HKLM\...\Run: [HomeworkSimplified Home Page Guard 64 bit] => "C:\PROGRA~2\HOMEWO~2\bar\1.bin\AppIntegrator64.exe"
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\12345\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_RESTORE_FILES_wepli.TXT [2015-05-16] ()
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-237654137-635372401-2747628395-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-237654137-635372401-2747628395-1000 -> {2CC656BE-4C2D-4E5B-A49C-9036F99C0959} URL =
BHO-x32: AOL Toolbar Loader -> {3ef64538-8b54-4573-b48f-4d34b0238ab2} -> C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Toolbar BHO -> {e0f8558f-9d61-46ec-b986-65d0302cdb08} -> C:\PROGRA~2\HOMEWO~2\bar\1.bin\7ebar.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
Toolbar: HKU\S-1-5-21-237654137-635372401-2747628395-1000 -> No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - No File
FF Plugin-x32: @HomeworkSimplified_7e.com/Plugin -> C:\Program Files (x86)\HomeworkSimplified_7e\bar\1.bin\NP7eStub.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U37) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (SoundDabble Installer Plugin Stub) - C:\Program Files (x86)\SoundDabble_2lEI\Installr\1.bin\NP2lEISB.dll No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\SysWOW64\npdeployJava1.dll No File
S2 HomeworkSimplified_7eService; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
2015-06-12 20:24 - 2015-05-16 20:01 - 00000232 _____ C:\Users\12345\Documents\RECOVERY_FILE.TXT
2015-05-16 20:06 - 2015-05-16 20:06 - 0001342 _____ () C:\Program Files\HELP_RESTORE_FILES_wepli.TXT
2014-11-17 17:22 - 2014-11-17 17:22 - 6000640 _____ () C:\Program Files (x86)\GUT901F.tmp
2015-05-16 20:04 - 2015-05-16 20:04 - 0001342 _____ () C:\Program Files\Common Files\HELP_RESTORE_FILES_wepli.TXT
2015-05-16 20:09 - 2015-05-16 21:14 - 0001342 _____ () C:\Users\12345\AppData\Roaming\HELP_RESTORE_FILES_wepli.TXT
2015-05-16 20:09 - 2015-05-16 21:14 - 0001342 _____ () C:\Users\12345\AppData\Local\HELP_RESTORE_FILES_wepli.TXT
2010-06-13 01:39 - 2010-06-13 01:39 - 0000000 _____ () C:\Users\12345\AppData\Local\AtStart.txt
2010-06-13 01:39 - 2010-06-13 01:39 - 0000000 _____ () C:\Users\12345\AppData\Local\DSwitch.txt
2015-05-16 20:09 - 2015-05-16 21:14 - 0001342 _____ () C:\Users\12345\AppData\Local\HELP_RESTORE_FILES_wepli.TXT
2010-06-13 01:39 - 2010-06-13 01:39 - 0000000 _____ () C:\Users\12345\AppData\Local\QSwitch.txt
2010-04-06 17:14 - 2010-04-06 17:14 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-03-13 02:34 - 2010-03-13 02:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-04-06 17:13 - 2010-04-06 17:13 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-03-13 02:28 - 2010-03-13 02:29 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-04-06 17:13 - 2010-04-06 17:13 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2010-04-06 17:14 - 2010-04-06 17:14 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-03-13 02:28 - 2010-03-13 02:28 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-03-13 02:30 - 2010-03-13 02:33 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-04-06 17:14 - 2010-04-06 17:14 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
C:\Program Files (x86)\Ask.com
C:\Users\12345\Desktop\HELP_RESTORE_FILES.bmp
CMD: ipconfig /flushdns
EmptyTemp:
Hosts: