Avast WEBforum
Other => General Topics => Topic started by: REDACTED on August 10, 2015, 08:38:05 PM
-
I downloaded Avast on a comp in hopes to help out with a virus, but it does nothing when clicked on.
This is for a Windows 7
I already tried the repair/reboot method...still nothing. Any advice? I'd really like this to work.
-
If you are already infected it may be blocking Avast from installing properly... What are the symptoms ?
Please download Farbar Recovery Scan Tool (http://www.geekstogo.com/forum/files/file/435-frst-farbars-recovery-scan-tool/) and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please attach both logs generated.
-
Thank you for the quick reply, but how can I post the log here? I'm only allowed 20k characters
-
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft) C:\Program Files (x86)\Personalized Software\Childcare Manager 10\Utilities\CCMLogManagerService\CCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Lethal Tonight\Lethal Tonight.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
() C:\ProgramData\{2899c890-57cb-72e8-2899-9c89057c2241}\FIFA Soccer 64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Shaky Entertainment\Shaky Entertainment.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [MFARestart] => "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6109776 2015-07-23] (AVAST Software)
HKLM-x32\...\RunOnce: [Import FF:0] => "C:\Users\Little Wonders\AppData\Local\browser extensions\Resources\certutil.exe" -A -n "DO_NOT_TRUST_FiddlerRoot" -t "TCu,TCu,TCu" -i "C:\Users\Little Wonders\AppData\Local\browser extensions\Trusted (the data entry has 96 more characters).
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
IFEO\a.exe: [Debugger] svchost.exe
IFEO\aAvgApi.exe: [Debugger] svchost.exe
IFEO\AAWTray.exe: [Debugger] svchost.exe
IFEO\About.exe: [Debugger] svchost.exe
IFEO\ackwin32.exe: [Debugger] svchost.exe
IFEO\Ad-Aware.exe: [Debugger] svchost.exe
IFEO\adaware.exe: [Debugger] svchost.exe
IFEO\advxdwin.exe: [Debugger] svchost.exe
IFEO\AdwarePrj.exe: [Debugger] svchost.exe
IFEO\agent.exe: [Debugger] svchost.exe
IFEO\agentsvr.exe: [Debugger] svchost.exe
IFEO\agentw.exe: [Debugger] svchost.exe
IFEO\alertsvc.exe: [Debugger] svchost.exe
IFEO\alevir.exe: [Debugger] svchost.exe
IFEO\alogserv.exe: [Debugger] svchost.exe
IFEO\AlphaAV: [Debugger] svchost.exe
IFEO\AlphaAV.exe: [Debugger] svchost.exe
IFEO\AluSchedulerSvc.exe: [Debugger] svchost.exe
IFEO\amon9x.exe: [Debugger] svchost.exe
IFEO\anti-trojan.exe: [Debugger] svchost.exe
IFEO\Anti-Virus Professional.exe: [Debugger] svchost.exe
IFEO\AntispywarXP2009.exe: [Debugger] svchost.exe
IFEO\antivirus.exe: [Debugger] svchost.exe
IFEO\AntivirusPlus: [Debugger] svchost.exe
IFEO\AntivirusPlus.exe: [Debugger] svchost.exe
IFEO\AntivirusPro_2010.exe: [Debugger] svchost.exe
IFEO\AntivirusXP: [Debugger] svchost.exe
IFEO\AntivirusXP.exe: [Debugger] svchost.exe
IFEO\antivirusxppro2009.exe: [Debugger] svchost.exe
IFEO\AntiVirus_Pro.exe: [Debugger] svchost.exe
IFEO\ants.exe: [Debugger] svchost.exe
IFEO\apimonitor.exe: [Debugger] svchost.exe
IFEO\aplica32.exe: [Debugger] svchost.exe
IFEO\apvxdwin.exe: [Debugger] svchost.exe
IFEO\arr.exe: [Debugger] svchost.exe
IFEO\ashAvast.exe: [Debugger] svchost.exe
IFEO\ashBug.exe: [Debugger] svchost.exe
IFEO\ashChest.exe: [Debugger] svchost.exe
IFEO\ashCnsnt.exe: [Debugger] svchost.exe
IFEO\ashDisp.exe: [Debugger] svchost.exe
IFEO\ashLogV.exe: [Debugger] svchost.exe
IFEO\ashMaiSv.exe: [Debugger] svchost.exe
IFEO\ashPopWz.exe: [Debugger] svchost.exe
IFEO\ashQuick.exe: [Debugger] svchost.exe
IFEO\ashServ.exe: [Debugger] svchost.exe
IFEO\ashSimp2.exe: [Debugger] svchost.exe
IFEO\ashSimpl.exe: [Debugger] svchost.exe
IFEO\ashSkPcc.exe: [Debugger] svchost.exe
IFEO\ashSkPck.exe: [Debugger] svchost.exe
IFEO\ashUpd.exe: [Debugger] svchost.exe
IFEO\ashWebSv.exe: [Debugger] svchost.exe
IFEO\aswChLic.exe: [Debugger] svchost.exe
IFEO\aswRegSvr.exe: [Debugger] svchost.exe
IFEO\aswRunDll.exe: [Debugger] svchost.exe
IFEO\aswUpdSv.exe: [Debugger] svchost.exe
IFEO\atcon.exe: [Debugger] svchost.exe
IFEO\atguard.exe: [Debugger] svchost.exe
IFEO\atro55en.exe: [Debugger] svchost.exe
IFEO\atupdater.exe: [Debugger] svchost.exe
IFEO\atwatch.exe: [Debugger] svchost.exe
IFEO\au.exe: [Debugger] svchost.exe
IFEO\aupdate.exe: [Debugger] svchost.exe
IFEO\auto-protect.nav80try.exe: [Debugger] svchost.exe
IFEO\autodown.exe: [Debugger] svchost.exe
IFEO\autotrace.exe: [Debugger] svchost.exe
IFEO\autoupdate.exe: [Debugger] svchost.exe
IFEO\av360.exe: [Debugger] svchost.exe
IFEO\avadmin.exe: [Debugger] svchost.exe
IFEO\avastSvc.exe: [Debugger] svchost.exe
IFEO\avastUI.exe: [Debugger] svchost.exe
IFEO\AVCare.exe: [Debugger] svchost.exe
IFEO\avcenter.exe: [Debugger] svchost.exe
IFEO\avciman.exe: [Debugger] svchost.exe
IFEO\avconfig.exe: [Debugger] svchost.exe
IFEO\avconsol.exe: [Debugger] svchost.exe
IFEO\ave32.exe: [Debugger] svchost.exe
IFEO\AVENGINE.EXE: [Debugger] svchost.exe
IFEO\avgcc32.exe: [Debugger] svchost.exe
IFEO\avgchk.exe: [Debugger] svchost.exe
IFEO\avgcmgr.exe: [Debugger] svchost.exe
IFEO\avgcsrvx.exe: [Debugger] svchost.exe
IFEO\avgctrl.exe: [Debugger] svchost.exe
IFEO\avgdumpx.exe: [Debugger] svchost.exe
IFEO\avgemc.exe: [Debugger] svchost.exe
IFEO\avgiproxy.exe: [Debugger] svchost.exe
IFEO\avgnsx.exe: [Debugger] svchost.exe
IFEO\avgnt.exe: [Debugger] svchost.exe
IFEO\avgrsx.exe: [Debugger] svchost.exe
IFEO\avgscanx.exe: [Debugger] svchost.exe
IFEO\avgserv.exe: [Debugger] svchost.exe
IFEO\avgserv9.exe: [Debugger] svchost.exe
IFEO\avgsrmax.exe: [Debugger] svchost.exe
IFEO\avgtray.exe: [Debugger] svchost.exe
IFEO\avguard.exe: [Debugger] svchost.exe
IFEO\avgui.exe: [Debugger] svchost.exe
IFEO\avgupd.exe: [Debugger] svchost.exe
IFEO\avgw.exe: [Debugger] svchost.exe
IFEO\avgwdsvc.exe: [Debugger] svchost.exe
IFEO\avkpop.exe: [Debugger] svchost.exe
IFEO\avkserv.exe: [Debugger] svchost.exe
IFEO\avkservice.exe: [Debugger] svchost.exe
IFEO\avkwctl9.exe: [Debugger] svchost.exe
IFEO\avltmain.exe: [Debugger] svchost.exe
IFEO\avmailc.exe: [Debugger] svchost.exe
IFEO\avmcdlg.exe: [Debugger] svchost.exe
IFEO\avnotify.exe: [Debugger] svchost.exe
IFEO\avnt.exe: [Debugger] svchost.exe
IFEO\avp32.exe: [Debugger] svchost.exe
IFEO\avpcc.exe: [Debugger] svchost.exe
IFEO\avpdos32.exe: [Debugger] svchost.exe
IFEO\avpm.exe: [Debugger] svchost.exe
IFEO\avptc32.exe: [Debugger] svchost.exe
IFEO\avpupd.exe: [Debugger] svchost.exe
IFEO\avsched32.exe: [Debugger] svchost.exe
IFEO\avshadow.exe: [Debugger] svchost.exe
IFEO\avsynmgr.exe: [Debugger] svchost.exe
IFEO\avupgsvc.exe: [Debugger] svchost.exe
IFEO\AVWEBGRD.EXE: [Debugger] svchost.exe
IFEO\avwin.exe: [Debugger] svchost.exe
IFEO\avwin95.exe: [Debugger] svchost.exe
IFEO\avwinnt.exe: [Debugger] svchost.exe
IFEO\avwsc.exe: [Debugger] svchost.exe
IFEO\avwupd.exe: [Debugger] svchost.exe
IFEO\avwupd32.exe: [Debugger] svchost.exe
IFEO\avwupsrv.exe: [Debugger] svchost.exe
IFEO\avxmonitor9x.exe: [Debugger] svchost.exe
IFEO\avxmonitornt.exe: [Debugger] svchost.exe
IFEO\avxquar.exe: [Debugger] svchost.exe
IFEO\b.exe: [Debugger] svchost.exe
IFEO\backweb.exe: [Debugger] svchost.exe
IFEO\bargains.exe: [Debugger] svchost.exe
IFEO\bdfvcl.exe: [Debugger] svchost.exe
IFEO\bdfvwiz.exe: [Debugger] svchost.exe
IFEO\BDInProcPatch.exe: [Debugger] svchost.exe
IFEO\bdmcon.exe: [Debugger] svchost.exe
IFEO\BDMsnScan.exe: [Debugger] svchost.exe
IFEO\BDSurvey.exe: [Debugger] svchost.exe
IFEO\bd_professional.exe: [Debugger] svchost.exe
IFEO\beagle.exe: [Debugger] svchost.exe
IFEO\belt.exe: [Debugger] svchost.exe
IFEO\bidef.exe: [Debugger] svchost.exe
IFEO\bidserver.exe: [Debugger] svchost.exe
IFEO\bipcp.exe: [Debugger] svchost.exe
IFEO\bipcpevalsetup.exe: [Debugger] svchost.exe
IFEO\bisp.exe: [Debugger] svchost.exe
IFEO\blackd.exe: [Debugger] svchost.exe
IFEO\blackice.exe: [Debugger] svchost.exe
IFEO\blink.exe: [Debugger] svchost.exe
IFEO\blss.exe: [Debugger] svchost.exe
IFEO\bootconf.exe: [Debugger] svchost.exe
IFEO\bootwarn.exe: [Debugger] svchost.exe
IFEO\borg2.exe: [Debugger] svchost.exe
IFEO\bpc.exe: [Debugger] svchost.exe
IFEO\brasil.exe: [Debugger] svchost.exe
IFEO\brastk.exe: [Debugger] svchost.exe
IFEO\brw.exe: [Debugger] svchost.exe
IFEO\bs120.exe: [Debugger] svchost.exe
IFEO\bspatch.exe: [Debugger] svchost.exe
IFEO\bundle.exe: [Debugger] svchost.exe
IFEO\bvt.exe: [Debugger] svchost.exe
IFEO\c.exe: [Debugger] svchost.exe
IFEO\cavscan.exe: [Debugger] svchost.exe
IFEO\ccapp.exe: [Debugger] svchost.exe
IFEO\ccevtmgr.exe: [Debugger] svchost.exe
IFEO\ccpxysvc.exe: [Debugger] svchost.exe
IFEO\ccSvcHst.exe: [Debugger] svchost.exe
IFEO\cdp.exe: [Debugger] svchost.exe
IFEO\cfd.exe: [Debugger] svchost.exe
IFEO\cfgwiz.exe: [Debugger] svchost.exe
IFEO\cfiadmin.exe: [Debugger] svchost.exe
IFEO\cfiaudit.exe: [Debugger] svchost.exe
IFEO\cfinet.exe: [Debugger] svchost.exe
IFEO\cfinet32.exe: [Debugger] svchost.exe
IFEO\cfp.exe: [Debugger] svchost.exe
IFEO\cfpconfg.exe: [Debugger] svchost.exe
IFEO\cfplogvw.exe: [Debugger] svchost.exe
IFEO\cfpupdat.exe: [Debugger] svchost.exe
IFEO\claw95.exe: [Debugger] svchost.exe
IFEO\claw95cf.exe: [Debugger] svchost.exe
IFEO\clean.exe: [Debugger] svchost.exe
IFEO\cleaner.exe: [Debugger] svchost.exe
IFEO\cleaner3.exe: [Debugger] svchost.exe
IFEO\cleanIELow.exe: [Debugger] svchost.exe
IFEO\cleanpc.exe: [Debugger] svchost.exe
IFEO\click.exe: [Debugger] svchost.exe
IFEO\cmd32.exe: [Debugger] svchost.exe
IFEO\cmdagent.exe: [Debugger] svchost.exe
IFEO\cmesys.exe: [Debugger] svchost.exe
IFEO\cmgrdian.exe: [Debugger] svchost.exe
IFEO\cmon016.exe: [Debugger] svchost.exe
IFEO\connectionmonitor.exe: [Debugger] svchost.exe
IFEO\control: [Debugger] svchost.exe
IFEO\cpd.exe: [Debugger] svchost.exe
IFEO\cpf9x206.exe: [Debugger] svchost.exe
IFEO\cpfnt206.exe: [Debugger] svchost.exe
IFEO\crashrep.exe: [Debugger] svchost.exe
IFEO\csc.exe: [Debugger] svchost.exe
IFEO\cssconfg.exe: [Debugger] svchost.exe
IFEO\cssupdat.exe: [Debugger] svchost.exe
IFEO\cssurf.exe: [Debugger] svchost.exe
IFEO\ctrl.exe: [Debugger] svchost.exe
IFEO\cv.exe: [Debugger] svchost.exe
IFEO\cwnb181.exe: [Debugger] svchost.exe
IFEO\cwntdwmo.exe: [Debugger] svchost.exe
IFEO\d.exe: [Debugger] svchost.exe
IFEO\datemanager.exe: [Debugger] svchost.exe
IFEO\dcomx.exe: [Debugger] svchost.exe
IFEO\defalert.exe: [Debugger] svchost.exe
IFEO\defscangui.exe: [Debugger] svchost.exe
IFEO\defwatch.exe: [Debugger] svchost.exe
IFEO\deloeminfs.exe: [Debugger] svchost.exe
IFEO\deputy.exe: [Debugger] svchost.exe
IFEO\divx.exe: [Debugger] svchost.exe
IFEO\dllcache.exe: [Debugger] svchost.exe
IFEO\dllreg.exe: [Debugger] svchost.exe
IFEO\doors.exe: [Debugger] svchost.exe
IFEO\dop.exe: [Debugger] svchost.exe
IFEO\dpf.exe: [Debugger] svchost.exe
IFEO\dpfsetup.exe: [Debugger] svchost.exe
IFEO\dpps2.exe: [Debugger] svchost.exe
IFEO\driverctrl.exe: [Debugger] svchost.exe
IFEO\drwatson.exe: [Debugger] svchost.exe
IFEO\drweb32.exe: [Debugger] svchost.exe
IFEO\drwebupw.exe: [Debugger] svchost.exe
IFEO\dssagent.exe: [Debugger] svchost.exe
IFEO\dvp95.exe: [Debugger] svchost.exe
IFEO\dvp95_0.exe: [Debugger] svchost.exe
IFEO\ecengine.exe: [Debugger] svchost.exe
IFEO\efpeadm.exe: [Debugger] svchost.exe
IFEO\emsw.exe: [Debugger] svchost.exe
IFEO\ent.exe: [Debugger] svchost.exe
IFEO\esafe.exe: [Debugger] svchost.exe
IFEO\escanhnt.exe: [Debugger] svchost.exe
IFEO\escanv95.exe: [Debugger] svchost.exe
IFEO\espwatch.exe: [Debugger] svchost.exe
IFEO\ethereal.exe: [Debugger] svchost.exe
IFEO\etrustcipe.exe: [Debugger] svchost.exe
IFEO\evpn.exe: [Debugger] svchost.exe
IFEO\exantivirus-cnet.exe: [Debugger] svchost.exe
IFEO\exe.avxw.exe: [Debugger] svchost.exe
IFEO\expert.exe: [Debugger] svchost.exe
IFEO\explore.exe: [Debugger] svchost.exe
IFEO\f-agnt95.exe: [Debugger] svchost.exe
IFEO\f-prot.exe: [Debugger] svchost.exe
IFEO\f-prot95.exe: [Debugger] svchost.exe
IFEO\f-stopw.exe: [Debugger] svchost.exe
IFEO\fact.exe: [Debugger] svchost.exe
IFEO\fameh32.exe: [Debugger] svchost.exe
IFEO\fast.exe: [Debugger] svchost.exe
IFEO\fch32.exe: [Debugger] svchost.exe
IFEO\fih32.exe: [Debugger] svchost.exe
IFEO\findviru.exe: [Debugger] svchost.exe
IFEO\firewall.exe: [Debugger] svchost.exe
IFEO\fixcfg.exe: [Debugger] svchost.exe
IFEO\fixfp.exe: [Debugger] svchost.exe
IFEO\fnrb32.exe: [Debugger] svchost.exe
IFEO\fp-win.exe: [Debugger] svchost.exe
IFEO\fp-win_trial.exe: [Debugger] svchost.exe
IFEO\fprot.exe: [Debugger] svchost.exe
IFEO\frmwrk32.exe: [Debugger] svchost.exe
IFEO\frw.exe: [Debugger] svchost.exe
IFEO\fsaa.exe: [Debugger] svchost.exe
IFEO\fsav.exe: [Debugger] svchost.exe
IFEO\fsav32.exe: [Debugger] svchost.exe
IFEO\fsav530stbyb.exe: [Debugger] svchost.exe
IFEO\fsav530wtbyb.exe: [Debugger] svchost.exe
IFEO\fsav95.exe: [Debugger] svchost.exe
IFEO\fsgk32.exe: [Debugger] svchost.exe
IFEO\fsm32.exe: [Debugger] svchost.exe
IFEO\fsma32.exe: [Debugger] svchost.exe
IFEO\fsmb32.exe: [Debugger] svchost.exe
IFEO\gator.exe: [Debugger] svchost.exe
IFEO\gav.exe: [Debugger] svchost.exe
IFEO\gbmenu.exe: [Debugger] svchost.exe
IFEO\gbn976rl.exe: [Debugger] svchost.exe
IFEO\gbpoll.exe: [Debugger] svchost.exe
IFEO\generics.exe: [Debugger] svchost.exe
IFEO\gmt.exe: [Debugger] svchost.exe
IFEO\guard.exe: [Debugger] svchost.exe
IFEO\guarddog.exe: [Debugger] svchost.exe
IFEO\guardgui.exe: [Debugger] svchost.exe
IFEO\guardxkickoff.exe: [Debugger] svchost.exe
IFEO\hacktracersetup.exe: [Debugger] svchost.exe
IFEO\hbinst.exe: [Debugger] svchost.exe
IFEO\hbsrv.exe: [Debugger] svchost.exe
IFEO\History.exe: [Debugger] svchost.exe
IFEO\homeav2010.exe: [Debugger] svchost.exe
IFEO\hotactio.exe: [Debugger] svchost.exe
IFEO\hotpatch.exe: [Debugger] svchost.exe
IFEO\htlog.exe: [Debugger] svchost.exe
IFEO\htpatch.exe: [Debugger] svchost.exe
IFEO\hwpe.exe: [Debugger] svchost.exe
IFEO\hxdl.exe: [Debugger] svchost.exe
IFEO\hxiul.exe: [Debugger] svchost.exe
IFEO\iamapp.exe: [Debugger] svchost.exe
IFEO\iamserv.exe: [Debugger] svchost.exe
IFEO\iamstats.exe: [Debugger] svchost.exe
-
IFEO\ibmasn.exe: [Debugger] svchost.exe
IFEO\ibmavsp.exe: [Debugger] svchost.exe
IFEO\icload95.exe: [Debugger] svchost.exe
IFEO\icloadnt.exe: [Debugger] svchost.exe
IFEO\icmon.exe: [Debugger] svchost.exe
IFEO\icsupp95.exe: [Debugger] svchost.exe
IFEO\icsuppnt.exe: [Debugger] svchost.exe
IFEO\Identity.exe: [Debugger] svchost.exe
IFEO\idle.exe: [Debugger] svchost.exe
IFEO\iedll.exe: [Debugger] svchost.exe
IFEO\iedriver.exe: [Debugger] svchost.exe
IFEO\IEShow.exe: [Debugger] svchost.exe
IFEO\iface.exe: [Debugger] svchost.exe
IFEO\ifw2000.exe: [Debugger] svchost.exe
IFEO\inetlnfo.exe: [Debugger] svchost.exe
IFEO\infus.exe: [Debugger] svchost.exe
IFEO\infwin.exe: [Debugger] svchost.exe
IFEO\init.exe: [Debugger] svchost.exe
IFEO\init32.exe : [Debugger] svchost.exe
IFEO\install[1].exe: [Debugger] svchost.exe
IFEO\install[2].exe: [Debugger] svchost.exe
IFEO\install[3].exe: [Debugger] svchost.exe
IFEO\install[4].exe: [Debugger] svchost.exe
IFEO\install[5].exe: [Debugger] svchost.exe
IFEO\intdel.exe: [Debugger] svchost.exe
IFEO\intren.exe: [Debugger] svchost.exe
IFEO\iomon98.exe: [Debugger] svchost.exe
IFEO\istsvc.exe: [Debugger] svchost.exe
IFEO\jammer.exe: [Debugger] svchost.exe
IFEO\jdbgmrg.exe: [Debugger] svchost.exe
IFEO\jedi.exe: [Debugger] svchost.exe
IFEO\JsRcGen.exe: [Debugger] svchost.exe
IFEO\kavlite40eng.exe: [Debugger] svchost.exe
IFEO\kavpers40eng.exe: [Debugger] svchost.exe
IFEO\kavpf.exe: [Debugger] svchost.exe
IFEO\kazza.exe: [Debugger] svchost.exe
IFEO\keenvalue.exe: [Debugger] svchost.exe
IFEO\kerio-pf-213-en-win.exe: [Debugger] svchost.exe
IFEO\kerio-wrl-421-en-win.exe: [Debugger] svchost.exe
IFEO\kerio-wrp-421-en-win.exe: [Debugger] svchost.exe
IFEO\killprocesssetup161.exe: [Debugger] svchost.exe
IFEO\ldnetmon.exe: [Debugger] svchost.exe
IFEO\ldpro.exe: [Debugger] svchost.exe
IFEO\ldpromenu.exe: [Debugger] svchost.exe
IFEO\ldscan.exe: [Debugger] svchost.exe
IFEO\licmgr.exe: [Debugger] svchost.exe
IFEO\lnetinfo.exe: [Debugger] svchost.exe
IFEO\loader.exe: [Debugger] svchost.exe
IFEO\localnet.exe: [Debugger] svchost.exe
IFEO\lockdown.exe: [Debugger] svchost.exe
IFEO\lockdown2000.exe: [Debugger] svchost.exe
IFEO\lookout.exe: [Debugger] svchost.exe
IFEO\lordpe.exe: [Debugger] svchost.exe
IFEO\lsetup.exe: [Debugger] svchost.exe
IFEO\luall.exe: [Debugger] svchost.exe
IFEO\luau.exe: [Debugger] svchost.exe
IFEO\lucomserver.exe: [Debugger] svchost.exe
IFEO\luinit.exe: [Debugger] svchost.exe
IFEO\luspt.exe: [Debugger] svchost.exe
IFEO\MalwareRemoval.exe: [Debugger] svchost.exe
IFEO\mapisvc32.exe: [Debugger] svchost.exe
IFEO\mbam.exe: [Debugger] svchost.exe
IFEO\mbamgui.exe: [Debugger] svchost.exe
IFEO\mbamservice.exe: [Debugger] svchost.exe
IFEO\mcagent.exe: [Debugger] svchost.exe
IFEO\mcmnhdlr.exe: [Debugger] svchost.exe
IFEO\mcmpeng.exe: [Debugger] svchost.exe
IFEO\mcmscsvc.exe: [Debugger] svchost.exe
IFEO\mcnasvc.exe: [Debugger] svchost.exe
IFEO\mcproxy.exe: [Debugger] svchost.exe
IFEO\McSACore.exe: [Debugger] svchost.exe
IFEO\mcshell.exe: [Debugger] svchost.exe
IFEO\mcshield.exe: [Debugger] svchost.exe
IFEO\mcsysmon.exe: [Debugger] svchost.exe
IFEO\mctool.exe: [Debugger] svchost.exe
IFEO\mcupdate.exe: [Debugger] svchost.exe
IFEO\mcvsrte.exe: [Debugger] svchost.exe
IFEO\mcvsshld.exe: [Debugger] svchost.exe
IFEO\md.exe: [Debugger] svchost.exe
IFEO\mfin32.exe: [Debugger] svchost.exe
IFEO\mfw2en.exe: [Debugger] svchost.exe
IFEO\mfweng3.02d30.exe: [Debugger] svchost.exe
IFEO\mgavrtcl.exe: [Debugger] svchost.exe
IFEO\mgavrte.exe: [Debugger] svchost.exe
IFEO\mghtml.exe: [Debugger] svchost.exe
IFEO\mgui.exe: [Debugger] svchost.exe
IFEO\minilog.exe: [Debugger] svchost.exe
IFEO\mmod.exe: [Debugger] svchost.exe
IFEO\monitor.exe: [Debugger] svchost.exe
IFEO\moolive.exe: [Debugger] svchost.exe
IFEO\mostat.exe: [Debugger] svchost.exe
IFEO\mpfagent.exe: [Debugger] svchost.exe
IFEO\mpfservice.exe: [Debugger] svchost.exe
IFEO\MPFSrv.exe: [Debugger] svchost.exe
IFEO\mpftray.exe: [Debugger] svchost.exe
IFEO\mrflux.exe: [Debugger] svchost.exe
IFEO\mrt.exe: [Debugger] svchost.exe
IFEO\msa.exe: [Debugger] svchost.exe
IFEO\msapp.exe: [Debugger] svchost.exe
IFEO\MSASCui.exe: [Debugger] svchost.exe
IFEO\msbb.exe: [Debugger] svchost.exe
IFEO\msblast.exe: [Debugger] svchost.exe
IFEO\mscache.exe: [Debugger] svchost.exe
IFEO\msccn32.exe: [Debugger] svchost.exe
IFEO\mscman.exe: [Debugger] svchost.exe
IFEO\msconfig: [Debugger] svchost.exe
IFEO\msdm.exe: [Debugger] svchost.exe
IFEO\msdos.exe: [Debugger] svchost.exe
IFEO\msiexec16.exe: [Debugger] svchost.exe
IFEO\mslaugh.exe: [Debugger] svchost.exe
IFEO\msmgt.exe: [Debugger] svchost.exe
IFEO\msmsgri32.exe: [Debugger] svchost.exe
IFEO\msseces.exe: [Debugger] svchost.exe
IFEO\mssmmc32.exe: [Debugger] svchost.exe
IFEO\mssys.exe: [Debugger] svchost.exe
IFEO\msvxd.exe: [Debugger] svchost.exe
IFEO\mu0311ad.exe: [Debugger] svchost.exe
IFEO\mwatch.exe: [Debugger] svchost.exe
IFEO\n32scanw.exe: [Debugger] svchost.exe
IFEO\nav.exe: [Debugger] svchost.exe
IFEO\navap.navapsvc.exe: [Debugger] svchost.exe
IFEO\navapsvc.exe: [Debugger] svchost.exe
IFEO\navapw32.exe: [Debugger] svchost.exe
IFEO\navdx.exe: [Debugger] svchost.exe
IFEO\navlu32.exe: [Debugger] svchost.exe
IFEO\navnt.exe: [Debugger] svchost.exe
IFEO\navstub.exe: [Debugger] svchost.exe
IFEO\nc2000.exe: [Debugger] svchost.exe
IFEO\ncinst4.exe: [Debugger] svchost.exe
IFEO\ndd32.exe: [Debugger] svchost.exe
IFEO\neomonitor.exe: [Debugger] svchost.exe
IFEO\neowatchlog.exe: [Debugger] svchost.exe
IFEO\netarmor.exe: [Debugger] svchost.exe
IFEO\netd32.exe: [Debugger] svchost.exe
IFEO\netinfo.exe: [Debugger] svchost.exe
IFEO\netmon.exe: [Debugger] svchost.exe
IFEO\netscanpro.exe: [Debugger] svchost.exe
IFEO\netspyhunter-1.2.exe: [Debugger] svchost.exe
IFEO\netutils.exe: [Debugger] svchost.exe
IFEO\nisserv.exe: [Debugger] svchost.exe
IFEO\nisum.exe: [Debugger] svchost.exe
IFEO\nmain.exe: [Debugger] svchost.exe
IFEO\nod32.exe: [Debugger] svchost.exe
IFEO\normist.exe: [Debugger] svchost.exe
IFEO\norton_internet_secu_3.0_407.exe: [Debugger] svchost.exe
IFEO\notstart.exe: [Debugger] svchost.exe
IFEO\npf40_tw_98_nt_me_2k.exe: [Debugger] svchost.exe
IFEO\npfmessenger.exe: [Debugger] svchost.exe
IFEO\nprotect.exe: [Debugger] svchost.exe
IFEO\npscheck.exe: [Debugger] svchost.exe
IFEO\npssvc.exe: [Debugger] svchost.exe
IFEO\nsched32.exe: [Debugger] svchost.exe
IFEO\nssys32.exe: [Debugger] svchost.exe
IFEO\nstask32.exe: [Debugger] svchost.exe
IFEO\nsupdate.exe: [Debugger] svchost.exe
IFEO\nt.exe: [Debugger] svchost.exe
IFEO\ntrtscan.exe: [Debugger] svchost.exe
IFEO\ntvdm.exe: [Debugger] svchost.exe
IFEO\ntxconfig.exe: [Debugger] svchost.exe
IFEO\nui.exe: [Debugger] svchost.exe
IFEO\nupgrade.exe: [Debugger] svchost.exe
IFEO\nvarch16.exe: [Debugger] svchost.exe
IFEO\nvc95.exe: [Debugger] svchost.exe
IFEO\nvsvc32.exe: [Debugger] svchost.exe
IFEO\nwinst4.exe: [Debugger] svchost.exe
IFEO\nwservice.exe: [Debugger] svchost.exe
IFEO\nwtool16.exe: [Debugger] svchost.exe
IFEO\OAcat.exe: [Debugger] svchost.exe
IFEO\OAhlp.exe: [Debugger] svchost.exe
IFEO\OAReg.exe: [Debugger] svchost.exe
IFEO\oasrv.exe: [Debugger] svchost.exe
IFEO\oaui.exe: [Debugger] svchost.exe
IFEO\oaview.exe: [Debugger] svchost.exe
IFEO\ODSW.exe: [Debugger] svchost.exe
IFEO\ollydbg.exe: [Debugger] svchost.exe
IFEO\onsrvr.exe: [Debugger] svchost.exe
IFEO\optimize.exe: [Debugger] svchost.exe
IFEO\ostronet.exe: [Debugger] svchost.exe
IFEO\otfix.exe: [Debugger] svchost.exe
IFEO\outpost.exe: [Debugger] svchost.exe
IFEO\outpostinstall.exe: [Debugger] svchost.exe
IFEO\outpostproinstall.exe: [Debugger] svchost.exe
IFEO\ozn695m5.exe: [Debugger] svchost.exe
IFEO\padmin.exe: [Debugger] svchost.exe
IFEO\panixk.exe: [Debugger] svchost.exe
IFEO\patch.exe: [Debugger] svchost.exe
IFEO\pav.exe: [Debugger] svchost.exe
IFEO\pavcl.exe: [Debugger] svchost.exe
IFEO\PavFnSvr.exe: [Debugger] svchost.exe
IFEO\pavproxy.exe: [Debugger] svchost.exe
IFEO\pavprsrv.exe: [Debugger] svchost.exe
IFEO\pavsched.exe: [Debugger] svchost.exe
IFEO\pavsrv51.exe: [Debugger] svchost.exe
IFEO\pavw.exe: [Debugger] svchost.exe
IFEO\pc.exe: [Debugger] svchost.exe
IFEO\pccwin98.exe: [Debugger] svchost.exe
IFEO\pcfwallicon.exe: [Debugger] svchost.exe
IFEO\pcip10117_0.exe: [Debugger] svchost.exe
IFEO\pcscan.exe: [Debugger] svchost.exe
IFEO\pctsAuxs.exe: [Debugger] svchost.exe
IFEO\pctsGui.exe: [Debugger] svchost.exe
IFEO\pctsSvc.exe: [Debugger] svchost.exe
IFEO\pctsTray.exe: [Debugger] svchost.exe
IFEO\PC_Antispyware2010.exe: [Debugger] svchost.exe
IFEO\pdfndr.exe: [Debugger] svchost.exe
IFEO\pdsetup.exe: [Debugger] svchost.exe
IFEO\PerAvir.exe: [Debugger] svchost.exe
IFEO\periscope.exe: [Debugger] svchost.exe
IFEO\persfw.exe: [Debugger] svchost.exe
IFEO\personalguard: [Debugger] svchost.exe
IFEO\personalguard.exe: [Debugger] svchost.exe
IFEO\perswf.exe: [Debugger] svchost.exe
IFEO\pf2.exe: [Debugger] svchost.exe
IFEO\pfwadmin.exe: [Debugger] svchost.exe
IFEO\pgmonitr.exe: [Debugger] svchost.exe
IFEO\pingscan.exe: [Debugger] svchost.exe
IFEO\platin.exe: [Debugger] svchost.exe
IFEO\pop3trap.exe: [Debugger] svchost.exe
IFEO\poproxy.exe: [Debugger] svchost.exe
IFEO\popscan.exe: [Debugger] svchost.exe
IFEO\portdetective.exe: [Debugger] svchost.exe
IFEO\portmonitor.exe: [Debugger] svchost.exe
IFEO\powerscan.exe: [Debugger] svchost.exe
IFEO\ppinupdt.exe: [Debugger] svchost.exe
IFEO\pptbc.exe: [Debugger] svchost.exe
IFEO\ppvstop.exe: [Debugger] svchost.exe
IFEO\prizesurfer.exe: [Debugger] svchost.exe
IFEO\prmt.exe: [Debugger] svchost.exe
IFEO\prmvr.exe: [Debugger] svchost.exe
IFEO\procdump.exe: [Debugger] svchost.exe
IFEO\processmonitor.exe: [Debugger] svchost.exe
IFEO\procexplorerv1.0.exe: [Debugger] svchost.exe
IFEO\programauditor.exe: [Debugger] svchost.exe
IFEO\proport.exe: [Debugger] svchost.exe
IFEO\protector.exe: [Debugger] svchost.exe
IFEO\protectx.exe: [Debugger] svchost.exe
IFEO\PSANCU.exe: [Debugger] svchost.exe
IFEO\PSANHost.exe: [Debugger] svchost.exe
IFEO\PSANToManager.exe: [Debugger] svchost.exe
IFEO\PsCtrls.exe: [Debugger] svchost.exe
IFEO\PsImSvc.exe: [Debugger] svchost.exe
IFEO\PskSvc.exe: [Debugger] svchost.exe
IFEO\pspf.exe: [Debugger] svchost.exe
IFEO\PSUNMain.exe: [Debugger] svchost.exe
IFEO\purge.exe: [Debugger] svchost.exe
IFEO\qconsole.exe: [Debugger] svchost.exe
IFEO\qh.exe: [Debugger] svchost.exe
IFEO\qserver.exe: [Debugger] svchost.exe
IFEO\Quick Heal.exe: [Debugger] svchost.exe
IFEO\QuickHealCleaner.exe: [Debugger] svchost.exe
IFEO\rapapp.exe: [Debugger] svchost.exe
IFEO\rav7.exe: [Debugger] svchost.exe
IFEO\rav7win.exe: [Debugger] svchost.exe
IFEO\rav8win32eng.exe: [Debugger] svchost.exe
IFEO\ray.exe: [Debugger] svchost.exe
IFEO\rb32.exe: [Debugger] svchost.exe
IFEO\rcsync.exe: [Debugger] svchost.exe
IFEO\realmon.exe: [Debugger] svchost.exe
IFEO\reged.exe: [Debugger] svchost.exe
IFEO\regedt32.exe: [Debugger] svchost.exe
IFEO\rescue.exe: [Debugger] svchost.exe
IFEO\rescue32.exe: [Debugger] svchost.exe
IFEO\rrguard.exe: [Debugger] svchost.exe
IFEO\rscdwld.exe: [Debugger] svchost.exe
IFEO\rshell.exe: [Debugger] svchost.exe
IFEO\rtvscan.exe: [Debugger] svchost.exe
IFEO\rtvscn95.exe: [Debugger] svchost.exe
IFEO\rulaunch.exe: [Debugger] svchost.exe
IFEO\rwg: [Debugger] svchost.exe
IFEO\rwg.exe: [Debugger] svchost.exe
IFEO\SafetyKeeper.exe: [Debugger] svchost.exe
IFEO\safeweb.exe: [Debugger] svchost.exe
IFEO\sahagent.exe: [Debugger] svchost.exe
IFEO\Save.exe: [Debugger] svchost.exe
IFEO\SaveArmor.exe: [Debugger] svchost.exe
IFEO\SaveDefense.exe: [Debugger] svchost.exe
IFEO\SaveKeep.exe: [Debugger] svchost.exe
IFEO\savenow.exe: [Debugger] svchost.exe
IFEO\sbserv.exe: [Debugger] svchost.exe
IFEO\sc.exe: [Debugger] svchost.exe
IFEO\scam32.exe: [Debugger] svchost.exe
IFEO\scan32.exe: [Debugger] svchost.exe
IFEO\scan95.exe: [Debugger] svchost.exe
IFEO\scanpm.exe: [Debugger] svchost.exe
IFEO\scrscan.exe: [Debugger] svchost.exe
IFEO\Secure Veteran.exe: [Debugger] svchost.exe
IFEO\secureveteran.exe: [Debugger] svchost.exe
IFEO\Security Center.exe: [Debugger] svchost.exe
IFEO\SecurityFighter.exe: [Debugger] svchost.exe
IFEO\securitysoldier.exe: [Debugger] svchost.exe
IFEO\serv95.exe: [Debugger] svchost.exe
IFEO\setloadorder.exe: [Debugger] svchost.exe
IFEO\setupvameeval.exe: [Debugger] svchost.exe
IFEO\setup_flowprotector_us.exe: [Debugger] svchost.exe
IFEO\sgssfw32.exe: [Debugger] svchost.exe
-
IFEO\sh.exe: [Debugger] svchost.exe
IFEO\shellspyinstall.exe: [Debugger] svchost.exe
IFEO\shield.exe: [Debugger] svchost.exe
IFEO\shn.exe: [Debugger] svchost.exe
IFEO\showbehind.exe: [Debugger] svchost.exe
IFEO\signcheck.exe: [Debugger] svchost.exe
IFEO\smart.exe: [Debugger] svchost.exe
IFEO\smartprotector.exe: [Debugger] svchost.exe
IFEO\smc.exe: [Debugger] svchost.exe
IFEO\smrtdefp.exe: [Debugger] svchost.exe
IFEO\sms.exe: [Debugger] svchost.exe
IFEO\smss32.exe: [Debugger] svchost.exe
IFEO\snetcfg.exe: [Debugger] svchost.exe
IFEO\soap.exe: [Debugger] svchost.exe
IFEO\sofi.exe: [Debugger] svchost.exe
IFEO\SoftSafeness.exe: [Debugger] svchost.exe
IFEO\sperm.exe: [Debugger] svchost.exe
IFEO\spf.exe: [Debugger] svchost.exe
IFEO\sphinx.exe: [Debugger] svchost.exe
IFEO\spoler.exe: [Debugger] svchost.exe
IFEO\spoolcv.exe: [Debugger] svchost.exe
IFEO\spoolsv32.exe: [Debugger] svchost.exe
IFEO\spywarexpguard.exe: [Debugger] svchost.exe
IFEO\spyxx.exe: [Debugger] svchost.exe
IFEO\srexe.exe: [Debugger] svchost.exe
IFEO\srng.exe: [Debugger] svchost.exe
IFEO\ss3edit.exe: [Debugger] svchost.exe
IFEO\ssgrate.exe: [Debugger] svchost.exe
IFEO\ssg_4104.exe: [Debugger] svchost.exe
IFEO\st2.exe: [Debugger] svchost.exe
IFEO\start.exe: [Debugger] svchost.exe
IFEO\stcloader.exe: [Debugger] svchost.exe
IFEO\supftrl.exe: [Debugger] svchost.exe
IFEO\support.exe: [Debugger] svchost.exe
IFEO\supporter5.exe: [Debugger] svchost.exe
IFEO\svc.exe: [Debugger] svchost.exe
IFEO\svchostc.exe: [Debugger] svchost.exe
IFEO\svchosts.exe: [Debugger] svchost.exe
IFEO\svshost.exe: [Debugger] svchost.exe
IFEO\sweep95.exe: [Debugger] svchost.exe
IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: [Debugger] svchost.exe
IFEO\symlcsvc.exe: [Debugger] svchost.exe
IFEO\symproxysvc.exe: [Debugger] svchost.exe
IFEO\symtray.exe: [Debugger] svchost.exe
IFEO\system.exe: [Debugger] svchost.exe
IFEO\system32.exe: [Debugger] svchost.exe
IFEO\sysupd.exe: [Debugger] svchost.exe
IFEO\tapinstall.exe: [Debugger] svchost.exe
IFEO\taumon.exe: [Debugger] svchost.exe
IFEO\tbscan.exe: [Debugger] svchost.exe
IFEO\tc.exe: [Debugger] svchost.exe
IFEO\tca.exe: [Debugger] svchost.exe
IFEO\tcm.exe: [Debugger] svchost.exe
IFEO\tds-3.exe: [Debugger] svchost.exe
IFEO\tds2-98.exe: [Debugger] svchost.exe
IFEO\tds2-nt.exe: [Debugger] svchost.exe
IFEO\teekids.exe: [Debugger] svchost.exe
IFEO\tfak.exe: [Debugger] svchost.exe
IFEO\tfak5.exe: [Debugger] svchost.exe
IFEO\tgbob.exe: [Debugger] svchost.exe
IFEO\titanin.exe: [Debugger] svchost.exe
IFEO\titaninxp.exe: [Debugger] svchost.exe
IFEO\TPSrv.exe: [Debugger] svchost.exe
IFEO\trickler.exe: [Debugger] svchost.exe
IFEO\trjscan.exe: [Debugger] svchost.exe
IFEO\trjsetup.exe: [Debugger] svchost.exe
IFEO\trojantrap3.exe: [Debugger] svchost.exe
IFEO\TrustWarrior.exe: [Debugger] svchost.exe
IFEO\tsadbot.exe: [Debugger] svchost.exe
IFEO\tsc.exe: [Debugger] svchost.exe
IFEO\tvmd.exe: [Debugger] svchost.exe
IFEO\tvtmd.exe: [Debugger] svchost.exe
IFEO\undoboot.exe: [Debugger] svchost.exe
IFEO\updat.exe: [Debugger] svchost.exe
IFEO\upgrad.exe: [Debugger] svchost.exe
IFEO\utpost.exe: [Debugger] svchost.exe
IFEO\vbcmserv.exe: [Debugger] svchost.exe
IFEO\vbcons.exe: [Debugger] svchost.exe
IFEO\vbust.exe: [Debugger] svchost.exe
IFEO\vbwin9x.exe: [Debugger] svchost.exe
IFEO\vbwinntw.exe: [Debugger] svchost.exe
IFEO\vcsetup.exe: [Debugger] svchost.exe
IFEO\vet32.exe: [Debugger] svchost.exe
IFEO\vet95.exe: [Debugger] svchost.exe
IFEO\vettray.exe: [Debugger] svchost.exe
IFEO\vfsetup.exe: [Debugger] svchost.exe
IFEO\vir-help.exe: [Debugger] svchost.exe
IFEO\virusmdpersonalfirewall.exe: [Debugger] svchost.exe
IFEO\virusutilities.exe: [Debugger] svchost.exe
IFEO\VisthAux.exe: [Debugger] svchost.exe
IFEO\VisthLic.exe: [Debugger] svchost.exe
IFEO\VisthUpd.exe: [Debugger] svchost.exe
IFEO\vnlan300.exe: [Debugger] svchost.exe
-
IFEO\vnpc3000.exe: [Debugger] svchost.exe
IFEO\vpc32.exe: [Debugger] svchost.exe
IFEO\vpc42.exe: [Debugger] svchost.exe
IFEO\vpfw30s.exe: [Debugger] svchost.exe
IFEO\vptray.exe: [Debugger] svchost.exe
IFEO\vscan40.exe: [Debugger] svchost.exe
IFEO\vscenu6.02d30.exe: [Debugger] svchost.exe
IFEO\vsched.exe: [Debugger] svchost.exe
IFEO\vsecomr.exe: [Debugger] svchost.exe
IFEO\vshwin32.exe: [Debugger] svchost.exe
IFEO\vsisetup.exe: [Debugger] svchost.exe
IFEO\vsmain.exe: [Debugger] svchost.exe
IFEO\vsmon.exe: [Debugger] svchost.exe
IFEO\vsstat.exe: [Debugger] svchost.exe
IFEO\vswin9xe.exe: [Debugger] svchost.exe
IFEO\vswinntse.exe: [Debugger] svchost.exe
IFEO\vswinperse.exe: [Debugger] svchost.exe
IFEO\w32dsm89.exe: [Debugger] svchost.exe
IFEO\W3asbas.exe: [Debugger] svchost.exe
IFEO\w9x.exe: [Debugger] svchost.exe
IFEO\watchdog.exe: [Debugger] svchost.exe
IFEO\webdav.exe: [Debugger] svchost.exe
IFEO\WebProxy.exe: [Debugger] svchost.exe
IFEO\webscanx.exe: [Debugger] svchost.exe
IFEO\webtrap.exe: [Debugger] svchost.exe
IFEO\wfindv32.exe: [Debugger] svchost.exe
IFEO\whoswatchingme.exe: [Debugger] svchost.exe
IFEO\wimmun32.exe: [Debugger] svchost.exe
IFEO\win-bugsfix.exe: [Debugger] svchost.exe
IFEO\win32.exe: [Debugger] svchost.exe
IFEO\win32us.exe: [Debugger] svchost.exe
IFEO\winactive.exe: [Debugger] svchost.exe
IFEO\winav.exe: [Debugger] svchost.exe
IFEO\windll32.exe: [Debugger] svchost.exe
IFEO\window.exe: [Debugger] svchost.exe
IFEO\windows Police Pro.exe: [Debugger] svchost.exe
IFEO\windows.exe: [Debugger] svchost.exe
IFEO\wininetd.exe: [Debugger] svchost.exe
IFEO\wininitx.exe: [Debugger] svchost.exe
IFEO\winlogin.exe: [Debugger] svchost.exe
IFEO\winmain.exe: [Debugger] svchost.exe
IFEO\winppr32.exe: [Debugger] svchost.exe
IFEO\winrecon.exe: [Debugger] svchost.exe
IFEO\winservn.exe: [Debugger] svchost.exe
IFEO\winssk32.exe: [Debugger] svchost.exe
IFEO\winstart.exe: [Debugger] svchost.exe
IFEO\winstart001.exe: [Debugger] svchost.exe
IFEO\wintsk32.exe: [Debugger] svchost.exe
IFEO\winupdate.exe: [Debugger] svchost.exe
IFEO\wkufind.exe: [Debugger] svchost.exe
IFEO\wnad.exe: [Debugger] svchost.exe
IFEO\wnt.exe: [Debugger] svchost.exe
IFEO\wradmin.exe: [Debugger] svchost.exe
IFEO\wrctrl.exe: [Debugger] svchost.exe
IFEO\wsbgate.exe: [Debugger] svchost.exe
IFEO\wscfxas.exe: [Debugger] svchost.exe
IFEO\wscfxav.exe: [Debugger] svchost.exe
IFEO\wscfxfw.exe: [Debugger] svchost.exe
IFEO\wsctool.exe: [Debugger] svchost.exe
IFEO\wupdater.exe: [Debugger] svchost.exe
IFEO\wupdt.exe: [Debugger] svchost.exe
IFEO\wyvernworksfirewall.exe: [Debugger] svchost.exe
IFEO\xpdeluxe.exe: [Debugger] svchost.exe
IFEO\xpf202en.exe: [Debugger] svchost.exe
IFEO\xp_antispyware.exe: [Debugger] svchost.exe
IFEO\zapro.exe: [Debugger] svchost.exe
IFEO\zapsetup3001.exe: [Debugger] svchost.exe
IFEO\zatutor.exe: [Debugger] svchost.exe
IFEO\zonalm2601.exe: [Debugger] svchost.exe
IFEO\zonealarm.exe: [Debugger] svchost.exe
IFEO\_avp32.exe: [Debugger] svchost.exe
IFEO\_avpcc.exe: [Debugger] svchost.exe
IFEO\_avpm.exe: [Debugger] svchost.exe
IFEO\~1.exe: [Debugger] svchost.exe
IFEO\~2.exe: [Debugger] svchost.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-01-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Little Wonders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA Soccer 64.lnk [2015-03-13]
ShortcutTarget: FIFA Soccer 64.lnk -> C:\ProgramData\{2899c890-57cb-72e8-2899-9c89057c2241}\FIFA Soccer 64.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-07-23] (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-443951736-1583617210-2315430799-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.cnn.com/
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www2.delta-search.com/?babsrc=HP_ss&mntrId=88B8E0CB4E30AE28&affID=119351&tsp=5010
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {6F6D87DE-DD42-479E-BD07-A61B01025604} URL = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {338A6B13-A8A3-4AF0-906C-1CC9EDEC0832} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM -> {6F6D87DE-DD42-479E-BD07-A61B01025604} URL = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {338A6B13-A8A3-4AF0-906C-1CC9EDEC0832} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKLM-x32 -> {6F6D87DE-DD42-479E-BD07-A61B01025604} URL = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=88B8E0CB4E30AE28&affID=119351&tsp=5010
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> {338A6B13-A8A3-4AF0-906C-1CC9EDEC0832} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscqd
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> {63140ECF-C629-BE59-8F0E-90B4FF340C03} URL = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20110907&iesrc={referrer:source}
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> {6F6D87DE-DD42-479E-BD07-A61B01025604} URL = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> {ABD93EAF-D775-BC54-E63B-2804F22FD156} URL = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20140228&user_guid=4B1D612982D341B2ABB13D76A10EF756&machine_id=7a27995b166c8b20db199f9d9cd3c534&browser=ie&os=win&os_version=6.1-x64-SP1
SearchScopes: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-07-23] (AVAST Software)
BHO: MinimuumPrice -> {AC747515-F000-40F9-9CD9-9F0FBCC80464} -> C:\Program Files (x86)\MinimuumPrice\AqHg2CNGpDYc9p.x64.dll [2015-08-04] ()
BHO: AAllDeaalAApp -> {F8862CE0-DB5C-4627-8136-3CDB9C2B6ED8} -> C:\Program Files (x86)\AAllDeaalAApp\W2xYSTAMAjXwlS.x64.dll [2015-08-03] ()
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-23] (AVAST Software)
BHO-x32: MinimuumPrice -> {AC747515-F000-40F9-9CD9-9F0FBCC80464} -> C:\Program Files (x86)\MinimuumPrice\AqHg2CNGpDYc9p.dll [2015-08-04] ()
BHO-x32: AAllDeaalAApp -> {F8862CE0-DB5C-4627-8136-3CDB9C2B6ED8} -> C:\Program Files (x86)\AAllDeaalAApp\W2xYSTAMAjXwlS.dll [2015-08-03] ()
Toolbar: HKU\S-1-5-21-443951736-1583617210-2315430799-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35A80055-AF4B-4050-A202-E01638B934EF}: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default
FF Homepage: hxxp://homepage.aol.com/?mtmhp=txtlnkusaolp00000800
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-12-27] (DivX, LLC)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2010-11-10] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-07-06] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2008-07-17] (Unity Technologies ApS)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-03-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-443951736-1583617210-2315430799-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Little Wonders\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-05-01] (Citrix Online)
FF user.js: detected! => C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default\user.js [2014-03-22]
FF SearchPlugin: C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default\searchplugins\startnow.xml [2014-02-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-30]
FF HKLM-x32\...\Firefox\Extensions: [gethighlightly@gethighlightly.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\gethighlightly@gethighlightly.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-07-23]
FF HKU\S-1-5-21-443951736-1583617210-2315430799-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: No Name - C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default\extensions\_qvxbkbnnuzqukzjj_i@frnhpojlbr_in.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
Chrome:
=======
CHR Profile: C:\Users\Little Wonders\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Little Wonders\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-08-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Little Wonders\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Little Wonders\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-23]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 8338240e; c:\Program Files (x86)\PragmaEdit\PragmaEdit.dll [1776640 2015-06-16] () [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-23] (AVAST Software)
R2 CCMService; C:\Program Files (x86)\Personalized Software\Childcare Manager 10\Utilities\CCMLogManagerService\CCMService.exe [12288 2010-06-03] (Microsoft) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2753720 2015-07-01] (Microsoft Corporation)
R2 ec9c17f1; c:\Program Files (x86)\SoftwarePlus\SoftwarePlus.dll [1771520 2015-07-05] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 Lethal Tonight; C:\Program Files (x86)\Lethal Tonight\Lethal Tonight.exe [8016461 2015-07-10] () [File not signed] <==== ATTENTION
R2 MSSQL$CCMSERVER; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Shaky Entertainment; C:\Program Files (x86)\Shaky Entertainment\Shaky Entertainment.exe [8016385 2015-07-22] () [File not signed] <==== ATTENTION
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [X]
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-07-23] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-07-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-07-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-07-23] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048856 2015-07-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-07-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150160 2015-07-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-07-23] (AVAST Software)
R1 wStLib64; C:\Windows\System32\drivers\wStLib64.sys [61128 2014-03-18] (StdLib)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV64.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-10 14:58 - 2015-08-10 14:59 - 00053107 _____ C:\Users\Little Wonders\Desktop\FRST.txt
2015-08-10 14:58 - 2015-08-10 14:59 - 00000000 ____D C:\FRST
2015-08-10 14:58 - 2015-08-10 14:58 - 02171392 _____ (Farbar) C:\Users\Little Wonders\Desktop\FRST64.exe
-
2015-08-10 14:23 - 2015-08-10 14:23 - 00003288 ____N C:\bootsqm.dat
2015-08-10 14:11 - 2015-07-23 11:27 - 00378880 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-10 14:05 - 2015-08-10 14:05 - 00000024 _____ C:\Users\Little Wonders\AppData\Roaming\appdataFr25.bin
2015-08-05 09:33 - 2015-08-10 13:21 - 00000370 _____ C:\Windows\Tasks\FontElite.job
2015-08-05 09:33 - 2015-08-05 09:33 - 00003300 _____ C:\Windows\System32\Tasks\FontElite
2015-08-05 09:33 - 2015-08-05 09:33 - 00000000 ____D C:\ProgramData\{3fac1441-b731-99d6-3fac-c1441b735106}
2015-08-04 14:36 - 2015-08-04 14:37 - 00000000 ____D C:\Program Files (x86)\MinimuumPrice
2015-08-04 14:36 - 2015-08-04 14:36 - 00000000 ____D C:\ProgramData\ikjdlleeejckkdkkapkcphmplhmpnfcc
2015-08-04 09:33 - 2015-08-10 13:21 - 00000372 _____ C:\Windows\Tasks\DreamDecode.job
2015-08-04 09:33 - 2015-08-04 09:33 - 00003302 _____ C:\Windows\System32\Tasks\DreamDecode
2015-08-04 09:33 - 2015-08-04 09:33 - 00000000 ____D C:\ProgramData\{09efe88c-330f-6cfa-09ef-fe88c330a230}
2015-08-04 09:23 - 2015-06-26 11:05 - 00012063 _____ C:\Users\Little Wonders\Documents\Brave Knights Sept 15.xlsx
2015-08-04 09:20 - 2015-06-18 11:08 - 00011894 _____ C:\Users\Little Wonders\Documents\Magical Wizards Sept 15.xlsx
2015-08-04 09:16 - 2015-06-18 11:02 - 00011900 _____ C:\Users\Little Wonders\Documents\Playful Elves Sept 15.xlsx
2015-08-03 09:33 - 2015-08-03 09:33 - 00000000 ____D C:\Program Files (x86)\Talk and Comment for
2015-08-03 09:31 - 2015-08-03 09:31 - 00000000 ____D C:\Program Files (x86)\AAllDeaalAApp
2015-07-28 17:30 - 2015-07-25 14:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 17:30 - 2015-07-25 14:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 17:30 - 2015-07-25 14:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 17:30 - 2015-07-25 14:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 17:30 - 2015-07-25 14:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 17:30 - 2015-07-25 14:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 17:30 - 2015-07-25 14:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 17:30 - 2015-07-25 13:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-23 11:28 - 2015-08-10 14:13 - 00002081 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-07-23 11:28 - 2015-08-10 14:11 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-07-23 11:28 - 2015-07-23 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-07-23 11:27 - 2015-07-23 11:27 - 00447944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-07-23 11:27 - 2015-07-23 11:27 - 00274808 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-07-23 11:27 - 2015-07-23 11:27 - 00150160 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-07-23 11:27 - 2015-07-23 11:27 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-07-23 11:27 - 2015-07-23 11:27 - 00090968 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-07-23 11:27 - 2015-07-23 11:27 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-07-23 11:27 - 2015-07-23 11:27 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-07-23 11:27 - 2015-07-23 11:26 - 01048856 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-07-23 11:26 - 2015-07-23 11:26 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-07-23 11:25 - 2015-07-23 11:25 - 00000000 ____D C:\Program Files\AVAST Software
2015-07-23 11:22 - 2015-07-23 11:22 - 00000000 ____D C:\ProgramData\AVAST Software
2015-07-23 11:05 - 2015-07-23 11:05 - 05961024 _____ (AVAST Software) C:\Users\Little Wonders\Desktop\avastclear.exe
2015-07-23 10:51 - 2015-07-23 10:51 - 05685544 _____ (AVAST Software) C:\Users\Little Wonders\Desktop\avast_free_antivirus_setup_online.exe
2015-07-23 09:22 - 2015-08-03 09:31 - 00000000 ____D C:\Program Files (x86)\AlllChEapPraicea
2015-07-23 09:21 - 2015-07-23 09:21 - 00000000 ____D C:\Program Files (x86)\WIKI 2 Wikipedia Republished
2015-07-23 09:19 - 2015-08-03 09:31 - 00000000 ____D C:\Program Files (x86)\AllCheapPrIcE
2015-07-23 09:19 - 2015-07-23 09:19 - 00000000 ____D C:\Program Files (x86)\FunDeaalas
2015-07-22 10:01 - 2015-08-03 09:31 - 00000000 ____D C:\Program Files (x86)\RoaboSaoveR
2015-07-22 10:00 - 2015-08-03 09:31 - 00000000 ____D C:\Program Files (x86)\ROboSavEer
2015-07-22 10:00 - 2015-07-22 10:00 - 00000000 ____D C:\Program Files (x86)\Assistantto Scheduling Assistant
2015-07-22 09:58 - 2015-07-22 09:58 - 00000000 ____D C:\Program Files (x86)\RobiooSaver
2015-07-22 09:49 - 2015-07-22 09:49 - 00000000 ____D C:\Program Files (x86)\Shaky Entertainment
2015-07-21 09:58 - 2015-07-14 23:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 09:58 - 2015-07-14 23:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 09:58 - 2015-07-14 23:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 09:58 - 2015-07-14 23:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 09:58 - 2015-07-14 22:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 09:58 - 2015-07-14 22:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 09:58 - 2015-07-14 22:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 09:58 - 2015-07-14 22:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 09:58 - 2015-07-14 21:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 09:58 - 2015-07-14 21:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 10:37 - 2015-07-09 13:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 10:37 - 2015-07-09 13:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 10:37 - 2015-07-09 13:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 10:37 - 2015-07-09 13:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 10:37 - 2015-07-09 13:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 10:37 - 2015-07-09 13:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 10:37 - 2015-07-09 13:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 10:37 - 2015-07-09 13:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 10:37 - 2015-06-25 04:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 10:37 - 2015-06-17 13:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 10:37 - 2015-06-17 13:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 10:37 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 10:37 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 10:36 - 2015-07-04 14:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 10:36 - 2015-07-04 13:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 10:36 - 2015-07-02 17:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 10:36 - 2015-07-02 17:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 10:36 - 2015-07-02 16:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 10:36 - 2015-07-02 16:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 10:36 - 2015-07-02 16:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 10:36 - 2015-07-02 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 10:36 - 2015-07-02 16:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 10:36 - 2015-07-02 16:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 10:36 - 2015-07-02 16:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 10:36 - 2015-07-02 15:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 10:36 - 2015-07-02 15:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 10:36 - 2015-07-02 14:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 10:36 - 2015-07-01 16:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 10:36 - 2015-07-01 16:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 10:36 - 2015-07-01 16:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 10:36 - 2015-07-01 16:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 10:36 - 2015-07-01 16:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 10:36 - 2015-07-01 16:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 10:36 - 2015-07-01 16:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 10:36 - 2015-07-01 16:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 10:36 - 2015-07-01 16:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 10:36 - 2015-07-01 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 10:36 - 2015-07-01 16:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 10:36 - 2015-07-01 16:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 10:36 - 2015-07-01 16:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 10:36 - 2015-07-01 16:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 10:36 - 2015-07-01 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 10:36 - 2015-07-01 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 10:36 - 2015-07-01 16:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 10:36 - 2015-07-01 16:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 10:36 - 2015-07-01 15:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 10:36 - 2015-07-01 15:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 10:36 - 2015-07-01 15:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 10:36 - 2015-06-26 22:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 10:36 - 2015-06-26 22:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 10:36 - 2015-06-26 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 10:36 - 2015-06-26 21:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 10:36 - 2015-06-25 14:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 10:36 - 2015-06-25 13:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 10:36 - 2015-06-20 16:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 10:36 - 2015-06-20 15:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 10:36 - 2015-06-20 15:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 10:36 - 2015-06-20 15:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 10:36 - 2015-06-20 15:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 10:36 - 2015-06-20 15:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 10:36 - 2015-06-20 15:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 10:36 - 2015-06-20 15:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
-
2015-07-15 10:36 - 2015-06-20 15:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 10:36 - 2015-06-20 15:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 10:36 - 2015-06-20 15:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 10:36 - 2015-06-20 15:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 10:36 - 2015-06-20 15:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 10:36 - 2015-06-20 15:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 10:36 - 2015-06-20 15:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 10:36 - 2015-06-20 15:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 10:36 - 2015-06-20 15:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 10:36 - 2015-06-20 14:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 10:36 - 2015-06-20 14:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 10:36 - 2015-06-20 14:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 10:36 - 2015-06-20 14:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 10:36 - 2015-06-20 14:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 10:36 - 2015-06-20 14:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 10:36 - 2015-06-19 14:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 10:36 - 2015-06-19 14:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 10:36 - 2015-06-19 14:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 10:36 - 2015-06-19 14:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 10:36 - 2015-06-19 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 10:36 - 2015-06-19 14:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 10:36 - 2015-06-19 14:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 10:36 - 2015-06-19 14:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 10:36 - 2015-06-19 14:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 10:36 - 2015-06-19 14:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 10:36 - 2015-06-19 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 10:36 - 2015-06-19 13:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 10:36 - 2015-06-19 13:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 10:36 - 2015-06-19 13:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 10:36 - 2015-06-19 13:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 10:36 - 2015-06-19 13:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 10:36 - 2015-06-19 13:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 10:36 - 2015-06-19 13:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 10:36 - 2015-06-19 13:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 10:36 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 10:36 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 10:36 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 10:36 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 10:36 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 10:36 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 10:36 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 10:36 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 10:35 - 2015-06-15 17:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 10:35 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 10:35 - 2015-06-15 17:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 10:35 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 10:35 - 2015-06-15 17:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 10:35 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 10:35 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 10:35 - 2015-06-15 17:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 10:35 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 10:35 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 10:35 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 10:35 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-13 10:12 - 2015-07-22 10:01 - 00000000 ____D C:\Program Files (x86)\CooupExxtensiOn
2015-07-13 10:12 - 2015-07-22 10:01 - 00000000 ____D C:\Program Files (x86)\CooUpExteinsion
2015-07-13 10:12 - 2015-07-13 10:12 - 00000000 ____D C:\Program Files (x86)\new metroTab
2015-07-13 10:12 - 2015-07-13 10:12 - 00000000 ____D C:\Program Files (x86)\CoupEExuTension
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-08-10 14:41 - 2013-09-19 11:28 - 00000316 _____ C:\Windows\Tasks\UpdaterEX.job
2015-08-10 14:39 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-10 14:39 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-10 14:32 - 2014-03-21 17:54 - 01602038 _____ C:\Windows\WindowsUpdate.log
2015-08-10 14:25 - 2015-06-25 14:25 - 00000370 _____ C:\Windows\Tasks\BreakfastBunny.job
2015-08-10 14:25 - 2015-05-15 14:25 - 00000372 _____ C:\Windows\Tasks\Bidaily Synchronize Task[pr].job
2015-08-10 14:23 - 2014-03-22 16:09 - 00009282 _____ C:\Windows\setupact.log
2015-08-10 14:23 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-10 14:07 - 2015-07-07 10:14 - 00002129 _____ C:\Users\Little Wonders\Desktop\Internet Explorer (No Add-ons).lnk
2015-08-10 14:07 - 2015-07-06 10:24 - 00000020 _____ C:\Users\Little Wonders\AppData\Roaming\appdataFr2.bin
2015-08-10 14:02 - 2014-01-13 13:16 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-10 13:43 - 2015-03-25 13:51 - 00000000 ____D C:\Users\Little Wonders\Desktop\Andrew's scans
2015-08-10 13:42 - 2013-09-18 15:43 - 00000000 ____D C:\Users\Little Wonders\Desktop\Andrew
2015-08-10 13:40 - 2015-03-17 15:16 - 00000000 ____D C:\Users\Little Wonders\Desktop\Scans
2015-08-10 13:33 - 2010-02-23 09:41 - 00003982 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A26D9F52-0687-4B29-BF28-F83CFD1978B6}
2015-08-10 13:21 - 2015-07-09 15:33 - 00000372 _____ C:\Windows\Tasks\LightningNet.job
2015-08-10 13:21 - 2015-07-06 10:20 - 00000372 _____ C:\Windows\Tasks\BugBreaker.job
2015-08-10 13:21 - 2015-07-01 16:46 - 00000372 _____ C:\Windows\Tasks\CaseKeeper.job
2015-08-10 13:21 - 2015-06-26 09:34 - 00000372 _____ C:\Windows\Tasks\WheatWizard.job
2015-08-10 13:21 - 2015-06-18 23:14 - 00000372 _____ C:\Windows\Tasks\TubeControl.job
2015-08-10 13:21 - 2015-06-17 09:33 - 00000372 _____ C:\Windows\Tasks\IceApps.job
2015-08-10 13:21 - 2011-02-08 10:11 - 00000000 ____D C:\tmp
2015-08-05 10:06 - 2014-03-13 13:50 - 00000000 ____D C:\Users\Little Wonders\Desktop\Sept
2015-08-04 15:25 - 2009-07-14 01:13 - 00852260 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-04 14:33 - 2010-02-23 11:53 - 00000072 _____ C:\Windows\iltwain.ini
2015-08-04 14:02 - 2014-03-22 16:09 - 01981874 _____ C:\Windows\PFRO.log
2015-08-04 09:36 - 2010-02-23 18:28 - 00000000 ____D C:\Users\Little Wonders\AppData\Local\CrashDumps
2015-08-04 09:23 - 2010-02-15 16:09 - 00013350 _____ C:\Users\Little Wonders\AppData\Roaming\wklnhst.dat
2015-08-03 09:33 - 2015-04-13 10:02 - 00000000 ____D C:\ProgramData\3513037906374832000
2015-07-29 03:01 - 2014-05-17 03:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 05:06 - 2015-04-15 03:00 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-23 09:21 - 2015-06-23 10:12 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-07-22 10:02 - 2010-02-16 09:47 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-22 10:01 - 2015-07-05 17:36 - 00000000 ____D C:\Program Files (x86)\NiceOffErs
2015-07-22 09:56 - 2014-06-18 10:28 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-07-22 03:21 - 2009-07-14 00:45 - 00528752 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-18 03:17 - 2015-04-15 03:00 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-16 14:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 09:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-16 09:06 - 2014-12-10 04:27 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 15:02 - 2014-01-13 13:16 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 15:02 - 2013-10-01 11:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 15:02 - 2011-09-09 11:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2015-06-23 10:12 - 2015-07-23 09:21 - 0000079 _____ () C:\Program Files (x86)\prefs.js
2015-07-06 10:24 - 2015-08-10 14:07 - 0000020 _____ () C:\Users\Little Wonders\AppData\Roaming\appdataFr2.bin
2015-08-10 14:05 - 2015-08-10 14:05 - 0000024 _____ () C:\Users\Little Wonders\AppData\Roaming\appdataFr25.bin
2011-07-17 23:10 - 2011-09-17 23:21 - 0001854 _____ () C:\Users\Little Wonders\AppData\Roaming\GhostObjGAFix.xml
2012-06-11 16:48 - 2012-06-11 17:10 - 0001144 _____ () C:\Users\Little Wonders\AppData\Roaming\result.db
2013-12-19 11:16 - 2014-03-24 09:00 - 0000254 _____ () C:\Users\Little Wonders\AppData\Roaming\WB.CFG
2014-01-27 18:22 - 2014-01-27 18:22 - 0000005 _____ () C:\Users\Little Wonders\AppData\Roaming\WBPU-TTL.DAT
2010-02-15 16:09 - 2015-08-04 09:23 - 0013350 _____ () C:\Users\Little Wonders\AppData\Roaming\wklnhst.dat
2015-02-23 11:22 - 2015-02-23 11:22 - 0000088 _____ () C:\Users\Little Wonders\AppData\Local\3a56fb676e8325036d49b57c05209aef
2015-04-14 14:00 - 2015-04-14 14:03 - 0011784 _____ () C:\Users\Little Wonders\AppData\Local\Temp-log.txt
2015-05-22 15:13 - 2015-05-22 15:13 - 0000000 _____ () C:\Users\Little Wonders\AppData\Local\Temp.dat
2012-01-30 16:10 - 2015-02-23 11:33 - 0004386 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\Little Wonders\AppData\Local\Temp\88896e8a8a88486ea609f31b41ec3718171344.exe
C:\Users\Little Wonders\AppData\Local\Temp\9EC5.exe
C:\Users\Little Wonders\AppData\Local\Temp\appupdater-{A03B844E-3BC3-DF4E-B802-6292092065EE}.exe
C:\Users\Little Wonders\AppData\Local\Temp\appupdater-{C9B8DB29-CDBB-A540-BEE7-DDA8C123A88E}.exe
C:\Users\Little Wonders\AppData\Local\Temp\e5292c01c66143b78d7b6d4c6f539757374931.exe
C:\Users\Little Wonders\AppData\Local\Temp\ICReinstall_ImgBurn_Setup.exe
C:\Users\Little Wonders\AppData\Local\Temp\ICSW1.9_0C1F1F1I0R0O0M1.9.exe
C:\Users\Little Wonders\AppData\Local\Temp\setacl.exe
C:\Users\Little Wonders\AppData\Local\Temp\sp-downloader.exe
C:\Users\Little Wonders\AppData\Local\Temp\SpOrder.dll
C:\Users\Little Wonders\AppData\Local\Temp\SymCCIS.dll
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\Drivers\AVGIDSDRIVERA.SYS
C:\Windows\SysWOW64\Drivers\AVGIDSHA.SYS
C:\Windows\SysWOW64\Drivers\AVGLOGA.SYS
C:\Windows\SysWOW64\Drivers\AVGRKX64.SYS
C:\Windows\SysWOW64\Drivers\AVGTDIA.SYS
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-08-04 11:40
==================== End of log ============================
-
Second part:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:09-08-2015
Ran by Little Wonders (2015-08-10 15:00:13)
Running from C:\Users\Little Wonders\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-443951736-1583617210-2315430799-500 - Administrator - Disabled)
Guest (S-1-5-21-443951736-1583617210-2315430799-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-443951736-1583617210-2315430799-1002 - Limited - Enabled)
Little Wonders (S-1-5-21-443951736-1583617210-2315430799-1001 - Administrator - Enabled) => C:\Users\Little Wonders
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
AAllDeaalAApp (HKLM-x32\...\{47B2010D-2F1B-7A72-E485-51BA1F6D5901}) (Version: - )
Adblock for Pirate Bay (HKLM-x32\...\{C816B74A-76DD-F936-7C6E-56E2B881B487}) (Version: - )
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader 9.5.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.1 - Adobe Systems Incorporated)
AlllChEapPraicea (HKLM-x32\...\{5A1D3F9E-73B5-95EC-1233-6646E1358965}) (Version: - "") <==== ATTENTION
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2223 - AVAST Software)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
Awesome Widget ANTP (HKLM-x32\...\{3112BDB8-7DB9-279D-EC5F-30BC1ABC266C}) (Version: - )
bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version: - ) <==== ATTENTION
Bing Bar (HKLM-x32\...\{B4089055-D468-45A4-A6BA-5A138DD715FC}) (Version: 7.0.850.0 - Microsoft Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon MF4800 Series (HKLM\...\{444085BE-389B-4330-A291-3FC258B846EC}) (Version: 4.1.0.0 - CANON INC.)
Childcare Manager 10 (HKLM-x32\...\{579249CA-0BC9-456E-80BC-4972913564E8}) (Version: 10.0.2905 - Personalized Software)
Cite This For Me Web Citer (HKLM-x32\...\{60EACF28-3304-CDE7-8F98-5992F85D389C}) (Version: - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CooupExxtensiOn (HKLM-x32\...\{6933C2BA-C67D-42C7-8C77-1FF4B364AF54}) (Version: - "") <==== ATTENTION
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DiscountBomb (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}) (Version: - DiscountBomb) <==== ATTENTION
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fastime 8000 (HKLM-x32\...\{3AFF92E5-8080-41B7-BB5B-2B7B939A50BB}) (Version: 02.00.0000 - Pyramid Technologies)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FoxTab PDF Converter (HKU\S-1-5-21-443951736-1583617210-2315430799-1001\...\FoxTab PDF Converter) (Version: - ) <==== ATTENTION
FunDeaalas (HKLM-x32\...\{478472F9-9E09-492A-BDAB-42EE595EF1AD}) (Version: - "") <==== ATTENTION
Fuune2Save (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version: - "") <==== ATTENTION
Google Chrome (HKLM-x32\...\{C529D155-657E-35C0-8A38-95AE8B671B9A}) (Version: 66.88.49282 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
Keep My OptOuts (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION
KidsCare 5 (HKLM-x32\...\KidsCare 5) (Version: - )
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{91170409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook 2013 - en-us (HKLM\...\OutlookRetail - en-us) (Version: 15.0.4737.1003 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Store Download Manager (HKLM-x32\...\{A3D88A98-506E-4CFC-B294-E256C679B0EE}) (Version: 2.5.2219.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MinimuumPrice (HKLM-x32\...\{CA1838EF-A497-194E-3850-37A62CEE398B}) (Version: - ) <==== ATTENTION
ModuleEdit (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{8338240e}) (Version: - ModuleEdit) <==== ATTENTION
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetOCoupoN (HKLM-x32\...\{317D8BB4-16C3-CFBD-3777-AED69667DA46}) (Version: - "") <==== ATTENTION
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
NewSaverr (HKLM-x32\...\{6A08B379-76FB-B4CF-0C70-CAFCD3635A77}) (Version: - "") <==== ATTENTION
NiceOffErs (HKLM-x32\...\{E9AD2F38-EF9C-B9DA-048A-A92FBC17701E}) (Version: - )
No Cyrus (HKLM-x32\...\{C2E3DB8B-C43B-9203-7BE7-D03BA334FD8A}) (Version: - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.5 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-443951736-1583617210-2315430799-1001\...\Octoshape add-in for Adobe Flash Player) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4737.1003 - Microsoft Corporation) Hidden
Pinner for Pinterest (HKLM-x32\...\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}) (Version: - "") <==== ATTENTION
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: - )
PL-2303 Vista Driver Installer (HKLM-x32\...\{EEC010D0-1252-4E1D-BAD9-F1B8F414535C}) (Version: 3.2.0.0 - Prolific)
PriceMiinus (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION
Print Perfect Deluxe (HKLM-x32\...\{AF06F78B-ACF7-40E3-9D1A-BC5A0529298B}) (Version: 9.2.28 - Cosmi Corporation)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.3.19 - Intuit)
QuickTime (HKLM-x32\...\QuickTime) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
RenderPointer (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{ec9c17f1}) (Version: - RenderPointer) <==== ATTENTION
RoaboSaoveR (HKLM-x32\...\{BE360B8B-0F10-CA89-FC84-A5EAB71A6AF8}) (Version: - "") <==== ATTENTION
-
SAVELOtoss (HKLM-x32\...\{35E13884-BAC3-5F4A-799B-05F882E0BD9F}) (Version: - "") <==== ATTENTION
SAveNEwaAppz (HKLM-x32\...\{7304C9D1-98AD-55F0-636E-22D8DD57F176}) (Version: - "") <==== ATTENTION
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpoaceCouPonAPp (HKLM-x32\...\{9777123F-5BF8-6C86-217E-7EB783C2E885}) (Version: - ) <==== ATTENTION
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.1.0f5_16147 - Unity Technologies ApS)
UpdaterEX (HKU\S-1-5-21-443951736-1583617210-2315430799-1001\...\UpdaterEX) (Version: - UpdaterEX)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VentureStand (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{f6d5a24}) (Version: - VentureStand) <==== ATTENTION
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
14-07-2015 12:00:07 Scheduled Checkpoint
16-07-2015 03:01:21 Windows Update
18-07-2015 03:00:24 Windows Update
22-07-2015 03:00:38 Windows Update
23-07-2015 10:52:02 avast! antivirus system restore point
23-07-2015 10:59:02 avast! antivirus system restore point
23-07-2015 11:23:09 avast! antivirus system restore point
29-07-2015 03:00:23 Windows Update
05-08-2015 08:54:55 Scheduled Checkpoint
10-08-2015 13:59:19 avast! antivirus system restore point
10-08-2015 14:09:51 avast! antivirus system restore point
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {12E94DB0-B70A-4B50-A7A1-26C280A3F598} - System32\Tasks\{00BA7C04-2930-4BA0-85D8-9C64416E6396} => pcalua.exe -a C:\Users\LITTLE~1\AppData\Local\Temp\F295A114\ChildcareManagerSetup.exe -d C:\Windows\SysWOW64 -c /embed"{F4AC2A05-BDC8-48BC-9962-A2766D6B8A18}" /hide_splash /hide_progress /runprerequisites"Help,Reports,ChildcareManager,ProgramFiles,Manual,NetworkServer" /l1033
Task: {145C09E7-C51C-410E-809B-D1D6DF87BCC3} - System32\Tasks\FontElite => c:\programdata\{3fac1441-b731-99d6-3fac-c1441b735106}\972258657956586775b.exe [2014-08-05] () <==== ATTENTION
Task: {16F8B35A-340A-4C37-A7BA-A9660273CFDC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {197C0B92-89AD-4CD4-B33D-B64D5AA6944C} - System32\Tasks\UpdaterEX => C:\Users\Little Wonders\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {2721C2CE-DA44-4A0F-BD21-9928294F2794} - System32\Tasks\{B1ED28FA-8139-42D6-AD80-BE820BFD604E} => pcalua.exe -a "C:\Users\Little Wonders\AppData\Local\Temp\Temp2_vista_prolific_chip_driver_for_serial_adapters.zip\Vista_Installer.exe"
Task: {2BE69A0B-F686-4C14-B04C-78557AAEE036} - System32\Tasks\ExtendedServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {2CC08B04-A9AA-49B1-9399-6782B3812F9F} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {35FCEF7B-1977-4904-AA47-CC7385080968} - System32\Tasks\LightningNet => c:\programdata\{7df4e096-4fa3-a2c8-7df4-4e0964fa8259}\1870006610398162240b.exe [2014-07-09] () <==== ATTENTION
Task: {3A29F414-D5EC-41D7-BE1F-F3F40B8A31BC} - System32\Tasks\{B5AB9C9D-5DF1-4D36-BC1A-6DA8FA87347F} => pcalua.exe -a "C:\Program Files (x86)\DiscountBomb\DiscountBomb.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {44626177-BBC2-419D-A128-AC36568AE6DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-23] (AVAST Software)
Task: {523F2DF2-EBDF-4F6C-A038-7C0C19698158} - System32\Tasks\TubeControl => c:\programdata\{43d6bae8-8f68-ff4b-43d6-6bae88f6eba2}\9176317559037144580b.exe [2014-06-18] () <==== ATTENTION
Task: {53632F53-7F9D-45C5-B801-1A8B4E9F34D8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {53DB096A-9CE9-4829-9029-6A6DF6866477} - System32\Tasks\BreakfastBunny => c:\programdata\{a92ed771-f64b-5489-a92e-ed771f645dc7}\985828238009730919b.exe [2014-06-25] () <==== ATTENTION
Task: {57FF410B-E3C2-4807-9B80-3EA9E52A7488} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-01] (Microsoft Corporation)
Task: {5897B68E-06D9-4FDF-B7E1-E614DD116997} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {6B4697D6-2AB3-4189-B570-1DA4747F7B3D} - System32\Tasks\{EBD12ADD-9B7C-491A-94B3-2CFFC7CC35DE} => pcalua.exe -a "C:\Users\Little Wonders\Documents\Downloads\CCM-Server_Setup(V10.0.2905).exe" -d C:\Windows\SysWOW64 -c /embed"{ADC05057-2056-4B14-B859-E67CCB2EA230}" /hide_splash /hide_progress /runprerequisites"Help,Reports,ChildcareManager,ProgramFiles,Manual,NetworkServer" /l1033
Task: {70548205-EF43-437F-A831-750097F694F6} - System32\Tasks\BugBreaker => c:\programdata\{e6afbdcc-b0a1-db48-e6af-fbdccb0af732}\6093383361760305201b.exe [2014-07-06] () <==== ATTENTION
Task: {725B9D6F-FA35-438F-98D1-2AE8A5A02815} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7441EABB-1BE3-4601-B490-516A306BABF0} - System32\Tasks\{1796F9BB-E4C4-4DA4-8335-24DC731E4708} => pcalua.exe -a "C:\Users\Little Wonders\Desktop\USBSrDvr.exe" -d "C:\Users\Little Wonders\Desktop"
Task: {768F60AD-DB89-4776-A45B-279E797A150F} - System32\Tasks\{395F898C-0DAF-4DFA-AA08-E8F8BAB1DF30} => pcalua.exe -a C:\kc5\setup\setup.exe
Task: {7CE2A72D-BB2F-44ED-89CA-1F6D1E32A005} - System32\Tasks\{51B1EBD4-DD09-442F-B202-70DFD26090F7} => E:\ACMSETUP.EXE
Task: {8049C92F-D897-483C-B3E6-40FF954EF611} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {84514CBE-C7B2-4DEF-9150-CD8CBD6B36A8} - System32\Tasks\Bidaily Synchronize Task[pr] => c:\programdata\{3639608d-237d-13b3-3639-9608d2378234}\3712898977138005454s.exe [2014-05-15] () <==== ATTENTION
Task: {8BD6DF11-C071-48A3-9DE2-2EBCA579554F} - System32\Tasks\CaseKeeper => c:\programdata\{8913d3ad-afc8-60a0-8913-3d3adafc4eb6}\2455391211969052693b.exe [2014-07-01] () <==== ATTENTION
Task: {9B476CE9-154B-4B29-B65C-142F2DF8890F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {9F3E6CA9-E64E-4969-8635-7EB5D7CB6D66} - System32\Tasks\{C56306F3-67B6-486D-B81F-0B8E937C7C99} => C:\Users\Little Wonders\Desktop\MDAC_TYP.EXE
Task: {A16FA5C8-B08E-4D6F-9629-3DFF74337E5E} - System32\Tasks\DreamDecode => c:\programdata\{09efe88c-330f-6cfa-09ef-fe88c330a230}\5140254858507817303b.exe [2014-08-04] () <==== ATTENTION
Task: {A199DC14-46D5-4A7A-B41D-B6BFBCEAE0E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {A1B72E7F-5675-4CF7-9D5E-5EDAE564FA3F} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {AA3705FC-DA72-4B29-B704-062C8E6A10F1} - System32\Tasks\RecoveryCDWin7 => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {BF8421A3-00F1-49B6-BE69-8ADCFD4C5696} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2009-10-20] ()
Task: {CA28FE0A-8394-4928-9950-5D9710D93598} - System32\Tasks\{29639896-F900-4CCA-B787-6BC9FAE525A0} => E:\ACMSETUP.EXE
Task: {CD869D50-E5B3-4553-B82A-BBEB072F6BB7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-12] (Microsoft Corporation)
Task: {D37F3308-16E6-4800-9687-DB07E918E18C} - System32\Tasks\{6FE15A16-DF91-49D1-BCCE-E758CB864855} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {EE3CA4E9-7BFF-49B7-889F-47DF91E9B351} - System32\Tasks\IceApps => c:\programdata\{d43a3e12-6ad8-c794-d43a-a3e126adf849}\7438011186733298683b.exe [2014-06-17] () <==== ATTENTION
Task: {EF4F2429-35B8-44FE-A8BD-25995276C545} - System32\Tasks\{B1769513-4A93-4EFF-95C5-F720E95A94AC} => C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exe [2011-03-11] (Personalized Software, Inc.)
Task: {FECC4792-8E0E-402F-B0E9-77FE466164DD} - System32\Tasks\WheatWizard => c:\programdata\{89ffb3a7-2acc-f95f-89ff-fb3a72acce9c}\6586289048286789679b.exe [2014-06-26] () <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Bidaily Synchronize Task[pr].job => c:\programdata\{3639608d-237d-13b3-3639-9608d2378234}\3712898977138005454s.exe <==== ATTENTION
Task: C:\Windows\Tasks\BreakfastBunny.job => c:\programdata\{a92ed771-f64b-5489-a92e-ed771f645dc7}\985828238009730919b.exe <==== ATTENTION
Task: C:\Windows\Tasks\BugBreaker.job => c:\programdata\{e6afbdcc-b0a1-db48-e6af-fbdccb0af732}\6093383361760305201b.exe <==== ATTENTION
Task: C:\Windows\Tasks\CaseKeeper.job => c:\programdata\{8913d3ad-afc8-60a0-8913-3d3adafc4eb6}\2455391211969052693b.exe <==== ATTENTION
Task: C:\Windows\Tasks\DreamDecode.job => c:\programdata\{09efe88c-330f-6cfa-09ef-fe88c330a230}\5140254858507817303b.exe <==== ATTENTION
Task: C:\Windows\Tasks\FontElite.job => c:\programdata\{3fac1441-b731-99d6-3fac-c1441b735106}\972258657956586775b.exe <==== ATTENTION
Task: C:\Windows\Tasks\IceApps.job => c:\programdata\{d43a3e12-6ad8-c794-d43a-a3e126adf849}\7438011186733298683b.exe <==== ATTENTION
Task: C:\Windows\Tasks\LightningNet.job => c:\programdata\{7df4e096-4fa3-a2c8-7df4-4e0964fa8259}\1870006610398162240b.exe <==== ATTENTION
Task: C:\Windows\Tasks\TubeControl.job => c:\programdata\{43d6bae8-8f68-ff4b-43d6-6bae88f6eba2}\9176317559037144580b.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\LITTLE~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\WheatWizard.job => c:\programdata\{89ffb3a7-2acc-f95f-89ff-fb3a72acce9c}\6586289048286789679b.exe <==== ATTENTION
==================== Loaded Modules (Whitelisted) ==============
-
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-18 10:28 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 07:40 - 2015-01-27 11:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-02-18 13:48 - 2010-02-10 19:10 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2015-07-10 12:57 - 2015-07-10 12:57 - 08016461 _____ () C:\Program Files (x86)\Lethal Tonight\Lethal Tonight.exe
2014-03-13 16:22 - 2014-03-13 16:22 - 00852480 _____ () C:\ProgramData\{2899c890-57cb-72e8-2899-9c89057c2241}\FIFA Soccer 64.exe
2015-07-22 09:49 - 2015-07-22 09:49 - 08016385 _____ () C:\Program Files (x86)\Shaky Entertainment\Shaky Entertainment.exe
2013-11-14 20:48 - 2013-11-14 20:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2015-06-16 16:41 - 2015-06-16 16:41 - 01776640 _____ () c:\Program Files (x86)\PragmaEdit\PragmaEdit.dll
2015-07-05 17:38 - 2015-07-05 17:38 - 01771520 _____ () c:\Program Files (x86)\SoftwarePlus\SoftwarePlus.dll
2013-11-14 20:49 - 2013-11-14 20:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2000-09-29 01:00 - 2000-09-29 01:00 - 00032768 _____ () C:\Windows\SysWow64\hlinkprx.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Little Wonders\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk => C:\Windows\pss\PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: cdloader => "C:\Users\Little Wonders\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: StartNow Search Protect => "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /REPORT /PROTECT /RELAY
MSCONFIG\startupreg: StartNowToolbarHelper => "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{40184C0D-EEA7-46F3-9EF0-CF50CA552808}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [TCP Query User{C61E01F4-9791-4DA0-8567-EFDC76A3A205}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{C5A8B10A-4E1B-4B27-85DD-0184E1D87721}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{902C5FFF-FB0A-48A0-9E6C-F9749A145160}F:\techwizard.exe] => (Allow) F:\techwizard.exe
FirewallRules: [UDP Query User{DD661469-558D-475D-93BC-82529C9F54A6}F:\techwizard.exe] => (Allow) F:\techwizard.exe
FirewallRules: [TCP Query User{6B3287D7-DAE1-4B6C-B123-EC179A576F53}C:\users\little wonders\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\little wonders\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [UDP Query User{E5F34953-3618-47DF-AE30-0F31DEE2E2BD}C:\users\little wonders\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe] => (Allow) C:\users\little wonders\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe
FirewallRules: [{F9723DE8-4B2D-40CE-A1FE-8EEFE0E01FB0}] => (Allow) C:\Users\Little Wonders\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{A9C83276-91E6-4F3D-98A4-9DCEAD10CA2D}] => (Allow) C:\Users\Little Wonders\AppData\Roaming\mjusbsp\magicJack.exe
FirewallRules: [{45D32FE7-909B-4468-BAD2-DC9D7128E160}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{60839025-45CC-4367-98B3-7817760B4245}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{22AECB29-1CC3-45BF-8CC8-B9C7D2E0B5D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DB74FEF8-370D-404C-9A0F-3B00969274EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{45C32F72-706D-4C01-A302-4C8E30936689}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AA2034A9-D4E7-4182-AA29-1777E79F0439}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D3571853-3D60-48E4-B571-741141FA8A37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9739B76F-D951-45BC-847A-10D33FA5680A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{A865AC9A-EF6E-434B-A087-B571DC0686DB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{97F66A87-865D-4949-BF69-D2D13491150D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{697D52D5-7803-49FD-962F-A9A92C6691EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{30F7CFEF-914B-4FBD-AB1C-82614FA138D2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{6E19171A-0D9F-4D03-8FD6-7C4E007B78A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BB6655A3-0193-4123-AC58-B6AD17FF1782}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{AB74EE13-68E7-489D-8B8C-4E729093C36C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{3B2AA929-483A-49B8-8644-D14549D78DF6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{A1CA70BC-6A30-49D6-8CCD-8597AB4904C6}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{DAE51D7C-F0CC-4BDE-A10A-05CA3FF1A302}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{2C4FC4B8-FA1F-492D-8E1D-7DD9CC2D8CD7}] => (Allow) C:\Users\Little Wonders\AppData\Local\Temp\7zS72ED.tmp\SymNRT.exe
FirewallRules: [{727EA379-828C-4865-8D95-6DD3DAD405A1}] => (Allow) C:\Users\Little Wonders\AppData\Local\Temp\7zS72ED.tmp\SymNRT.exe
FirewallRules: [{4EF739E6-C25D-4AE1-B2E3-FC365C2819B3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [TCP Query User{EF81E8D9-4BD7-452B-A06E-78C370EE4F73}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{78AFF35C-1DEC-463D-870C-4E933445A8C7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{59C1AE43-D2AE-4536-9D03-3965EB528638}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0B469C0C-A570-4DFC-88D7-903D9E3C2177}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (08/10/2015 02:44:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: LittleWonders)
Description: Product: Google Chrome -- Error 1316. The specified account already exists.
Error: (08/04/2015 09:36:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 14.0.7153.5000, time stamp: 0x5581e16e
Faulting module name: EXCEL.EXE, version: 14.0.7153.5000, time stamp: 0x5581e16e
Exception code: 0xc0000005
Fault offset: 0x0013746f
Faulting process id: 0xc0c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3
Error: (08/04/2015 09:15:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: b7c
Start Time: 01d0c55b320b0840
Termination Time: 904
Application Path: C:\Windows\Explorer.EXE
Report Id: d22ce0e1-3aaa-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 11:53:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Faulting module name: sqloledb.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba08
Exception code: 0xc0000005
Fault offset: 0x0007c7fb
Faulting process id: 0x18c0
Faulting application start time: 0xChildCareManager.exe0
Faulting application path: ChildCareManager.exe1
Faulting module path: ChildCareManager.exe2
Report Id: ChildCareManager.exe3
Error: (08/03/2015 11:52:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program EXCEL.EXE version 14.0.7153.5000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 193c
Start Time: 01d0caeb3e676468
Termination Time: 0
Application Path: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Report Id: 9b3066b1-39f7-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 10:10:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Faulting module name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x010c8172
Faulting process id: 0x5c8
Faulting application start time: 0xChildCareManager.exe0
Faulting application path: ChildCareManager.exe1
Faulting module path: ChildCareManager.exe2
Report Id: ChildCareManager.exe3
Error: (08/03/2015 10:09:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Faulting module name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x010c8172
Faulting process id: 0x13ac
Faulting application start time: 0xChildCareManager.exe0
Faulting application path: ChildCareManager.exe1
Faulting module path: ChildCareManager.exe2
Report Id: ChildCareManager.exe3
Error: (08/03/2015 10:09:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Faulting module name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x010c8172
Faulting process id: 0x1b5c
Faulting application start time: 0xChildCareManager.exe0
Faulting application path: ChildCareManager.exe1
Faulting module path: ChildCareManager.exe2
Report Id: ChildCareManager.exe3
Error: (08/03/2015 10:09:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Faulting module name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
-
Exception code: 0xc0000005
Fault offset: 0x010c8172
Faulting process id: 0x524
Faulting application start time: 0xChildCareManager.exe0
Faulting application path: ChildCareManager.exe1
Faulting module path: ChildCareManager.exe2
Report Id: ChildCareManager.exe3
Error: (08/03/2015 10:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Faulting module name: ChildCareManager.exe, version: 10.0.0.2905, time stamp: 0x2a425e19
Exception code: 0xc0000005
Fault offset: 0x010c8172
Faulting process id: 0x76c
Faulting application start time: 0xChildCareManager.exe0
Faulting application path: ChildCareManager.exe1
Faulting module path: ChildCareManager.exe2
Report Id: ChildCareManager.exe3
System errors:
=============
Error: (08/10/2015 02:26:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (08/10/2015 02:24:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error:
%%2
Error: (08/10/2015 02:24:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
Error: (08/10/2015 02:23:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
%%1053
Error: (08/10/2015 02:23:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avast Antivirus service to connect.
Error: (08/10/2015 01:25:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2
Error: (08/10/2015 01:25:16 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (08/10/2015 01:23:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The IHA_MessageCenter service failed to start due to the following error:
%%2
Error: (08/10/2015 01:23:25 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
Error: (08/10/2015 01:23:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Avast Antivirus service failed to start due to the following error:
%%1053
Microsoft Office:
=========================
Error: (08/10/2015 02:44:42 PM) (Source: MsiInstaller) (EventID: 11316) (User: LittleWonders)
Description: Product: Google Chrome -- Error 1316. The specified account already exists.
(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/04/2015 09:36:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: EXCEL.EXE14.0.7153.50005581e16eEXCEL.EXE14.0.7153.50005581e16ec00000050013746fc0c01d0ceb7a71cd4f0C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXEC:\PROGRA~2\MICROS~2\Office14\EXCEL.EXEbdf55fa0-3aad-11e5-b935-e0cb4e30ae28
Error: (08/04/2015 09:15:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567b7c01d0c55b320b0840904C:\Windows\Explorer.EXEd22ce0e1-3aaa-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 11:53:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ChildCareManager.exe10.0.0.29052a425e19sqloledb.dll6.1.7601.175144ce7ba08c00000050007c7fb18c001d0cdf61ee38708C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exeC:\Program Files (x86)\Common Files\System\Ole DB\sqloledb.dllba994b70-39f7-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 11:52:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE14.0.7153.5000193c01d0caeb3e6764680C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE9b3066b1-39f7-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 10:10:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ChildCareManager.exe10.0.0.29052a425e19ChildCareManager.exe10.0.0.29052a425e19c0000005010c81725c801d0cdf616672238C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exeC:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exe55157548-39e9-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 10:09:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ChildCareManager.exe10.0.0.29052a425e19ChildCareManager.exe10.0.0.29052a425e19c0000005010c817213ac01d0cdf60e01c7d8C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exeC:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exe4d3bb918-39e9-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 10:09:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ChildCareManager.exe10.0.0.29052a425e19ChildCareManager.exe10.0.0.29052a425e19c0000005010c81721b5c01d0cdf609541e48C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exeC:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exe49064cc8-39e9-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 10:09:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ChildCareManager.exe10.0.0.29052a425e19ChildCareManager.exe10.0.0.29052a425e19c0000005010c817252401d0cdf5fa85aeb8C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exeC:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exe3a84ebc8-39e9-11e5-b935-e0cb4e30ae28
Error: (08/03/2015 10:09:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ChildCareManager.exe10.0.0.29052a425e19ChildCareManager.exe10.0.0.29052a425e19c0000005010c817276c01d0cdf5f3f366a8C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exeC:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exe343503e8-39e9-11e5-b935-e0cb4e30ae28
CodeIntegrity:
===================================
Date: 2014-08-01 12:18:34.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:18:33.729
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:14:40.075
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:14:39.810
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:14:15.073
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:14:14.824
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:14:06.245
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:14:05.699
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:13:44.314
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-08-01 12:13:43.721
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\LITTLE~1\AppData\Local\Temp\DellBIOS.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Sempron(tm) Processor LE-1300
Percentage of memory in use: 61%
Total physical RAM: 1918.49 MB
Available physical RAM: 733.49 MB
Total Virtual: 3836.98 MB
Available Virtual: 2221.59 MB
==================== Drives ================================
Drive c: (COMPAQ) (Fixed) (Total:288.27 GB) (Free:213.31 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.72 GB) (Free:1.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=288.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.7 GB) - (Type=07 NTFS)
==================== End of log ============================
-
That's the first log and the second log in order up there^
-
Thank you for the quick reply, but how can I post the log here? I'm only allowed 20k characters
By attaching the FRST.txt file to your post. This also makes easier for essexboy to analyse.
When in the reply window you will see the Attachments and other options, clicking that allows you to attach the file.
-
Sorry about that guys, I gotta get more sleep, overlooked it. Here it is:
-
I am surprised the computer actually runs
Due to the size of the fix I am having to attach it
After the first reboot let me know if Avast runs
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Right click the attached fixlist.txt and select save as..
Save to the desktop
Ensure that FRST is also on the desktop
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode onto your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Scan.
- After the scan is complete click on "Clean"
- Confirm each time with Ok.
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S0].txt as well.
FINALLY
I will need a fresh FRST scan including the additions
-
Thank you very much for the follow up essex. I will do this tomorrow as I will no longer have access to this computer. I will be sure to post the results.
-
First part of your request is attached.
-
Avast should now run
-
I did everything as above, but avast still doesn't open. Perhaps just following your steps helped my computer a lot, however.
Attached is the log adwcleaner produced.
-
Could I have a fresh FRST scan please after you have done the following :
First ..
Uninstall Avast
Second..
Run this FRST fix ..
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
IFEO\ashAvast.exe: [Debugger] svchost.exe
IFEO\ashBug.exe: [Debugger] svchost.exe
IFEO\ashChest.exe: [Debugger] svchost.exe
IFEO\ashCnsnt.exe: [Debugger] svchost.exe
IFEO\ashDisp.exe: [Debugger] svchost.exe
IFEO\ashLogV.exe: [Debugger] svchost.exe
IFEO\ashMaiSv.exe: [Debugger] svchost.exe
IFEO\ashPopWz.exe: [Debugger] svchost.exe
IFEO\ashQuick.exe: [Debugger] svchost.exe
IFEO\ashServ.exe: [Debugger] svchost.exe
IFEO\ashSimp2.exe: [Debugger] svchost.exe
IFEO\ashSimpl.exe: [Debugger] svchost.exe
IFEO\ashSkPcc.exe: [Debugger] svchost.exe
IFEO\ashSkPck.exe: [Debugger] svchost.exe
IFEO\ashUpd.exe: [Debugger] svchost.exe
IFEO\ashWebSv.exe: [Debugger] svchost.exe
IFEO\aswChLic.exe: [Debugger] svchost.exe
IFEO\aswRegSvr.exe: [Debugger] svchost.exe
IFEO\aswRunDll.exe: [Debugger] svchost.exe
IFEO\aswUpdSv.exe: [Debugger] svchost.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
Third ..
Reinstall Avast
Finally ..
Run a fresh FRST scan
-
First part of your request.
-
Okay..I completed all the steps, avast still hasn't been able to open. I attached the logs of the last scan. Thank you for your continuing support.
-
The main culprit is running from the quarantine at the moment and masquerading as fifa 64
If this fails to kill I will move on to a heavier programme
Re-install Chrome
Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants. We need to resolve this.
1. If you have bookmarks, let's save them by exporting them - Export Bookmarks (http://support.google.com/chrome/bin/answer.py?hl=en&answer=96816)
2. Then I need you to go Google Sync (https://www.google.com/settings/chrome/sync) and sign into your account
3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
4. Now we need to uninstall chrome.
Note: When asked about user data or settings you must remove this also so please check the box.
5. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome (https://www.google.com/intl/en/chrome/browser/)
6. Import your bookmarks back into Chrome
7. Sign back in to your Chrome browser so that your bookmarks sync with your online account.
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
IFEO\avastSvc.exe: [Debugger] svchost.exe
IFEO\avastUI.exe: [Debugger] svchost.exe
IFEO\tapinstall.exe: [Debugger] svchost.exe
IFEO\VisthAux.exe: [Debugger] svchost.exe
HKLM-x32\...\Run: [] => [X]
Startup: C:\Users\Little Wonders\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA Soccer 64.lnk [2015-03-13]
ShortcutTarget: FIFA Soccer 64.lnk -> C:\FRST\Quarantine\C\ProgramData\{2899c890-57cb-72e8-2899-9c89057c2241}\FIFA Soccer 64.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: DeEalExpraess -> {A2FF2181-79EC-4ADD-9193-CC53BA94E9BB} -> C:\Program Files (x86)\DeEalExpraess\6Vz6NArC6LzTZi.x64.dll [2015-08-12] ()
BHO-x32: DeEalExpraess -> {A2FF2181-79EC-4ADD-9193-CC53BA94E9BB} -> C:\Program Files (x86)\DeEalExpraess\6Vz6NArC6LzTZi.dll [2015-08-12] ()
FF SearchPlugin: C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default\searchplugins\startnow.xml [2014-02-28]
FF Extension: No Name - C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default\extensions\_qvxbkbnnuzqukzjj_i@frnhpojlbr_in.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
R2 24efcaa5; c:\Program Files (x86)\SystemLight\SystemLight.dll [2733056 2015-08-12] () [File not signed]
2015-08-12 10:18 - 2015-08-12 10:18 - 00000079 _____ C:\Program Files (x86)\prefs.js
2015-08-12 10:18 - 2015-08-12 10:18 - 00000000 ____D C:\Program Files (x86)\DeEalExpraess
2015-08-12 10:17 - 2015-08-12 10:18 - 00000000 ____D C:\ProgramData\3513037906374832000
2015-08-12 10:17 - 2015-08-12 10:17 - 00000000 ____D C:\Program Files (x86)\DeuaaloExprEEsse
2015-08-12 10:17 - 2015-08-12 10:17 - 00000000 ____D C:\Program Files (x86)\DEaalExpreess
2015-08-12 09:57 - 2015-08-12 09:57 - 00000000 ____D C:\Program Files (x86)\SystemLight
2015-08-10 15:33 - 2015-08-12 09:33 - 00000370 _____ C:\Windows\Tasks\ImageEnhance.job
2015-08-10 15:33 - 2015-08-10 15:33 - 00003300 _____ C:\Windows\System32\Tasks\ImageEnhance
Task: {12E94DB0-B70A-4B50-A7A1-26C280A3F598} - System32\Tasks\{00BA7C04-2930-4BA0-85D8-9C64416E6396} => pcalua.exe -a C:\Users\LITTLE~1\AppData\Local\Temp\F295A114\ChildcareManagerSetup.exe -d C:\Windows\SysWOW64 -c /embed"{F4AC2A05-BDC8-48BC-9962-A2766D6B8A18}" /hide_splash /hide_progress /runprerequisites"Help,Reports,ChildcareManager,ProgramFiles,Manual,NetworkServer" /l1033
Task: {2721C2CE-DA44-4A0F-BD21-9928294F2794} - System32\Tasks\{B1ED28FA-8139-42D6-AD80-BE820BFD604E} => pcalua.exe -a "C:\Users\Little Wonders\AppData\Local\Temp\Temp2_vista_prolific_chip_driver_for_serial_adapters.zip\Vista_Installer.exe"
Task: {3A29F414-D5EC-41D7-BE1F-F3F40B8A31BC} - System32\Tasks\{B5AB9C9D-5DF1-4D36-BC1A-6DA8FA87347F} => pcalua.exe -a "C:\Program Files (x86)\DiscountBomb\DiscountBomb.exe" -c /s /n /i:"ExecuteCommands;UninstallCommands" ""
Task: {6B4697D6-2AB3-4189-B570-1DA4747F7B3D} - System32\Tasks\{EBD12ADD-9B7C-491A-94B3-2CFFC7CC35DE} => pcalua.exe -a "C:\Users\Little Wonders\Documents\Downloads\CCM-Server_Setup(V10.0.2905).exe" -d C:\Windows\SysWOW64 -c /embed"{ADC05057-2056-4B14-B859-E67CCB2EA230}" /hide_splash /hide_progress /runprerequisites"Help,Reports,ChildcareManager,ProgramFiles,Manual,NetworkServer" /l1033
Task: {7441EABB-1BE3-4601-B490-516A306BABF0} - System32\Tasks\{1796F9BB-E4C4-4DA4-8335-24DC731E4708} => pcalua.exe -a "C:\Users\Little Wonders\Desktop\USBSrDvr.exe" -d "C:\Users\Little Wonders\Desktop"
Task: {768F60AD-DB89-4776-A45B-279E797A150F} - System32\Tasks\{395F898C-0DAF-4DFA-AA08-E8F8BAB1DF30} => pcalua.exe -a C:\kc5\setup\setup.exe
Task: {7CE2A72D-BB2F-44ED-89CA-1F6D1E32A005} - System32\Tasks\{51B1EBD4-DD09-442F-B202-70DFD26090F7} => E:\ACMSETUP.EXE
Task: {9F3E6CA9-E64E-4969-8635-7EB5D7CB6D66} - System32\Tasks\{C56306F3-67B6-486D-B81F-0B8E937C7C99} => C:\Users\Little Wonders\Desktop\MDAC_TYP.EXE
Task: {CA28FE0A-8394-4928-9950-5D9710D93598} - System32\Tasks\{29639896-F900-4CCA-B787-6BC9FAE525A0} => E:\ACMSETUP.EXE
Task: {D37F3308-16E6-4800-9687-DB07E918E18C} - System32\Tasks\{6FE15A16-DF91-49D1-BCCE-E758CB864855} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall HOMESTUDENTR /dll OSETUP.DLL
Task: {D823F284-E68E-43F4-9D0F-249C61B92645} - System32\Tasks\ImageEnhance => c:\programdata\{fd02b9e2-a850-2b00-fd02-2b9e2a85e78a}\108573950245256588b.exe <==== ATTENTION
Task: {EF4F2429-35B8-44FE-A8BD-25995276C545} - System32\Tasks\{B1769513-4A93-4EFF-95C5-F720E95A94AC} => C:\Program Files (x86)\Personalized Software\Childcare Manager 10\ChildCareManager.exe [2011-03-11] (Personalized Software, Inc.)
Task: C:\Windows\Tasks\ImageEnhance.job => c:\programdata\{fd02b9e2-a850-2b00-fd02-2b9e2a85e78a}\108573950245256588b.exe <==== ATTENTION
C\ProgramData\{2899c890-57cb-72e8-2899-9c89057c2241}
C:\FRST\Quarantine\C\ProgramData\{2899c890-57cb-72e8-2899-9c89057c2241}
C:\Program Files (x86)\DeEalExpraess
c:\Program Files (x86)\SystemLight
C:\Program Files (x86)\DiscountBomb
c:\programdata\{fd02b9e2-a850-2b00-fd02-2b9e2a85e78a}
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Before I do your next steps, I really don't care to keep chrome at all, and I don't believe I have a google sync account. I would remove it, but uninstalling whatever is left of it, I get this error: "There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor." I'm not trying to install it, but uninstall it.
-
No problem I will manually remove it if you wish after
-
Okay then, I can skip the entire chrome step?
-
Yes but do not start Chrome at all otherwise it may try to download something :)
-
Here is the new log.
-
OK it looks as though the malware has locked those keys
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
Okay, I ran the program. Here is what came up.
Also, the computer runs much better than it was before thanks to your help. The only thing is, it does not open avast still. Also the chrome installer seems to still be left over. It gives me the error I quoted in a previous post.
-
OK lets now try a different way of removing the reg keys
Copy the following to a notepad file
Select save and set the file type to all files
Save it as IFEO.reg
Save it to the desktop, then right click the file and select run as administrator
Accept the warnings and reboot
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
THEN
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
C:\Program Files\Google
C:\Users\Little Wonders\AppData\Local\Google
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
Could I then have a fresh FRST scan please
-
Attached is the fixlog for the second part. In the first step I wasn't able to right click and run as administrator, instead I just clicked on it and then it gave a window saying it added keys to the registry.
-
Scan logs.
-
Nope that did not work either
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
(http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png)
(http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png)
- When finished, it shall produce a log for you.
- Please include the C:\ComboFix.txt in your next reply.[/b]
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
-
I had the combofix already downloaded as per the previous posts. But here is the scan log.
-
OK lets see if CF can kill it
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
File::
c:\users\Little Wonders\AppData\Local\TempTaskUpdateDetectionEDE0E6CD-9309-4A7E-83AD-298C9D7C681C
Folder::
c:\users\Little Wonders\AppData\Local\TempTaskUpdateDetectionEDE0E6CD-9309-4A7E-83AD-298C9D7C681C
Registry::
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastSvc.exe]
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastUI.exe]
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\tapinstall.exe]
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\VisthAux.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSvc.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastUI.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe]
Save this as CFScript.txt, in the same location as ComboFix.exe
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
-
Here is the latest.
-
Could you fully uninstall Avast using the removal tool please
Avast Uninstall Utility (http://www.avast.com/en-gb/uninstall-utility)
NEXT
Run delfix but just select "Remove Disinfection tools"
This will remove FRST and Combofix quarantine folders
Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
Reboot once done
Then
Copy the following to a notepad file
Select save and set the file type to all files
Save it as IFEO.reg
Save it to the desktop, then right click the file and select run as administrator
Accept the warnings and reboot
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options]
[-HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
Finally
Could I have a fresh FRST scan
Please download Farbar Recovery Scan Tool (http://www.geekstogo.com/forum/files/file/435-frst-farbars-recovery-scan-tool/) and save it to your Desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
- Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
- Select additions at the bottom
- Press Scan button.
(https://dl.dropboxusercontent.com/u/73555776/frst.JPG)
- It will produce a log called FRST.txt in the same directory the tool is run from.
- Please attach both logs generated.
-
Updated attachments.
-
That worked :)
Avast should install now
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-443951736-1583617210-2315430799-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Extension: No Name - C:\Users\Little Wonders\AppData\Roaming\Mozilla\Firefox\Profiles\fanljv6v.default\extensions\_qvxbkbnnuzqukzjj_i@frnhpojlbr_in.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2015-08-14 10:45 - 2015-08-17 11:48 - 00000246 _____ C:\Users\Little Wonders\Desktop\IFEO.reg
2015-08-13 13:58 - 2015-08-17 11:34 - 00000000 ____D C:\Qoobox
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
(https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG)
Run FRST and press Fix
On completion a log will be generated please post that
-
Here is the log. Ill try avast soon.
-
That surely did it. Thank you very much essexboy. I imagine you are a blessing to these forums.
-
That were a bugger to kill, it seems as though the fix needed to be done in the right sequence...
Any further problems before I tidy up ?
-
Nope that's quite fine. Thanks for your help.
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Remove tools
Download and run Delfix (http://www.bleepingcomputer.com/download/delfix/)
Select the options as shown
(https://dl.dropboxusercontent.com/u/73555776/delfix.JPG)
: Keep Java Updated :
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article (http://www.forbes.com/sites/eliseackerman/2013/01/11/us-department-of-homeland-security-calls-on-computer-users-to-disable-java/)
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser (http://www.geekstogo.com/2600/how-to-disable-java-in-your-web-browser/) and How to unplug Java from the browser (http://krebsonsecurity.com/how-to-unplug-java-from-the-browser/))
If you do need to keep Java then download JavaRa (https://singularlabs.com/software/javara/javara-download/)
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
(https://dl.dropboxusercontent.com/u/73555776/javara.JPG)
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes (http://www.malwarebytes.org/mbam-download.php)
Update and run weekly to keep your system clean
Unchecky (http://unchecky.com)
Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To learn more about how to protect yourself while on the internet read this little guide Best security practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/)Keep safe :wave:
-
Much thanks. Ill just uninstall java. Can you tell me a little about what you were doing? You were editing scripts to run and remove things? Just curious, I'd like to learn about the process myself...or if you could recommend how to learn to do so.
-
What it was is that we hit a loop where I was trying to remove the malware and it still had something to latch on to
So I had to break the circle, that entailed removing the main bad file from quarantine and deleting it totally. That then allowed me to remove the keys and get Avast up and running
http://www.geekstogo.com/geeku/
-
Excellent. Thanks for the link as well.