 - 2013-02-23 14:06 - 0001250 _____ () C:\Users\Billy\AppData\Roaming\trace_FilterInstaller.txt
2013-02-23 14:06 - 2013-02-23 14:06 - 0000000 _____ () C:\Users\Billy\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-12-19 22:18 - 2014-01-29 21:18 - 0000144 _____ () C:\Users\Billy\AppData\Roaming\WB.CFG
2012-12-04 23:03 - 2012-12-05 01:01 - 0006656 _____ () C:\Users\Billy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-09-29 23:00 - 2015-09-01 16:22 - 0000173 _____ () C:\Users\Billy\AppData\Local\msmathematics.qat.Billy
2012-10-19 06:44 - 2012-10-19 06:44 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Billy\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Billy\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-01 20:25

==================== End of FRST.txt ===========================

 

--------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by Billy (2015-09-07 11:37:59)
Running from C:\Users\Billy\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-19 06:08:52)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2929616351-1660927109-1562995560-500 - Administrator - Disabled) => C:\Users\Administrator
Aiden (S-1-5-21-2929616351-1660927109-1562995560-1007 - Limited - Enabled) => C:\Users\Aiden
Alyana (S-1-5-21-2929616351-1660927109-1562995560-1004 - Limited - Enabled) => C:\Users\Alyana
Billy (S-1-5-21-2929616351-1660927109-1562995560-1000 - Administrator - Enabled) => C:\Users\Billy
Guest (S-1-5-21-2929616351-1660927109-1562995560-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2929616351-1660927109-1562995560-1002 - Limited - Enabled)
Kaliyah (S-1-5-21-2929616351-1660927109-1562995560-1005 - Limited - Enabled) => C:\Users\Kaliyah
Nyjah (S-1-5-21-2929616351-1660927109-1562995560-1003 - Limited - Enabled) => C:\Users\Nyjah

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4Videosoft 3GP Video Converter 5.0.8 (HKLM-x32\...\{BCCF882E-8442-4323-82D5-624B8BC74F49}_is1) (Version:  - )
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Disney's Mickey Mouse Toddler (HKLM-x32\...\Mickey Mouse Toddler) (Version:  - )
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6710.2136 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Smart Print 2.1 (HKLM-x32\...\{8046B41C-FB30-4614-898F-57D44D0C66EB}) (Version: 2.1.0.235 - Hewlett-Packard)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Keyboard Master II 2.15 Trial (HKLM-x32\...\mk215e_is1) (Version: 2.15e - Nahlik Soft)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog Didj Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapReader Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2.5702 - Mozilla)
NOOK Study (HKLM-x32\...\NOOK Study) (Version: 2.1.2.28770 - Barnesandnoble.com)
Number Concepts Plinko Interactive Game (HKLM-x32\...\Number Concepts Plinko Interactive Game) (Version: 1.5.0.0 - Lakeshore Learning Materials)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.45 - PDF Complete, Inc)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.0 - Frank Heindörfer, Philip Chinery)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5705 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5705 - CyberLink Corp.) Hidden
Ralink 802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 4.0.3.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 5.0.0.0 - Stellar Information Systems Ltd)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tap Tap Bear (HKLM-x32\...\{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Use the entry named LeapFrog Connect to uninstall (LeapFrog Didj Plugin) (HKLM-x32\...\DidjPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapReader Plugin) (HKLM-x32\...\LeapReaderPlugin) (Version:  - LeapFrog)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Billy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

25-08-2015 16:37:06 Windows Update
01-09-2015 16:10:27 Windows Update
04-09-2015 21:08:40 Windows Update
07-09-2015 10:16:16 Restore Point Created by FRST
07-09-2015 10:38:03 JRT Pre-Junkware Removal
07-09-2015 11:27:03 Removed Disney Mix Stick

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DF2A53C-A60B-48A0-A406-69A3784D6D46} - System32\Tasks\Norton Family\Norton Error Processor => C:\Program Files (x86)\Norton Family\Engine\3.1.0.14\SymErr.exe
Task: {28BE7321-41DA-4CD6-9EB3-3DD1DE92534D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {28CBC3AE-2B4A-42A4-952D-BE9BF6BA4D28} - System32\Tasks\HPCeeScheduleForBilly => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2E3F892A-EB0A-4B5E-8732-0FE033F63C55} - System32\Tasks\{C4FAD01E-EB2D-4080-9393-C622EAE92B23} => pcalua.exe -a "C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NNAVEPV4\wlsetup-web.exe" -d C:\Users\Billy\Desktop
Task: {2EAC283F-B216-4D91-8C7D-2F13A5E8A3C2} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-06-23] (Bitdefender)
Task: {39009FFD-6D33-4009-A1CD-900076B975E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3961ED56-9109-45D6-9B00-6504967A048F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN1AD1K3N005KD => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {3DEFC87F-B9DB-4844-9433-8506E352FE37} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {45481AB3-7C44-4F28-81B7-98DF7FB8DEF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {46CF274F-30A8-4097-87B2-53CD79A70B68} - System32\Tasks\{169B9BB8-98E6-4DFA-82EA-4C29A4299204} => pcalua.exe -a C:\Users\Billy\Documents\InstallRoot_v3.16A.exe -d C:\Users\Billy\Documents
Task: {479707A1-DB58-4EAF-A77D-4D8E278F8C91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5A52C461-2CF0-43D2-B7ED-EC6109512A18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {78C746EB-9156-4310-AA96-80D315B14771} - System32\Tasks\{98AF2B71-0F41-43A2-B5CE-E7AC489A2857} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {80535741-DAC6-4464-B349-1994A08C25B8} - System32\Tasks\Norton Family\Norton Error Analyzer => C:\Program Files (x86)\Norton Family\Engine\3.1.0.14\SymErr.exe
Task: {82F64486-E9ED-48FA-8CFB-673DBC651377} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {8BDE3788-5D9F-4C08-BFC8-B9738519EB38} - System32\Tasks\HPCeeScheduleForBILLY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {91C3C01F-1406-4A44-9428-B5C0905F838D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {920626D5-9BAD-4876-8635-A3B20B426457} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-07-31] (Hewlett-Packard)
Task: {9A1B1E45-B8D2-46E0-B302-475B0F32FBF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {9EB8E410-A67A-4E53-AB15-B8130BEE280D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B0DCDAEA-BC01-448E-8018-798115C4C132} - System32\Tasks\{F709531D-85C5-406D-ACF1-A8674054D529} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {B0FAD8FB-1F61-4598-B2C5-1C34D4A4AEEF} - System32\Tasks\{7A7DEF06-5117-4E73-9376-93B1C72DDC4E} => C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe [2014-03-31] (Microsoft Corporation)
Task: {B6EEDE58-8DED-4D86-BFFD-36772D107267} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {D28D20F9-AB6A-4474-9D0C-323E0BFBCB34} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)
Task: {D42D3E24-A776-4388-A7FB-56B18A79E092} - System32\Tasks\{906A6E63-D5B4-4F26-A528-84A5995B49BA} => pcalua.exe -a "C:\Users\Billy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MASO2FRI\MP10Setup.exe" -d C:\Users\Billy\Desktop
Task: {E9F1BCC4-16F5-495D-B713-446E69D2D0AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {F097AE4F-66B4-49B5-B378-B32EBA0FF74F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005Core.job => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2929616351-1660927109-1562995560-1005UA.job => C:\Users\Kaliyah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBILLY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForBilly.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (Whitelisted) ==============

2014-10-18 03:58 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-10-18 03:58 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-10-18 03:58 - 2014-10-02 15:19 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-10-18 03:58 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-09-04 21:08 - 2015-09-04 21:08 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpbr.mdl
2015-09-04 21:08 - 2015-09-04 21:08 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpdsp.mdl
2015-09-04 21:08 - 2015-09-04 21:08 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpph.mdl
2015-09-04 21:08 - 2015-09-04 21:08 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttprbl.mdl
2012-12-27 01:44 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2015-09-04 21:08 - 2015-09-04 21:08 - 03226336 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_01150_010\ashttpf.mdl
2011-12-19 17:44 - 2011-09-19 03:50 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-02-10 09:53 - 2015-06-23 09:25 - 00471568 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdidntconp.dll
2015-03-17 10:03 - 2015-06-23 09:20 - 00188416 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\ui\bdidntconp.ui
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2010-07-02 02:13 - 2010-07-02 02:13 - 01004840 _____ () c:\Program Files (x86)\CyberLink\Power2Go\Language\ENU\P2GRC.dll
2009-11-02 18:20 - 2009-11-02 18:20 - 00144680 _____ () c:\Program Files (x86)\CyberLink\Power2Go\CLVistaAudioMixer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Alyana\Downloads\LeapFrogConnectSetup_LeapReader.exe:BDU
AlternateDataStreams: C:\Users\Billy\Desktop\AdwCleaner.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\adwcleaner_4.103.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\delfix_10.8.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 33.0.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 35.0.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Firefox Setup Stub 40.0.2.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\FRST64(1).exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\insetup.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\install_flash_player_ax.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\justzipit.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\jxpiinstall(1).exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\jxpiinstall.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\Math_Games_Multiplication_Downloader.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\Billy\Downloads\SecurityTaskManager_Setup.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR311 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR320 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR320.SYS => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\army.mil -> hxxps://akocac.us.army.mil
IE trusted site: HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\...\disa.mil -> hxxps://esd-crm.csd.disa.mil

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2929616351-1660927109-1562995560-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Faulty Device Manager Devices =============

Name: Lexmark X422
Description: Lexmark X422
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2015 10:16:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {272e9360-697e-4e96-9887-d02b645e1d80}

Error: (09/04/2015 10:10:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ad8

Start Time: 01d0e77b057c98c5

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/28/2015 09:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1ea8

Start Time: 01d0e1ec1fa460b0

Termination Time: 593

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/25/2015 05:01:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17937 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 18b4

Start Time: 01d0df76a00f95f4

Termination Time: 70

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (08/23/2015 09:27:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17937, time stamp: 0x55a7f8da
Faulting module name: MSHTML.dll, version: 11.0.9600.17963, time stamp: 0x55c93f44
Exception code: 0xc0000005
Fault offset: 0x00f6cc19
Faulting process id: 0x18c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (08/21/2015 08:41:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program OUTLOOK.EXE version 14.0.7155.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1dc8

Start Time: 01d0dc72f6755d16

Termination Time: 5

Application Path: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

Report Id: 851e33a2-4866-11e5-a25f-386077b91a89

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2015 04:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992

System errors:
=============
Error: (09/07/2015 11:15:02 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (09/07/2015 11:04:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.

Error: (09/07/2015 11:03:06 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (09/07/2015 11:03:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (09/07/2015 11:02:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/07/2015 11:02:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/07/2015 11:02:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/07/2015 11:02:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (09/07/2015 11:02:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 3 time(s).

Error: (09/07/2015 11:02:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Live Family Safety Service service terminated unexpectedly.  It has done this 3 time(s).

Microsoft Office:
=========================
Error: (09/07/2015 10:16:14 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {272e9360-697e-4e96-9887-d02b645e1d80}

Error: (09/04/2015 10:10:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.179371ad801d0e77b057c98c50C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/28/2015 09:21:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.179371ea801d0e1ec1fa460b0593C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/25/2015 05:01:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1793718b401d0df76a00f95f470C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (08/23/2015 09:27:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1793755a7f8daMSHTML.dll11.0.9600.1796355c93f44c000000500f6cc1918c01d0de09bafa9d68C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dll3dd6978f-49ff-11e5-8c26-386077b91a89

Error: (08/21/2015 08:41:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE14.0.7155.50001dc801d0dc72f6755d165C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE851e33a2-4866-11e5-a25f-386077b91a89

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5991

Error: (08/21/2015 04:34:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2015 04:34:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4992

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 42%
Total physical RAM: 8098.52 MB
Available physical RAM: 4624.63 MB
Total Virtual: 16195.23 MB
Available Virtual: 12433.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.98 GB) (Free:637.91 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.44 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive j: (Seagate Backup Plus Drive) (Fixed) (Total:2794.51 GB) (Free:2387.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5266F27B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=915 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.4 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================


  • 0

#7
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Pystryker,

I viewed a few sites and ran a couple of videos and system is working like a new computer. I really appreciate your help.

Ques: I am running the Bitdefender security software. Disclaimer: my system only - each week I receive a lot of error messages when Bitdefender conducts its security scan. I also receive log messages stating numerous pswd protected files were not scanned (most of those msg are linked to the other user accounts on my system). Is Bitdefender one of the best - if not the best - Security programs or would you recommend something else.
  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Pystryker I really appreciate your help.


You're quite welcome, it's my pleasure. :)  

 

I viewed a few sites and ran a couple of videos and system is working like a new computer. I really appreciate your help.


Good news, we're making progress, but still a ways to go. :)
 

Ques: I am running the Bitdefender security software. Disclaimer: my system only - each week I receive a lot of error messages when Bitdefender conducts its security scan. I also receive log messages stating numerous pswd protected files were not scanned (most of those msg are linked to the other user accounts on my system). Is Bitdefender one of the best - if not the best - Security programs or would you recommend something else.


Personally, I use a combination of Avast anti-virus, free version,  and Malwarebytes Anti-Malware for protecting my computer.  MBAM covers a wide range of infection types.  Everything from PUP's (Potentially Unwanted Programs) to rootkits.  I recommend updating both of them and scanning the machine at least once a week, more if heavy browsing on the web is done.  If you wish to switch to Avast, please remember to only run one anti-virus program on the machine as more than one will be counter productive.


Let's run some scans for orphans and remnants.


Please disable your antivirus for the duration of my instructions.  Don't forget to re-enable them after you have completed the steps.


Step 1:  Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click  History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click  Export,  select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2:  Scan with ESET Online Scanner


Please note:  You can use Internet Explorer or Firefox for this step.    Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will  be prompted to  download esetsmartinstaller_enu.exe.  Please do so,  then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg

   

  • Select the option YES, I accept the Terms of Use then click on Start
  •     When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  •     Make sure that the option Scan archives is checked.
  •     Now click on Advanced Settings and select the following:
  •         Scan for potentially unwanted applications
  •         Scan for potentially unsafe applications
  •         Enable Anti-Stealth Technology
  •     Now click on Start
  •     The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  •     When completed the Online Scan will begin automatically. The scan may take several hours.
  •     Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  •     Now click on Finish
  •     Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  •     Copy and paste that log as a reply to this topic.


Step 3:  SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.

  • Save it to your Desktop.
     
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.




Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#9
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
ESET Log:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# product=EOS
# version=8
# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)
# EOSSerial=739920e128fd5b4ca66ba6ed6058dd92
# end=init
# utc_time=2015-09-07 08:26:30
# local_time=2015-09-07 04:26:30 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=739920e128fd5b4ca66ba6ed6058dd92
# end=init
# utc_time=2015-09-07 08:31:41
# local_time=2015-09-07 04:31:41 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25646
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=739920e128fd5b4ca66ba6ed6058dd92
# end=updated
# utc_time=2015-09-07 08:39:13
# local_time=2015-09-07 04:39:13 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=739920e128fd5b4ca66ba6ed6058dd92
# engine=25646
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-07 10:41:55
# local_time=2015-09-07 06:41:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2065 16777213 100 100 0 145406624 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 193209165 0 0
# scanned=233792
# found=192
# cleaned=0
# scan_time=7361
sh=8E3C5227EE9707038C2F94C35CB7DE7DDC32F905 ft=1 fh=3e4f488add131322 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2929616351-1660927109-1562995560-1004\$ROWU9G1.exe"
sh=28B5FAECF206877B6E9C42BAA3BF0FD09A50DF79 ft=1 fh=804d42f499f70d9f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\GenericAskToolbar.dll.vir"
sh=614BBA1596A6A8AD1CAA3191DA63C8D2BBB5298E ft=1 fh=ec49f4e774f4031e vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir"
sh=FB53993A2CDBD82B1A45AF1F4D965806CA961AA6 ft=1 fh=c50ac661e45a5277 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir"
sh=5AB6D37DFCE2E9F25DCCE64EAC92E7A2ED49E52B ft=1 fh=17c6a27f3ccea3ba vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir"
sh=AD80353F37224C64F401A7C3F334A228ABEA5E3C ft=1 fh=741c609f479de660 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=2832725E0AB5563F370065447FF60E731AB817D7 ft=1 fh=425d003ed7b3ce6c vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll.vir"
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=94A7703A1C51CC3B3C7A8C6213CC05432DA94CE6 ft=1 fh=592ee0ba8fa60e6b vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=95789A4121A7CD8B82661FF81CF0B3D89B3637BE ft=1 fh=8fa707990fb5a318 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=99E72D2A6A1493CBD0A04F39C190BA8F8B368C98 ft=1 fh=5bba043882f2db13 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=D84C4080416E0EEBECB96154EC9BFE4EA8F8171F ft=1 fh=5bea9696cac07d6e vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=439E45E18D928FB4D68CC0B43D400D7DF4511E03 ft=1 fh=e596ed23eb2af6c1 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir"
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=439E45E18D928FB4D68CC0B43D400D7DF4511E03 ft=1 fh=e596ed23eb2af6c1 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\VNT\vntldr.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=4EFBE16D1BFF183890039D4D203A5B4C63D3EBB7 ft=1 fh=19246eb31fd34c5e vn="a variant of Win32/Toolbar.CrossRider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deals Plugin\ButtonUtil.dll.vir"
sh=704A32CA0DD0E2B895C6A3C1E831E754EB252404 ft=1 fh=1240180d952e0a5e vn="Win32/Toolbar.CrossRider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deals Plugin\Uninstall.exe.vir"
sh=BA36ABE7B8446F3EA98A075F158E5E95236005FA ft=1 fh=006ab2c7d3ffc0f2 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\defaulttab\DefaultTabSearch.exe.vir"
sh=95F71C4981E4B49E1D45263B040744F64073F218 ft=1 fh=c71c001150d633ba vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FLV Player\Uninstall\__Uninstall_.exe.vir"
sh=D59303A71AA4719F8CDBCC5E6F83332BAB9B5D1E ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.D trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LemurLeap\jlnfdbbladgcmhhamgkioifhbobjaoof.crx.vir"
sh=71FBE0A32060ECCCE43C00B7C02ED06565D7F09F ft=1 fh=0f654da018985d81 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49auxstb.dll.vir"
sh=7C73445F65C0FD08EAAD3A3E7FE1A28F5F482D08 ft=1 fh=dc7dda4109371c06 vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49auxstb64.dll.vir"
sh=5999E5206196F262092C8FE839FEC463EAC22157 ft=1 fh=27b135a74e6530eb vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49bar.dll.vir"
sh=F6A514CC002B36C286D706701C54DB9A07BAE730 ft=1 fh=b29ee21a99e6c053 vn="Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49barsvc.exe.vir"
sh=FA5D0D2DDD909D51A44BBC1818919626D4C223D7 ft=1 fh=1c9e878eed49a678 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49bprtct.dll.vir"
sh=7377286A011223C8EDB6D569EA9E9C530DE7DD9D ft=1 fh=8a1350a06e74ff7f vn="Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brmon.exe.vir"
sh=ED5F07C2013EC69C4A03AC9B48BBC6A3896347DA ft=1 fh=572d0aa7c713be6e vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brmon64.exe.vir"
sh=F6230624FB2F593045AB2DEABE4373AF84CFF516 ft=1 fh=67a8f5e8cdb93eed vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brstub.dll.vir"
sh=02647F8CD70D673E477EC052154028FE08A86AD7 ft=1 fh=c1ea64bddc5cb8f1 vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brstub64.dll.vir"
sh=4DB17C0736B233AD37D6F337A8A03F362389DAE4 ft=1 fh=0c59bba2392f33ae vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49datact.dll.vir"
sh=B040804B32E089C8926BB6A5FBC0D48E3BBAE03C ft=1 fh=443fd092f8ac3cce vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49dlghk.dll.vir"
sh=30017B37C5E874DA90B03618CE9432551D52244D ft=1 fh=33c46fedbb586f3b vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49dlghk64.dll.vir"
sh=157E1B95A1D344798CFB127B7CA276F88F637B01 ft=1 fh=8478345427d1f126 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49feedmg.dll.vir"
sh=74BB4E32B185DCD8553F2822D28977FF6A299BDE ft=1 fh=db00904785107d2d vn="a variant of Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49highin.exe.vir"
sh=6590A892157BA2D363C4DECC22EBF4E48FF583F0 ft=1 fh=01c5e45c97b96046 vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49hkstub.dll.vir"
sh=EC0D7D670552573E60A1516C7E47D71C0F7EB9CB ft=1 fh=bb9cd4821c42bac3 vn="a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49htmlmu.dll.vir"
sh=AD0190339DE0DC3A2703310FC27CEB3DCAB6D040 ft=1 fh=aab0e17e5ff4782d vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49httpct.dll.vir"
sh=5F84D4E3CA35DBD52CFB6B92A40D5AF76BDFFD37 ft=1 fh=d99c7ae8a2ef809c vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49idle.dll.vir"
sh=87CBF3283883EABF7F9F3A941D757573120D9B23 ft=1 fh=d55236b93d2dacb3 vn="a variant of Win32/Toolbar.MyWebSearch.AG potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49ieovr.dll.vir"
sh=5D93ACDE3B4E491BA6A1193AB1CEC7C8379A2C8D ft=1 fh=631467c6a5376239 vn="a variant of Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49medint.exe.vir"
sh=40214B5E70E7B4498B8A2C48CBB9AB0BA9843F36 ft=1 fh=e78cd0435ec00d54 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49mlbtn.dll.vir"
sh=41CE4E72C7F26BA4B93CCF677ECC4E652BAFF507 ft=1 fh=dece550d141ec719 vn="Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49Plugin.dll.vir"
sh=37B2999CB30551F06DB841B79FD6F5D144E43046 ft=1 fh=bb9855177fd67662 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49radio.dll.vir"
sh=7C6A76190F6CD9F904A2EE79D4B96E8241164615 ft=1 fh=c1ef878ae2e9284a vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49regfft.dll.vir"
sh=FD1D6F9C023EB9BBD29C75E83FCB6A8A3FC83346 ft=1 fh=2d2b6200895b81c3 vn="a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49reghk.dll.vir"
sh=25456A655000D5CEA7CAAC881486F7CBEC4414BB ft=1 fh=2a1c57d3dd98c7aa vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49regiet.dll.vir"
sh=734FEA6BB78C6D96DA51E70811ACEDBEBDC1D0E8 ft=1 fh=deeaf86e29a79180 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49script.dll.vir"
sh=18C17FF38FCDE8AD5B46549A50FFD98A319956B5 ft=1 fh=862260e8ce4a17d6 vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49skin.dll.vir"
sh=87E77F21EBBEE058158B046F24EF159203328931 ft=1 fh=4096f84f5d42b246 vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49skplay.exe.vir"
sh=B8267AA57FA0C998CAD83BABB2EF2282BF42A4CB ft=1 fh=da68ea2b1c3aea79 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49SrcAs.dll.vir"
sh=27701684B9B28362D3FEA99A07818FFA492D3A4E ft=1 fh=bcc2ec90b8678e6e vn="Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49SrchMn.exe.vir"
sh=3AC24FD6F613B463B8165D7A32205EC75AC48DF9 ft=1 fh=8b9fef4ee3f4c5cf vn="a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49srchmr.dll.vir"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49tpinst.dll.vir"
sh=F168820EBBB25A99251B35F4328E09BB914DCC9A ft=1 fh=bab93d68c29f066d vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\AppIntegrator64.exe.vir"
sh=A6AD21A19469FB3650387953DDA171CF78464458 ft=1 fh=8261ecd8fca1a29c vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\AppIntegratorStub64.dll.vir"
sh=503D175296F62A84A1DC5D322E02A5898B53F057 ft=1 fh=8e03bdd376c83f71 vn="Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\CREXT.DLL.vir"
sh=A65106770308130C9099A8B1CE950B18B322A5A1 ft=1 fh=a5f508a382e83cd5 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\CrExtP49.exe.vir"
sh=03AF68978658C3350452ACA5567A9F1358E3D387 ft=1 fh=ca334dce2d24b211 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\DPNMNGR.DLL.vir"
sh=293AE2F735B9C76ACF2BE9410EBFF2CD88D47F96 ft=1 fh=59afe8ea20712c28 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\EXEMANAGER.DLL.vir"
sh=F1729FFA87F558D1309B5EC71203DA6F33EADDED ft=1 fh=88b155e75251f720 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\FF-NativeMessagingDispatcher.dll.vir"
sh=B879BC93FA5D87733EDC9FD055A6AF538A554074 ft=1 fh=a792084cb5dc54a4 vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\Hpg64.dll.vir"
sh=1F89E7DE9610BE26CE9577040D0612164E2ED583 ft=1 fh=9a25608207fbeb9d vn="a variant of Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\NP49Stub.dll.vir"
sh=D8B759975F559EA0F0187F61FA557578B87758B7 ft=1 fh=ad0793bbaa3d8264 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8EPMSUP.DLL.vir"
sh=F8A298CC5DDB145D071A78148B7BF566A8B3C650 ft=1 fh=d2be10d612551eb6 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8EXTEX.DLL.vir"
sh=1DC03C09702E4516B9267453FEE9BE1BF1554232 ft=1 fh=3f9fd7636822191c vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8EXTPEX.DLL.vir"
sh=AF326F9B1D27D3007DC1CC20EAEBBAB07D711E7E ft=1 fh=6ca914416977a615 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8HTML.DLL.vir"
sh=CBB4DC6C8F822C67FA32B9F71C185FB535EA8E19 ft=1 fh=b7fc3d548175f148 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8TICKER.DLL.vir"
sh=DD0123C4D8DA38E948888E4EC29778DE0B0DA4D4 ft=1 fh=dea466b0175c3c32 vn="Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\UNIFIEDLOGGING.DLL.vir"
sh=AC5619AAD8CFE80E7E8F44176D56D916102DE59F ft=1 fh=733353b010d950fe vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\VERIFY.DLL.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe.vir"
sh=F48266A97BDB7F58C5B54469B2245CACD46577D0 ft=1 fh=c4efab275ed5eda7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=90AEFC369C77762C543F8F8B879FEFF9899CD3D9 ft=1 fh=c384db2c299ac52f vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Debut\debut.exe.vir"
sh=A11320DE8211B539317FFE10C9B15D6200E4C519 ft=1 fh=d66c3a720dceec1c vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Debut\debutsetup_v1.82.exe.vir"
sh=37C2B582C84E83EB1DBE7F6BE8648E406BD739A7 ft=1 fh=941e524606a3f411 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\ExpressBurn\expressburn.exe.vir"
sh=DEDF92691226E483A0497515EDED90773F93398A ft=1 fh=24cc767e2aae6d63 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\ExpressBurn\expressburnsetup_v4.62.exe.vir"
sh=3EB279A008FCCD2196FD4151BAFF7930B93F6A89 ft=1 fh=f0b30aa10c917054 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\MixPad\mixpad.exe.vir"
sh=506577699558E34369317D1BE55C684985CCC838 ft=1 fh=9a49b248a3277168 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\MixPad\mixpadsetup_v3.23.exe.vir"
sh=F238DDE11E49740D726F49F1386A4F44E88408D2 ft=1 fh=2494177b9f7c67fe vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Prism\prism.exe.vir"
sh=AC639827DFF6460EBAE599E541692791E4634E88 ft=1 fh=ad875933dde4ec11 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Prism\prismsetup_v1.92.exe.vir"
sh=E883EB9C5D1DDF92A40FEE8E14F4B5A76EC3F6FA ft=1 fh=2ee46143e2dbf3e0 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe.vir"
sh=83FEC424A12F71CA3E582D23A63545F0F7F149F3 ft=1 fh=920cfdaa5cc77df2 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Switch\switchsetup_v4.35.exe.vir"
sh=3A6AFC15FD8AFA697E24E2600C2D95BC40727B1B ft=1 fh=9c159939c5c73808 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\VideoPad\videopad.exe.vir"
sh=B72C808988BAC529BD606DC34C21B81E0ED9A7B6 ft=1 fh=7893c82b65109749 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\VideoPad\videopadsetup_v3.11.exe.vir"
sh=C7A4677897B53A8CA34EFF92B3D9D8ECD825BEE2 ft=1 fh=8d52e6cc552cd9d9 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Voxal\voxal.exe.vir"
sh=62466086E62420FD935D12A5A89608419642B19A ft=1 fh=70247b17a8335a1c vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Voxal\voxalsetup_v1.00.exe.vir"
sh=6328A94A41E7F56C2D0612693225DC3DCB039EC5 ft=1 fh=295a2cc3a9acfff3 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\WavePad\wavepad.exe.vir"
sh=8244F0142D0863A238332748779055B914D900F8 ft=1 fh=7a0463d322055a68 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\WavePad\wavepadsetup_v5.31.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=E354E7642F00AEDBAB85CE332A1D6EEA93BCD989 ft=1 fh=8cf5ec3b72844192 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Roaming\defaulttab\DefaultTab\DefaultTabBHO.dll.vir"
sh=A66441EA33B541895F23B3A4F8EB408B616A94BA ft=1 fh=02e58446c958c5ff vn="Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Roaming\defaulttab\DefaultTab\DefaultTabUninstaller.exe.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Roaming\SearchProtect\bin\SPHook32.dll.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kaliyah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kaliyah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kaliyah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nyjah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nyjah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nyjah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=D511282733A9A22E1909893EEE64C9E044AA6C8D ft=1 fh=1cd758c5fa4ff4c5 vn="Win32/Toolbar.MyWebSearch.T potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\NP7eStub.dll.xBAD"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eauxstb.dll"
sh=B0363CB30281B7B40D36D1A334E63568A896AB11 ft=1 fh=3511a44243249cb3 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebar.dll"
sh=B30C4421BBD914059BA4089A6F0D28F318B4CA63 ft=1 fh=b6a643f62ff0e6f3 vn="a variant of Win32/Toolbar.MyWebSearch.AN potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebarsvc.exe"
sh=0FF3588ECB69D2B18C6FAEC012672CA2F60314F6 ft=1 fh=731190b7425307d6 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebprtct.dll"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebrmon.exe"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebrstub.dll"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7edatact.dll"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7edlghk.dll"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7edyn.dll"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7efeedmg.dll"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehighin.exe"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehkstub.dll"
sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehtmlmu.dll"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehttpct.dll"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eidle.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eieovr.dll"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eimpipe.exe"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7emedint.exe"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7emlbtn.dll"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7emsg.dll"
sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="a variant of Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ePlugin.dll"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eradio.dll"
sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ereghk.dll"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eregiet.dll"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7escript.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eskin.dll"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7esknlcr.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eskplay.exe"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eSrcAs.dll"
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eSrchMn.exe"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7etpinst.dll"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7euabtn.dll"
sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\AppIntegrator64.exe"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\AppIntegratorStub64.dll"
sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\CREXT.DLL"
sh=FF9F058B12B6C4D9B6256304FA9078E391C7F32C ft=1 fh=6022d103b074fe9f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\CrExtP7e.exe"
sh=244414D9D39E114E7989C3B35A5FF038508ECFC1 ft=1 fh=0cbd734d892ac7d4 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\DPNMNGR.DLL"
sh=6FF50369661027A1CD5F5E465F78C78913FF84CC ft=1 fh=c941e5f2ec9d2835 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\EXEMANAGER.DLL"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\Hpg64.dll"
sh=2F938D8C9A5D3C9C239793346D43193BA1CBFCD6 ft=1 fh=929bde520a5aa0d2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8EXTEX.DLL"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8EXTPEX.DLL"
sh=7BBFF8810BB79104FE275FBBF7DE48DCBD877E01 ft=1 fh=946da15070ee37db vn="a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8HTML.DLL"
sh=2E85C71E79C5B2A65D8CCDD5B21AFE559102062F ft=1 fh=68336e5d9907ad1c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8TICKER.DLL"
sh=D0787BEAE97CE99982E7F5000772831421FD48E4 ft=1 fh=b650850bda28ebe2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\VERIFY.DLL"
sh=DF5AFCFA723A9EFCB09246976FCB221F7602C997 ft=1 fh=c71c0011d7b6ffae vn="Win32/Toolbar.MyWebSearch.AO potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected]_49.com\plugins\NativeMessagingDispatcher.dll"
sh=227C87300261F9741D55A079216716CE034AB3CB ft=1 fh=0837d0162fa5fed2 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ctypes\FirefoxCtype.dll"
sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll"
sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}\Plugins\npConduitFirefoxPlugin.dll"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=739920e128fd5b4ca66ba6ed6058dd92
# end=init
# utc_time=2015-09-07 10:46:03
# local_time=2015-09-07 06:46:03 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25649
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=739920e128fd5b4ca66ba6ed6058dd92
# end=updated
# utc_time=2015-09-07 10:47:22
# local_time=2015-09-07 06:47:22 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=739920e128fd5b4ca66ba6ed6058dd92
# engine=25649
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-08 02:50:55
# local_time=2015-09-07 10:50:55 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2065 16777213 100 100 0 145421564 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 193224105 0 0
# scanned=831646
# found=228
# cleaned=0
# scan_time=14613
sh=8E3C5227EE9707038C2F94C35CB7DE7DDC32F905 ft=1 fh=3e4f488add131322 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-2929616351-1660927109-1562995560-1004\$ROWU9G1.exe"
sh=28B5FAECF206877B6E9C42BAA3BF0FD09A50DF79 ft=1 fh=804d42f499f70d9f vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\GenericAskToolbar.dll.vir"
sh=614BBA1596A6A8AD1CAA3191DA63C8D2BBB5298E ft=1 fh=ec49f4e774f4031e vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\precache.exe.vir"
sh=FB53993A2CDBD82B1A45AF1F4D965806CA961AA6 ft=1 fh=c50ac661e45a5277 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\SaUpdate.exe.vir"
sh=5AB6D37DFCE2E9F25DCCE64EAC92E7A2ED49E52B ft=1 fh=17c6a27f3ccea3ba vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\UpdateTask.exe.vir"
sh=AD80353F37224C64F401A7C3F334A228ABEA5E3C ft=1 fh=741c609f479de660 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Ask.com\Updater\Updater.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=2832725E0AB5563F370065447FF60E731AB817D7 ft=1 fh=425d003ed7b3ce6c vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll.vir"
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=94A7703A1C51CC3B3C7A8C6213CC05432DA94CE6 ft=1 fh=592ee0ba8fa60e6b vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=95789A4121A7CD8B82661FF81CF0B3D89B3637BE ft=1 fh=8fa707990fb5a318 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=99E72D2A6A1493CBD0A04F39C190BA8F8B368C98 ft=1 fh=5bba043882f2db13 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=D84C4080416E0EEBECB96154EC9BFE4EA8F8171F ft=1 fh=5bea9696cac07d6e vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=439E45E18D928FB4D68CC0B43D400D7DF4511E03 ft=1 fh=e596ed23eb2af6c1 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir"
sh=A56C90A4EC7F49A6EB20DDBE3BD758C73FA15AD4 ft=1 fh=431c8036431afa48 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir"
sh=0AD1420FDB6131F51D7857C47E7CA5FD2875471E ft=1 fh=2a841531b9b5087d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir"
sh=CFE57EA4ABEC47F3AFAD73C4A1CCFEDEE18B0CC8 ft=1 fh=76fe033617b98b8a vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir"
sh=F62774043D559B3AE370228D2A2AA82C939ABADF ft=1 fh=ea4f3d965167cc66 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir"
sh=27646B5D3D244AD1D1295E3383FC128CA8033DEE ft=1 fh=31e1e3590db7d2cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir"
sh=7DB8A92C2923BDCDD8454C0EC4EAEC01023458F2 ft=1 fh=aca8a38fff747382 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir"
sh=24DC9898B68DC2121A3FAF30D5F26F10A2ED1490 ft=1 fh=bd5cc5eaeec67337 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir"
sh=62984CA7F5368AC297E189A955297DCC7D774CCE ft=1 fh=576dbc7e8dd81e8d vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir"
sh=DE7CCBA4214C71D812334955225D8C5E4187D7CE ft=1 fh=663a6b2f5f8c96da vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=9881B77A7AD776B53F12C06B8CC93AFE28FA7BE8 ft=1 fh=7d569b8a8d0504db vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir"
sh=439E45E18D928FB4D68CC0B43D400D7DF4511E03 ft=1 fh=e596ed23eb2af6c1 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-ST-SPE\Source\program files\VNT\vntldr.exe.vir"
sh=DB65D65E6D9103B4BD5C387173B162DE0D3AFE51 ft=1 fh=a21f335b86600102 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=4EFBE16D1BFF183890039D4D203A5B4C63D3EBB7 ft=1 fh=19246eb31fd34c5e vn="a variant of Win32/Toolbar.CrossRider.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deals Plugin\ButtonUtil.dll.vir"
sh=704A32CA0DD0E2B895C6A3C1E831E754EB252404 ft=1 fh=1240180d952e0a5e vn="Win32/Toolbar.CrossRider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Deals Plugin\Uninstall.exe.vir"
sh=BA36ABE7B8446F3EA98A075F158E5E95236005FA ft=1 fh=006ab2c7d3ffc0f2 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\defaulttab\DefaultTabSearch.exe.vir"
sh=95F71C4981E4B49E1D45263B040744F64073F218 ft=1 fh=c71c001150d633ba vn="a variant of Win32/InstallCore.BY potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FLV Player\Uninstall\__Uninstall_.exe.vir"
sh=D59303A71AA4719F8CDBCC5E6F83332BAB9B5D1E ft=0 fh=0000000000000000 vn="JS/Chromex.Agent.D trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LemurLeap\jlnfdbbladgcmhhamgkioifhbobjaoof.crx.vir"
sh=71FBE0A32060ECCCE43C00B7C02ED06565D7F09F ft=1 fh=0f654da018985d81 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49auxstb.dll.vir"
sh=7C73445F65C0FD08EAAD3A3E7FE1A28F5F482D08 ft=1 fh=dc7dda4109371c06 vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49auxstb64.dll.vir"
sh=5999E5206196F262092C8FE839FEC463EAC22157 ft=1 fh=27b135a74e6530eb vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49bar.dll.vir"
sh=F6A514CC002B36C286D706701C54DB9A07BAE730 ft=1 fh=b29ee21a99e6c053 vn="Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49barsvc.exe.vir"
sh=FA5D0D2DDD909D51A44BBC1818919626D4C223D7 ft=1 fh=1c9e878eed49a678 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49bprtct.dll.vir"
sh=7377286A011223C8EDB6D569EA9E9C530DE7DD9D ft=1 fh=8a1350a06e74ff7f vn="Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brmon.exe.vir"
sh=ED5F07C2013EC69C4A03AC9B48BBC6A3896347DA ft=1 fh=572d0aa7c713be6e vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brmon64.exe.vir"
sh=F6230624FB2F593045AB2DEABE4373AF84CFF516 ft=1 fh=67a8f5e8cdb93eed vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brstub.dll.vir"
sh=02647F8CD70D673E477EC052154028FE08A86AD7 ft=1 fh=c1ea64bddc5cb8f1 vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49brstub64.dll.vir"
sh=4DB17C0736B233AD37D6F337A8A03F362389DAE4 ft=1 fh=0c59bba2392f33ae vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49datact.dll.vir"
sh=B040804B32E089C8926BB6A5FBC0D48E3BBAE03C ft=1 fh=443fd092f8ac3cce vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49dlghk.dll.vir"
sh=30017B37C5E874DA90B03618CE9432551D52244D ft=1 fh=33c46fedbb586f3b vn="a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49dlghk64.dll.vir"
sh=157E1B95A1D344798CFB127B7CA276F88F637B01 ft=1 fh=8478345427d1f126 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49feedmg.dll.vir"
sh=74BB4E32B185DCD8553F2822D28977FF6A299BDE ft=1 fh=db00904785107d2d vn="a variant of Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49highin.exe.vir"
sh=6590A892157BA2D363C4DECC22EBF4E48FF583F0 ft=1 fh=01c5e45c97b96046 vn="a variant of Win32/Toolbar.MyWebSearch.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49hkstub.dll.vir"
sh=EC0D7D670552573E60A1516C7E47D71C0F7EB9CB ft=1 fh=bb9cd4821c42bac3 vn="a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49htmlmu.dll.vir"
sh=AD0190339DE0DC3A2703310FC27CEB3DCAB6D040 ft=1 fh=aab0e17e5ff4782d vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49httpct.dll.vir"
sh=5F84D4E3CA35DBD52CFB6B92A40D5AF76BDFFD37 ft=1 fh=d99c7ae8a2ef809c vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49idle.dll.vir"
sh=87CBF3283883EABF7F9F3A941D757573120D9B23 ft=1 fh=d55236b93d2dacb3 vn="a variant of Win32/Toolbar.MyWebSearch.AG potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49ieovr.dll.vir"
sh=5D93ACDE3B4E491BA6A1193AB1CEC7C8379A2C8D ft=1 fh=631467c6a5376239 vn="a variant of Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49medint.exe.vir"
sh=40214B5E70E7B4498B8A2C48CBB9AB0BA9843F36 ft=1 fh=e78cd0435ec00d54 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49mlbtn.dll.vir"
sh=41CE4E72C7F26BA4B93CCF677ECC4E652BAFF507 ft=1 fh=dece550d141ec719 vn="Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49Plugin.dll.vir"
sh=37B2999CB30551F06DB841B79FD6F5D144E43046 ft=1 fh=bb9855177fd67662 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49radio.dll.vir"
sh=7C6A76190F6CD9F904A2EE79D4B96E8241164615 ft=1 fh=c1ef878ae2e9284a vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49regfft.dll.vir"
sh=FD1D6F9C023EB9BBD29C75E83FCB6A8A3FC83346 ft=1 fh=2d2b6200895b81c3 vn="a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49reghk.dll.vir"
sh=25456A655000D5CEA7CAAC881486F7CBEC4414BB ft=1 fh=2a1c57d3dd98c7aa vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49regiet.dll.vir"
sh=734FEA6BB78C6D96DA51E70811ACEDBEBDC1D0E8 ft=1 fh=deeaf86e29a79180 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49script.dll.vir"
sh=18C17FF38FCDE8AD5B46549A50FFD98A319956B5 ft=1 fh=862260e8ce4a17d6 vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49skin.dll.vir"
sh=87E77F21EBBEE058158B046F24EF159203328931 ft=1 fh=4096f84f5d42b246 vn="a variant of Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49skplay.exe.vir"
sh=B8267AA57FA0C998CAD83BABB2EF2282BF42A4CB ft=1 fh=da68ea2b1c3aea79 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49SrcAs.dll.vir"
sh=27701684B9B28362D3FEA99A07818FFA492D3A4E ft=1 fh=bcc2ec90b8678e6e vn="Win32/Toolbar.MyWebSearch.AJ potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49SrchMn.exe.vir"
sh=3AC24FD6F613B463B8165D7A32205EC75AC48DF9 ft=1 fh=8b9fef4ee3f4c5cf vn="a variant of Win32/Toolbar.MyWebSearch.AK potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49srchmr.dll.vir"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\49tpinst.dll.vir"
sh=F168820EBBB25A99251B35F4328E09BB914DCC9A ft=1 fh=bab93d68c29f066d vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\AppIntegrator64.exe.vir"
sh=A6AD21A19469FB3650387953DDA171CF78464458 ft=1 fh=8261ecd8fca1a29c vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\AppIntegratorStub64.dll.vir"
sh=503D175296F62A84A1DC5D322E02A5898B53F057 ft=1 fh=8e03bdd376c83f71 vn="Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\CREXT.DLL.vir"
sh=A65106770308130C9099A8B1CE950B18B322A5A1 ft=1 fh=a5f508a382e83cd5 vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\CrExtP49.exe.vir"
sh=03AF68978658C3350452ACA5567A9F1358E3D387 ft=1 fh=ca334dce2d24b211 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\DPNMNGR.DLL.vir"
sh=293AE2F735B9C76ACF2BE9410EBFF2CD88D47F96 ft=1 fh=59afe8ea20712c28 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\EXEMANAGER.DLL.vir"
sh=F1729FFA87F558D1309B5EC71203DA6F33EADDED ft=1 fh=88b155e75251f720 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\FF-NativeMessagingDispatcher.dll.vir"
sh=B879BC93FA5D87733EDC9FD055A6AF538A554074 ft=1 fh=a792084cb5dc54a4 vn="a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\Hpg64.dll.vir"
sh=1F89E7DE9610BE26CE9577040D0612164E2ED583 ft=1 fh=9a25608207fbeb9d vn="a variant of Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\NP49Stub.dll.vir"
sh=D8B759975F559EA0F0187F61FA557578B87758B7 ft=1 fh=ad0793bbaa3d8264 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8EPMSUP.DLL.vir"
sh=F8A298CC5DDB145D071A78148B7BF566A8B3C650 ft=1 fh=d2be10d612551eb6 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8EXTEX.DLL.vir"
sh=1DC03C09702E4516B9267453FEE9BE1BF1554232 ft=1 fh=3f9fd7636822191c vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8EXTPEX.DLL.vir"
sh=AF326F9B1D27D3007DC1CC20EAEBBAB07D711E7E ft=1 fh=6ca914416977a615 vn="a variant of Win32/Toolbar.MyWebSearch.AS potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8HTML.DLL.vir"
sh=CBB4DC6C8F822C67FA32B9F71C185FB535EA8E19 ft=1 fh=b7fc3d548175f148 vn="a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\T8TICKER.DLL.vir"
sh=DD0123C4D8DA38E948888E4EC29778DE0B0DA4D4 ft=1 fh=dea466b0175c3c32 vn="Win32/Toolbar.MyWebSearch.AL potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\UNIFIEDLOGGING.DLL.vir"
sh=AC5619AAD8CFE80E7E8F44176D56D916102DE59F ft=1 fh=733353b010d950fe vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\UtilityChest_49\bar\2.bin\VERIFY.DLL.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=FDC2005CED8ACF86C68FE1B86B0698D0539E8CE0 ft=1 fh=1aa6a68885750335 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Components\NCHToolbars\ask.com\ApnStub.exe.vir"
sh=F48266A97BDB7F58C5B54469B2245CACD46577D0 ft=1 fh=c4efab275ed5eda7 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir"
sh=90AEFC369C77762C543F8F8B879FEFF9899CD3D9 ft=1 fh=c384db2c299ac52f vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Debut\debut.exe.vir"
sh=A11320DE8211B539317FFE10C9B15D6200E4C519 ft=1 fh=d66c3a720dceec1c vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Debut\debutsetup_v1.82.exe.vir"
sh=37C2B582C84E83EB1DBE7F6BE8648E406BD739A7 ft=1 fh=941e524606a3f411 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\ExpressBurn\expressburn.exe.vir"
sh=DEDF92691226E483A0497515EDED90773F93398A ft=1 fh=24cc767e2aae6d63 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\ExpressBurn\expressburnsetup_v4.62.exe.vir"
sh=3EB279A008FCCD2196FD4151BAFF7930B93F6A89 ft=1 fh=f0b30aa10c917054 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\MixPad\mixpad.exe.vir"
sh=506577699558E34369317D1BE55C684985CCC838 ft=1 fh=9a49b248a3277168 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\MixPad\mixpadsetup_v3.23.exe.vir"
sh=F238DDE11E49740D726F49F1386A4F44E88408D2 ft=1 fh=2494177b9f7c67fe vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Prism\prism.exe.vir"
sh=AC639827DFF6460EBAE599E541692791E4634E88 ft=1 fh=ad875933dde4ec11 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Prism\prismsetup_v1.92.exe.vir"
sh=E883EB9C5D1DDF92A40FEE8E14F4B5A76EC3F6FA ft=1 fh=2ee46143e2dbf3e0 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Switch\switch.exe.vir"
sh=83FEC424A12F71CA3E582D23A63545F0F7F149F3 ft=1 fh=920cfdaa5cc77df2 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Switch\switchsetup_v4.35.exe.vir"
sh=3A6AFC15FD8AFA697E24E2600C2D95BC40727B1B ft=1 fh=9c159939c5c73808 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\VideoPad\videopad.exe.vir"
sh=B72C808988BAC529BD606DC34C21B81E0ED9A7B6 ft=1 fh=7893c82b65109749 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\VideoPad\videopadsetup_v3.11.exe.vir"
sh=C7A4677897B53A8CA34EFF92B3D9D8ECD825BEE2 ft=1 fh=8d52e6cc552cd9d9 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Voxal\voxal.exe.vir"
sh=62466086E62420FD935D12A5A89608419642B19A ft=1 fh=70247b17a8335a1c vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\Voxal\voxalsetup_v1.00.exe.vir"
sh=6328A94A41E7F56C2D0612693225DC3DCB039EC5 ft=1 fh=295a2cc3a9acfff3 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\WavePad\wavepad.exe.vir"
sh=8244F0142D0863A238332748779055B914D900F8 ft=1 fh=7a0463d322055a68 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Alyana\AppData\Roaming\NCH Software\Program Files\WavePad\wavepadsetup_v5.31.exe.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=E354E7642F00AEDBAB85CE332A1D6EEA93BCD989 ft=1 fh=8cf5ec3b72844192 vn="a variant of Win32/Toolbar.DefaultTab.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Roaming\defaulttab\DefaultTab\DefaultTabBHO.dll.vir"
sh=A66441EA33B541895F23B3A4F8EB408B616A94BA ft=1 fh=02e58446c958c5ff vn="Win32/Toolbar.DefaultTab.E potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Roaming\defaulttab\DefaultTab\DefaultTabUninstaller.exe.vir"
sh=76A69E2AF9F1BAC40D8D9FE128364894CA2E9F08 ft=1 fh=004b198f29fb0ef4 vn="a variant of Win32/Conduit.SearchProtect.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Billy\AppData\Roaming\SearchProtect\bin\SPHook32.dll.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kaliyah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kaliyah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Kaliyah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=AAD9FD6DF5CE8FF9026F68CFA087B6A2CA65877A ft=1 fh=4a8e3f0cd41e60cb vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nyjah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir"
sh=26C9570F8B047C53E90336E579EE3AA564499C17 ft=1 fh=96509ce8a0ae2059 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nyjah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir"
sh=AA857B767C25C09D134A1D7117278F1AEB24F124 ft=1 fh=79c1b0ef2065db14 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Nyjah\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir"
sh=D511282733A9A22E1909893EEE64C9E044AA6C8D ft=1 fh=1cd758c5fa4ff4c5 vn="Win32/Toolbar.MyWebSearch.T potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\NP7eStub.dll.xBAD"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eauxstb.dll"
sh=B0363CB30281B7B40D36D1A334E63568A896AB11 ft=1 fh=3511a44243249cb3 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebar.dll"
sh=B30C4421BBD914059BA4089A6F0D28F318B4CA63 ft=1 fh=b6a643f62ff0e6f3 vn="a variant of Win32/Toolbar.MyWebSearch.AN potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebarsvc.exe"
sh=0FF3588ECB69D2B18C6FAEC012672CA2F60314F6 ft=1 fh=731190b7425307d6 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebprtct.dll"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebrmon.exe"
sh=12FF3195BDACA5482034AAC3C3E132D5ADA421A9 ft=1 fh=982f80d197512813 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ebrstub.dll"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7edatact.dll"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7edlghk.dll"
sh=8090E240F528004402B29C11E5072BED79D95384 ft=1 fh=73e118282d8d3c4a vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7edyn.dll"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7efeedmg.dll"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehighin.exe"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehkstub.dll"
sh=EAA9D46B8FAB8F3D48BB239ADFE46BA312434017 ft=1 fh=2506fdd3752ff6fe vn="a variant of Win32/Toolbar.MyWebSearch.AT potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehtmlmu.dll"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ehttpct.dll"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eidle.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eieovr.dll"
sh=AFCAAC5845D81A407C63733E4A7D007167F96BE8 ft=1 fh=02b0c8de8c8e9f1e vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eimpipe.exe"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7emedint.exe"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7emlbtn.dll"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7emsg.dll"
sh=CBF93E0F6FF8AE054C18BDBE477CBFAF9F467CF9 ft=1 fh=f7d96c65ea0021a5 vn="a variant of Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ePlugin.dll"
sh=77C8DC985373B1E5D9035ECB3A831C7DD1ABFD55 ft=1 fh=e1f880731de07609 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eradio.dll"
sh=A2F202F68FEF2A31E9FE3AE124A46B908349778C ft=1 fh=bf17c6b7704b10fd vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7ereghk.dll"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eregiet.dll"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7escript.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eskin.dll"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7esknlcr.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eskplay.exe"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eSrcAs.dll"
sh=8ACE75F6C2417666AD9D60837B72D78B394C3944 ft=1 fh=ae6d89138faf571c vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7eSrchMn.exe"
sh=72489280930F183E34FE5AF817F207A5EB65F8D4 ft=1 fh=033eb58713fd33d4 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7etpinst.dll"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\7euabtn.dll"
sh=630D5FC9ACC4932C87263895F554F8C3CB6D4B4A ft=1 fh=b81ce565a99a556c vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\AppIntegrator64.exe"
sh=374E378A91209732B48C8416D1E9805E98FDCFA9 ft=1 fh=6da58ad1308c1c96 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\AppIntegratorStub64.dll"
sh=6902D246F8FC2457C9AE369B094292DE6EB454BC ft=1 fh=b1be847bff3fcf8f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\CREXT.DLL"
sh=FF9F058B12B6C4D9B6256304FA9078E391C7F32C ft=1 fh=6022d103b074fe9f vn="a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\CrExtP7e.exe"
sh=244414D9D39E114E7989C3B35A5FF038508ECFC1 ft=1 fh=0cbd734d892ac7d4 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\DPNMNGR.DLL"
sh=6FF50369661027A1CD5F5E465F78C78913FF84CC ft=1 fh=c941e5f2ec9d2835 vn="a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\EXEMANAGER.DLL"
sh=3D7CD376DFDB97512A376E85FBB7F04344C051B6 ft=1 fh=e0ed2601e18686d8 vn="Win64/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\Hpg64.dll"
sh=2F938D8C9A5D3C9C239793346D43193BA1CBFCD6 ft=1 fh=929bde520a5aa0d2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8EXTEX.DLL"
sh=B8944722E8D577E67925DD4A72D1D8E44C3BC6CA ft=1 fh=6f8a20cf4b11d7b0 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8EXTPEX.DLL"
sh=7BBFF8810BB79104FE275FBBF7DE48DCBD877E01 ft=1 fh=946da15070ee37db vn="a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8HTML.DLL"
sh=2E85C71E79C5B2A65D8CCDD5B21AFE559102062F ft=1 fh=68336e5d9907ad1c vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\T8TICKER.DLL"
sh=D0787BEAE97CE99982E7F5000772831421FD48E4 ft=1 fh=b650850bda28ebe2 vn="a variant of Win32/Toolbar.MyWebSearch.AU potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\HomeworkSimplified_7e\HomeworkSimplified_7e\bar\1.bin\VERIFY.DLL"
sh=DF5AFCFA723A9EFCB09246976FCB221F7602C997 ft=1 fh=c71c0011d7b6ffae vn="Win32/Toolbar.MyWebSearch.AO potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\[email protected]_49.com\plugins\NativeMessagingDispatcher.dll"
sh=227C87300261F9741D55A079216716CE034AB3CB ft=1 fh=0837d0162fa5fed2 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ctypes\FirefoxCtype.dll"
sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\Plugins\npConduitFirefoxPlugin.dll"
sh=A011DFD8D93BBA7B75833C0F85FF6E1D25594B84 ft=1 fh=049679d5506e563e vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\k4ecvf1n.default\Extensions\{9ed31f84-c8b3-4926-b950-dff74047ff79}\Plugins\npConduitFirefoxPlugin.dll"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=8244F0142D0863A238332748779055B914D900F8 ft=1 fh=7a0463d322055a68 vn="a variant of Win32/Toolbar.Conduit.H potentially unwanted application" ac=I fn="C:\Users\Alyana\Downloads\wpsetup.exe"
sh=1568E5A258D882EABFA4EB3F7BB01A0C32E941A1 ft=1 fh=25ea0acf646f4fa8 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Users\Billy\Downloads\insetup.exe"
sh=885C7E4EA128351E5FE325D98344F27A46222D73 ft=1 fh=fa8545db3bcfb224 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Users\Billy\Downloads\winzip175 (1).exe"
sh=885C7E4EA128351E5FE325D98344F27A46222D73 ft=1 fh=fa8545db3bcfb224 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Users\Billy\Downloads\winzip175.exe"
sh=5DC767D129FA54681A6BD41F3C23930AE43F10C3 ft=1 fh=24e20994bc455261 vn="a variant of Win32/InstallCore.QW potentially unwanted application" ac=I fn="C:\Users\Billy\Downloads\winzip18_c4u.exe"
sh=E6B38EE31BD199E6527EA6CF199684FF3D06621C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\1599b38d.msi"
sh=9CE317C3749C254138FB6F1995A7580894F5F8D6 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\17a9c7.msi"
sh=7E1B3854826BF6A4372FE123237572F1579F4767 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\2f4093.msi"
sh=9A9A34DC208F8595F6910CECF8D1DC7F1F3AA5D3 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\Installer\3bb1282.msi"
sh=95789A4121A7CD8B82661FF81CF0B3D89B3637BE ft=1 fh=8fa707990fb5a318 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcLdr_exe"
sh=D84C4080416E0EEBECB96154EC9BFE4EA8F8171F ft=1 fh=5bea9696cac07d6e vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrvStub_dll"
sh=99E72D2A6A1493CBD0A04F39C190BA8F8B368C98 ft=1 fh=5bba043882f2db13 vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrv_dll"
sh=94A7703A1C51CC3B3C7A8C6213CC05432DA94CE6 ft=1 fh=592ee0ba8fa60e6b vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\TBNotifier_exe"
sh=885C7E4EA128351E5FE325D98344F27A46222D73 ft=1 fh=fa8545db3bcfb224 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\winzip175 (1).exe"
sh=9E8F0B4FFEDD337F1B1C7E6FED8BB5D9068CEBE2 ft=1 fh=c023bfdaac20e090 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\2_freefileviewer_2_1283.exe"
sh=9E8F0B4FFEDD337F1B1C7E6FED8BB5D9068CEBE2 ft=1 fh=c023bfdaac20e090 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\3_freefileviewer_2_1283.exe"
sh=9E8F0B4FFEDD337F1B1C7E6FED8BB5D9068CEBE2 ft=1 fh=c023bfdaac20e090 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\4_freefileviewer_2_1283.exe"
sh=9E8F0B4FFEDD337F1B1C7E6FED8BB5D9068CEBE2 ft=1 fh=c023bfdaac20e090 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe"
sh=9E8F0B4FFEDD337F1B1C7E6FED8BB5D9068CEBE2 ft=1 fh=c023bfdaac20e090 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe"
sh=9E8F0B4FFEDD337F1B1C7E6FED8BB5D9068CEBE2 ft=1 fh=c023bfdaac20e090 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe"
sh=9E8F0B4FFEDD337F1B1C7E6FED8BB5D9068CEBE2 ft=1 fh=c023bfdaac20e090 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSHelper.dll"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\2_WINZIPSSSystemCleaner.exe"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSSHelper.dll"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\Copy1_WINZIPSSSystemCleaner.exe"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="J:\Recovered Data Billy\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"

--------
MBAM Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/7/2015
Scan Time: 12:50 PM
Logfile: MBAM.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.07.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Billy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 605358
Time Elapsed: 35 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

-------------------------------------

Checkup Log:

Results of screen317's Security Check version 1.008
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Bitdefender Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 60
Adobe Flash Player 18.0.0.232
Adobe Reader XI
Mozilla Firefox (40.0.3)
Google Chrome (44.0.2403.157)
Google Chrome (45.0.2454.85)
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender 2015 vsserv.exe
Bitdefender Bitdefender 2015 bdparentalservice.exe
Bitdefender Bitdefender 2015 updatesrv.exe
Bitdefender Bitdefender 2015 BdParentalSysTray.exe
Bitdefender Bitdefender 2015 bdagent.exe
Bitdefender Bitdefender 2015 bdwtxag.exe
Bitdefender Bitdefender 2015 seccenter.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Excellent, the MBAM scan came back clean, and the majority of the items found by ESET are already quarantined, leaving us just a few to deal with.  :thumbsup:

Please disable your antivirus for the duration of my instructions.  Don't forget to re-enable them after you have completed the steps.

Step 1:  Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Restriction detected <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>
C:\Users\Alyana\Downloads\wpsetup.exe
C:\Users\Billy\Downloads\insetup.exe
C:\Users\Billy\Downloads\winzip*.*
C:\Windows\Installer\1599b38d.msi
C:\Windows\Installer\17a9c7.msi
C:\Windows\Installer\2f4093.ms
C:\Windows\Installer\3bb1282.msi
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcLdr_exe
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrvStub_dll
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrv_dll
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\TBNotifier_exe
J:\winzip175 (1).exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\2_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\3_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\4_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe
J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe
J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Things I need to see in your next post:

Fixlog.txt Log

  • 0

Advertisements


#11
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:06-09-2015 01
Ran by Billy (2015-09-08 21:30:57) Run:6
Running from C:\Users\Billy\Desktop
Loaded Profiles: Billy & Kaliyah (Available Profiles: Billy & Nyjah & Alyana & Kaliyah & Aiden & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User: Restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User: Restriction detected <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [napjheenlliimoedooldaalpjfidlidp] - <no Path/update_url>
C:\Users\Alyana\Downloads\wpsetup.exe
C:\Users\Billy\Downloads\insetup.exe
C:\Users\Billy\Downloads\winzip*.*
C:\Windows\Installer\1599b38d.msi
C:\Windows\Installer\17a9c7.msi
C:\Windows\Installer\2f4093.ms
C:\Windows\Installer\3bb1282.msi
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcLdr_exe
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrvStub_dll
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrv_dll
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\TBNotifier_exe
J:\winzip175 (1).exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\2_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\3_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\4_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe
J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe
J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe
End

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1007\User => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1005\User => moved successfully
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2929616351-1660927109-1562995560-1003\User => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\napjheenlliimoedooldaalpjfidlidp" => key removed successfully
C:\Users\Alyana\Downloads\wpsetup.exe => moved successfully
C:\Users\Billy\Downloads\insetup.exe => moved successfully
C:\Users\Billy\Downloads\winzip*.* => moved successfully
C:\Windows\Installer\1599b38d.msi => moved successfully
C:\Windows\Installer\17a9c7.msi => moved successfully
"C:\Windows\Installer\2f4093.ms" => File/Folder not found.
C:\Windows\Installer\3bb1282.msi => moved successfully
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcLdr_exe => moved successfully
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrvStub_dll => moved successfully
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\idcSrv_dll => moved successfully
C:\Windows\Installer\$PatchCache$\Managed\D2A425F405350054677A7A857BC01110\12.17.1\TBNotifier_exe => moved successfully
J:\winzip175 (1).exe => moved successfully
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\2_freefileviewer_2_1283.exe => moved successfully
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\3_freefileviewer_2_1283.exe => moved successfully
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\4_freefileviewer_2_1283.exe => moved successfully
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe => moved successfully
J:\Recovered\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe => moved successfully
J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\Copy1_freefileviewer_2_1283.exe => moved successfully
J:\Recovered Data Billy\Program Files\Common Files\Microsoft Shared\VC\freefileviewer_2_1283.exe => moved successfully


The system needed a reboot..

==== End of Fixlog 21:31:24 ====
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

The fixlog looks good. :thumbsup: Subject to no further problems, let's remove my tools and create a clean restore point on the machine and get rid of the infected ones.

Step 1: Tool Removal with Delfix and Creation of a clean restore point
  • Download Delfix from here
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    • Reset System Settings
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
  • You can uninstall ESET Online Scanner at this time.
  • I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.
Step 2: Tips, Information, and Optional Installation of Unchecky
  • Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.
  • Install and keep only one anti-virus on your machine. Update it and scan your machine with it at least once a week.
  • Be careful of the websites you visit.
  • When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take your time and read each screen as you go. :)
To help protect yourself while on the web, I recommend you read How did I get infected in the first place?


Installation of Unchecky

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.
  • Click here to be taken to Unchecky.com
  • Click the very large Download button.
  • Click Save
  • Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)
  • Once open, click the Install button.
unchecky1_zps667e512d.jpg


Then click Finish

unchecky2_zpsca4e7d0d.jpg


Unchecky is now installed and will help you keep unwanted check boxes unchecked. :thumbsup:


Things I need to see in your next post

Delfix Log

  • 0

#13
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
# DelFix v1.010 - Logfile created 08/09/2015 at 21:51:43
# Updated 26/04/2015 by Xplode
# Username : Billy - BILLY-HP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Billy\Desktop\FRST-OlderVersion
Deleted : C:\TDSSKiller.3.0.0.41_14.04.2015_22.46.01_log.txt
Deleted : C:\TDSSKiller.3.0.0.41_14.04.2015_22.48.02_log.txt
Deleted : C:\Users\Billy\Desktop\Addition.txt
Deleted : C:\Users\Billy\Desktop\AdwCleaner.exe
Deleted : C:\Users\Billy\Desktop\Fixlog.txt
Deleted : C:\Users\Billy\Desktop\FRST.txt
Deleted : C:\Users\Billy\Desktop\FRST64.exe
Deleted : C:\Users\Billy\Desktop\JRT.exe
Deleted : C:\Users\Billy\Desktop\JRT.txt
Deleted : C:\Users\Billy\Desktop\Rkill.txt
Deleted : C:\Users\Billy\Desktop\SecurityCheck.exe
Deleted : C:\Users\Billy\Downloads\Addition.txt
Deleted : C:\Users\Billy\Downloads\adwcleaner_4.103.exe
Deleted : C:\Users\Billy\Downloads\esetsmartinstaller_enu(1).exe
Deleted : C:\Users\Billy\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Billy\Downloads\FRST.txt
Deleted : C:\Users\Billy\Downloads\FRST64(1).exe
Deleted : C:\Users\Billy\Downloads\FRST64.exe
Deleted : C:\Users\Billy\Downloads\OTL.exe
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKCU\console_combofixbackup
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #225 [Windows Update | 09/01/2015 20:10:27]
Deleted : RP #226 [Windows Update | 09/05/2015 01:08:40]
Deleted : RP #228 [Restore Point Created by FRST | 09/07/2015 14:16:16]
Deleted : RP #229 [JRT Pre-Junkware Removal | 09/07/2015 14:38:03]
Deleted : RP #230 [Removed Disney Mix Stick | 09/07/2015 15:27:03]
Deleted : RP #231 [Windows Update | 09/08/2015 07:51:59]
Deleted : RP #233 [Restore Point Created by FRST | 09/09/2015 01:30:59]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Excellent :) Everything running ok?
  • 0

#15
brander38

brander38

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
pystryker,

My systems seems to be as good as new. You guys provide a great service. I will definitely recommend you all to my friends and co-workers. Again, thank you for the timely and excellent support.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP