machine2013 Posted November 10, 2014 ID:906099 Share Posted November 10, 2014 Hello I'm trying to remove a nasty infection having to do with Windows 7 x32. Every time i uncheck the proxy settings under IE they just get reenabled after 30 sec. Please advise on what to do. I have ran malwarebytes, pitman pro etc.. they all find the entry for the proxy but cannot permanently resolve the issue. Thanks, Lucas Link to post Share on other sites More sharing options...
machine2013 Posted November 11, 2014 Author ID:906456 Share Posted November 11, 2014 bump Link to post Share on other sites More sharing options...
MrCharlie Posted November 11, 2014 ID:906562 Share Posted November 11, 2014 Welcome to the forum. (Do what you can) General P2P/Piracy Warning: 1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here. 2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy. Failure to remove such software will result in your topic being closed and no further assistance being provided. <====><====><====><====><====><====><====><====> 1. Please run a Threat Scan with Malwarebytes (if possible) Start Malwarebytes 2.0......... Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware Same for PUM (Potentially Unwanted Modifications) Quarantine all that's found Post the log (save the log as a .txt file not .xml) Then...... 2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder. (use correct version for your system.....Which system am I using?) FRST <----for 32 bit systems FRST64 <----for 64 bit systemsDouble-click to run it. When the tool opens click Yes to disclaimer.Press Scan button. (make sure the Addition box is checked)It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.If the logs are large, you can attach them: To attach a log: Bottom right corner of this page. New window that comes up. Last................ 3. Please download and run RogueKiller 32 bit to your desktop. RogueKiller<---use this one for 64 bit systems Which system am I using? Quit all running programs. For Windows XP, double-click to start. For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run. Wait for the Prescan to finish Click Scan to scan the system. When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here. Don't run any other options, they're not all bad!!!!!!! RogueKiller logs will also be located here: %programdata%/RogueKiller/Logs <-------W7 C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP (please don't put logs in code or quotes and use the default font) MrC Note: Please read all of my instructions completely including these. Make sure system restore is turned on and running. Create a new restore point Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive <+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you. <+>The removal of malware isn't instantaneous, please be patient. <+>When we are done, I'll give to instructions on how to cleanup all the tools and logs <+>Please stick with me until I give you the "all clear". ------->Your topic will be closed if you haven't replied within 3 days!<-------- If I don't respond within 24 hours, please send me a PM Link to post Share on other sites More sharing options...
machine2013 Posted November 11, 2014 Author ID:906575 Share Posted November 11, 2014 Thanks for your reply! Here is the info you asked for, hopefully you can help FRST Log: aScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014Ran by Anytime (administrator) on ANYTIME-PC on 11-11-2014 16:17:04Running from C:\Users\Anytime\DownloadsLoaded Profile: Anytime (Available profiles: Anytime & LogMeInRemoteUser & Owner)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe() C:\Program Files\Abthearial\Abthearial.exe() C:\Program Files\Abthearial\HttpsProxy.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Kaseya International Limited) C:\Program Files\Kaseya\KSAASC00000000577510\AgentMon.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(Anytime Fitness) C:\Program Files\Anytime Fitness\ClubHub DoorService\ClubHub.Club.DoorService.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE() C:\Program Files\Abthearial\AbthearialHelper.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe( ) C:\Program Files\Kaseya\KSAASC00000000577510\extensions\Lua.exe( ) C:\Program Files\Kaseya\KSAASC00000000577510\extensions\Lua.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe(AMD) C:\Windows\System32\atieclxx.exe(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Kaseya International Limited) C:\Program Files\Kaseya\KSAASC00000000577510\KaUsrTsk.exe(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Anytime Fitness) C:\Users\Anytime\AppData\Local\Apps\2.0\0G2LCKN7.1ED\H3HLD4Q2.1GO\club..tion_d01621acc9164a2c_0001.0005_ecc2cbb253eb7698\ClubHub.Client.WPF.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(TeamViewer GmbH) C:\Users\Anytime\AppData\Local\temp\TeamViewer\Version9\TeamViewer.exe(TeamViewer GmbH) C:\Users\Anytime\AppData\Local\temp\TeamViewer\Version9\tv_w32.exe(TeamViewer GmbH) C:\Users\Anytime\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Desktop.exe(Farbar) C:\Users\Anytime\Downloads\FRST (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-18] (Advanced Micro Devices, Inc.)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM\...\Run: [KASHKSAASC00000000577510] => C:\Program Files\Kaseya\KSAASC00000000577510\KaUsrTsk.exe [577536 2012-10-31] (Kaseya International Limited)HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-10] (AVAST Software)Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)Lsa: [Authentication Packages] msv1_0 wvauthStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~$TE TO INSTALLER.docx ()Startup: C:\Users\Anytime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: Internet Explorer proxy is enabled.ProxyServer: http=127.0.0.1:9880;https=127.0.0.1:9880HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD0A0FD632FFDCF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=sslHKU\S-1-5-21-1943978468-3023993088-3773399000-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKCU - DefaultScope {10EB500E-200F-4144-9C7D-6A1E2AAEE61D} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {10EB500E-200F-4144-9C7D-6A1E2AAEE61D} URL = https://www.google.com/search?q={searchTerms}SearchScopes: HKCU - {2B346FD2-0F75-4EDE-9BCC-DCB7136431B0} URL = BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-10] Chrome: =======CHR StartupUrls: Default -> "https://www.google.com/webhp?source=search_app"CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No FileCHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No FileCHR Profile: C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-05]CHR Extension: (Google Drive) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-05]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-05]CHR Extension: (Google Search) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-05]CHR Extension: (Avast Online Security) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-10]CHR Extension: (Google Wallet) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]CHR Extension: (Gmail) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-05]CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Abthearial; C:\Program Files\Abthearial\Abthearial.exe [4383192 2014-10-27] ()R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)R2 DoorService; C:\Program Files\Anytime Fitness\ClubHub DoorService\ClubHub.Club.DoorService.exe [8192 2013-03-25] (Anytime Fitness) [File not signed]R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-10-31] (SurfRight B.V.)R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [112800 2011-06-29] (Intel Corporation)R2 KAKSAASC00000000577510; C:\Program Files\Kaseya\KSAASC00000000577510\AgentMon.exe [1085440 2012-12-20] (Kaseya International Limited) [File not signed]S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-10] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-10] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-10] (AVAST Software)R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-10] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-10] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-10] (AVAST Software)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-10] (AVAST Software)R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-10] ()R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [268968 2011-07-20] (Intel Corporation)R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)R3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [19968 2012-12-19] (Kaseya) [File not signed]R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)R3 OxMf; C:\Windows\System32\DRIVERS\OxMf.sys [52016 2011-11-29] (OEM)R3 OxSer; C:\Windows\System32\DRIVERS\OxSer.sys [84272 2011-11-29] (OEM)R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)R3 SNXPCARD; C:\Windows\System32\DRIVERS\snxpcard.sys [49016 2010-12-03] (SUNIX Co., Ltd.)R3 SNXPPALX; C:\Windows\System32\DRIVERS\snxppalx.sys [86392 2010-12-03] (SUNIX Co., Ltd.)R3 SNXPSERX; C:\Windows\System32\DRIVERS\snxpserx.sys [78712 2010-12-03] (SUNIX Co., Ltd.)S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)S4 LMIRfsClientNP; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 16:17 - 2014-11-11 16:17 - 00017961 _____ () C:\Users\Anytime\Downloads\FRST.txt2014-11-11 16:02 - 2014-11-11 16:16 - 01107968 _____ (Farbar) C:\Users\Anytime\Downloads\FRST (1).exe2014-11-11 16:02 - 2014-11-11 16:02 - 14672984 _____ () C:\Users\Anytime\Downloads\RogueKiller.exe2014-11-11 15:11 - 2014-11-11 15:11 - 00000237 _____ () C:\Users\Anytime\Desktop\Google.url2014-11-11 04:34 - 2014-11-11 04:34 - 00293900 _____ () C:\Users\Anytime\Downloads\Liz (19).xlsx2014-11-10 18:01 - 2014-11-10 18:01 - 00000362 _____ () C:\Users\Anytime\Desktop\Club Hub.appref-ms2014-11-10 18:01 - 2014-11-10 18:01 - 00000000 ____D () C:\Users\Anytime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anytime Fitness2014-11-10 17:55 - 2014-11-10 17:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment2014-11-10 17:55 - 2014-11-10 17:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.02014-11-10 17:54 - 2014-11-10 17:54 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList2014-11-10 17:54 - 2014-11-10 17:54 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList2014-11-10 17:52 - 2014-11-10 17:52 - 00104568 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Intel Corporation2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ATI2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\ATI2014-11-10 17:51 - 2014-11-10 17:51 - 00001419 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-11-10 17:51 - 2014-11-10 17:51 - 00000020 ___SH () C:\Users\Owner\ntuser.ini2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Users\Owner2014-11-10 17:51 - 2013-01-28 18:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help2014-11-10 17:51 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2014-11-10 17:51 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance2014-11-10 17:49 - 2014-11-10 17:49 - 01107968 _____ (Farbar) C:\Users\Anytime\Downloads\FRST.exe2014-11-10 17:40 - 2014-11-11 16:17 - 00000000 ____D () C:\FRST2014-11-10 17:39 - 2014-11-10 17:39 - 00001251 _____ () C:\Users\Anytime\Desktop\JRT.txt2014-11-10 17:26 - 2014-11-10 17:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys2014-11-10 17:26 - 2014-11-10 17:26 - 00016749 _____ () C:\ComboFix.txt2014-11-10 17:26 - 2014-11-10 17:26 - 00000000 ____D () C:\ProgramData\RogueKiller2014-11-10 17:16 - 2014-11-10 17:26 - 00000000 ____D () C:\ComboFix2014-11-10 17:11 - 2014-11-10 17:11 - 00000000 ____D () C:\Windows\ERUNT2014-11-10 17:00 - 2014-11-10 17:03 - 00000000 ____D () C:\AdwCleaner2014-11-10 16:57 - 2014-11-10 16:58 - 00000008 __RSH () C:\Users\Anytime\ntuser.pol2014-11-10 16:44 - 2014-11-10 17:26 - 00000000 ____D () C:\Qoobox2014-11-10 16:44 - 2014-11-10 16:52 - 00000000 ____D () C:\Windows\erdnt2014-11-10 16:44 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2014-11-10 16:44 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2014-11-10 16:44 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-11-10 16:44 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-11-10 16:44 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-11-10 16:44 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2014-11-10 16:44 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2014-11-10 16:44 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2014-11-10 16:42 - 2014-11-10 16:43 - 00000000 ____D () C:\Users\Anytime\Downloads\tdsskiller2014-11-10 16:36 - 2014-11-10 18:02 - 00000168 _____ () C:\Windows\setupact.log2014-11-10 16:36 - 2014-11-10 17:59 - 00001888 _____ () C:\Windows\PFRO.log2014-11-10 16:36 - 2014-11-10 16:36 - 00000000 _____ () C:\Windows\setuperr.log2014-11-10 16:31 - 2014-11-10 16:31 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-11-10 16:31 - 2014-11-10 16:31 - 00000068 _____ () C:\Users\Owner\Desktop\Club Hub.url2014-11-10 16:31 - 2014-11-10 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-11-10 16:31 - 2014-11-10 16:31 - 00000000 ____D () C:\Program Files\CCleaner2014-11-10 16:29 - 2014-11-10 16:29 - 00000000 ____D () C:\Windows\pss2014-11-10 16:22 - 2014-11-10 16:22 - 00000000 ____D () C:\Users\Anytime\AppData\Roaming\AVAST Software2014-11-10 16:21 - 2014-11-10 16:21 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-11-10 16:21 - 2014-11-10 16:21 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-11-10 16:21 - 2014-11-10 16:21 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-11-10 16:21 - 2014-11-10 16:21 - 00002123 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2014-11-10 16:21 - 2014-11-10 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2014-11-10 16:19 - 2014-11-10 16:19 - 00000000 ____D () C:\Program Files\AVAST Software2014-11-10 16:18 - 2014-11-10 16:19 - 00000000 ____D () C:\ProgramData\AVAST Software2014-11-10 16:04 - 2014-11-10 17:32 - 00000000 ____D () C:\Users\Anytime\AppData\Local\Apps\2.02014-11-10 16:00 - 2014-07-24 14:37 - 00000216 _____ () C:\Users\Anytime\Desktop\ClubHubUIFix.bat2014-11-10 15:17 - 2014-11-10 15:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.52014-11-10 15:11 - 2014-11-10 15:11 - 00001040 _____ () C:\Users\Anytime\Desktop\join.me.lnk2014-11-10 15:11 - 2014-11-10 15:11 - 00001040 _____ () C:\Users\Anytime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk2014-11-10 14:56 - 2014-11-10 15:11 - 00000000 ____D () C:\Users\Anytime\AppData\Local\join.me2014-11-10 11:24 - 2014-11-10 16:31 - 00000000 ____D () C:\Windows\Minidump2014-11-10 04:32 - 2014-11-10 04:33 - 00107413 _____ () C:\Users\Anytime\Downloads\Donna (21).xlsx2014-11-09 12:15 - 2014-11-09 12:15 - 00044032 _____ () C:\Users\Anytime\Documents\Copy of Terryl_South_Lyon11__9.xls2014-11-07 18:13 - 2014-11-07 18:14 - 00615381 _____ () C:\Users\Anytime\Downloads\Michael_kessler (1) (1) (3).xlsx2014-11-07 18:13 - 2014-11-07 18:14 - 00029677 _____ () C:\Users\Anytime\Downloads\Nick (4).xlsx2014-11-07 13:41 - 2014-11-07 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-11-07 13:41 - 2014-11-07 13:41 - 00000000 ____D () C:\Program Files\Common Files\Java2014-11-07 13:41 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll2014-11-07 13:41 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe2014-11-07 13:41 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe2014-11-07 13:41 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe2014-11-07 13:40 - 2014-11-07 13:41 - 00004613 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log2014-11-07 04:33 - 2014-11-07 05:10 - 00104122 _____ () C:\Users\Anytime\Downloads\Donna (20).xlsx2014-10-31 07:51 - 2014-10-31 07:51 - 00052394 _____ () C:\Windows\system32\.crusader2014-10-31 07:46 - 2014-10-31 07:46 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-10-31 07:46 - 2014-10-31 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-10-31 07:46 - 2014-10-31 07:46 - 00000000 ____D () C:\Program Files\HitmanPro2014-10-31 07:45 - 2014-10-31 07:51 - 00000000 ____D () C:\ProgramData\HitmanPro2014-10-31 04:24 - 2014-11-03 05:29 - 00098661 _____ () C:\Users\Anytime\Downloads\Donna (19).xlsx2014-10-30 03:38 - 2014-10-30 03:41 - 00298300 _____ () C:\Users\Anytime\Downloads\Liz (18).xlsx2014-10-29 18:02 - 2014-10-29 18:10 - 00026277 _____ () C:\Users\Anytime\Downloads\Nick (3).xlsx2014-10-28 03:34 - 2014-10-28 03:36 - 00294951 _____ () C:\Users\Anytime\Downloads\Liz (17).xlsx2014-10-27 16:59 - 2014-11-11 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dietmaster Pro V112014-10-27 16:59 - 2014-10-27 16:59 - 00000772 _____ () C:\Users\LogMeInRemoteUser\Desktop\DietMaster Pro V11.lnk2014-10-27 16:59 - 2011-08-17 14:52 - 01318912 _____ (Lifestyles Technologies, Inc.) C:\Windows\system32\DM32Pro.dll2014-10-27 16:59 - 2005-09-28 09:59 - 00299008 _____ (Biospace) C:\Windows\system32\DataCompatiable.ocx2014-10-27 16:59 - 2004-01-28 11:38 - 00172032 _____ (ComponentOne ) C:\Windows\system32\vsPDF.ocx2014-10-27 16:59 - 2004-01-28 11:38 - 00122880 _____ (ComponentOne) C:\Windows\system32\vsppgvp7.dll2014-10-27 16:59 - 2004-01-28 11:08 - 00364544 _____ (ComponentOne) C:\Windows\system32\VSPRINT7.ocx2014-10-27 16:59 - 2004-01-28 11:08 - 00131072 _____ ( ComponentOne) C:\Windows\system32\vsvport7.ocx2014-10-27 16:59 - 2004-01-28 11:07 - 00167936 _____ (ComponentOne) C:\Windows\system32\VSDRAW7.ocx2014-10-27 16:59 - 2002-07-31 15:13 - 00115920 _____ (Microsoft Corporation) C:\Windows\system32\MSINET.OCX2014-10-27 16:59 - 2001-08-08 11:12 - 00239248 _____ (ComponenetOne) C:\Windows\system32\SizerOne.ocx2014-10-27 16:59 - 2001-06-05 15:54 - 00376832 _____ () C:\Windows\system32\VSRpt7.ocx2014-10-27 16:59 - 2001-01-26 14:02 - 00049152 _____ (Vivitech Software, LLC) C:\Windows\system32\VTFormUtility.dll2014-10-27 16:59 - 2000-02-04 09:21 - 00364544 _____ (VideoSoft) C:\Windows\system32\Vsflex6d.ocx2014-10-27 16:59 - 2000-02-02 02:56 - 00356352 _____ (VideoSoft) C:\Windows\system32\VsVIEW6.ocx2014-10-27 16:59 - 2000-01-04 14:54 - 00028672 _____ (Vivitech Software Creations, LLC) C:\Windows\system32\VTRegistry.dll2014-10-27 16:59 - 2000-01-04 14:53 - 00024576 _____ (Vivitech Software, LLC) C:\Windows\system32\VTADO.dll2014-10-27 16:59 - 1999-12-21 14:03 - 00247192 _____ (VideoSoft) C:\Windows\system32\Vsocx6.ocx2014-10-27 16:59 - 1999-06-06 09:36 - 00151824 _____ (Microsoft Corporation) C:\Windows\system32\temp.0022014-10-27 16:59 - 1999-05-09 23:00 - 01384448 _____ (Microsoft Corporation) C:\Windows\system32\temp.0002014-10-27 16:59 - 1999-05-06 23:00 - 01009136 _____ (Microsoft Corporation) C:\Windows\system32\MSChrt20.ocx2014-10-27 16:59 - 1999-05-06 23:00 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\TabCtl32.ocx2014-10-27 16:59 - 1999-02-01 23:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\system32\temp.0012014-10-27 16:25 - 2014-10-27 16:43 - 00365723 _____ () C:\Users\Anytime\Downloads\Matt G (17).xlsx2014-10-27 04:26 - 2014-10-27 04:28 - 00097485 _____ () C:\Users\Anytime\Downloads\Donna (18).xlsx2014-10-25 09:44 - 2014-10-27 10:16 - 00000000 __SHD () C:\Program Files\Abthearial2014-10-25 05:29 - 2014-10-25 05:29 - 00000000 ____D () C:\Program Files\MSECache2014-10-24 17:58 - 2014-10-24 18:00 - 00022887 _____ () C:\Users\Anytime\Downloads\Nick (2).xlsx2014-10-24 04:23 - 2014-10-24 04:24 - 00094207 _____ () C:\Users\Anytime\Downloads\Donna (17).xlsx2014-10-23 16:22 - 2014-10-23 16:22 - 00361317 _____ () C:\Users\Anytime\Downloads\Matt G (16).xlsx2014-10-23 03:37 - 2014-10-23 03:37 - 00291577 _____ () C:\Users\Anytime\Downloads\Liz (16).xlsx2014-10-21 09:08 - 2014-10-21 09:08 - 00036864 _____ () C:\Users\Anytime\Documents\deliquent2014-10-21 03:35 - 2014-10-21 03:39 - 00283078 _____ () C:\Users\Anytime\Downloads\Liz (15).xlsx2014-10-20 16:31 - 2014-10-20 16:32 - 00352558 _____ () C:\Users\Anytime\Downloads\Matt G (15).xlsx2014-10-20 04:28 - 2014-10-20 04:29 - 00090953 _____ () C:\Users\Anytime\Downloads\Donna (16).xlsx2014-10-18 11:11 - 2014-10-18 11:11 - 00052956 _____ () C:\Users\Anytime\Documents\1bb6fd96-9eea-11e3-bedf-0000ac14e3642014-10-17 17:58 - 2014-10-17 18:54 - 00019355 _____ () C:\Users\Anytime\Downloads\Nick (1).xlsx2014-10-17 12:58 - 2014-10-17 12:58 - 00095299 _____ () C:\Users\Anytime\Documents\TRX FLYER2014-10-17 11:43 - 2014-10-17 11:43 - 00185052 _____ () C:\Users\Anytime\Documents\Brenda Miller.jpeg2014-10-17 04:26 - 2014-10-17 04:27 - 00087690 _____ () C:\Users\Anytime\Downloads\Donna (15).xlsx2014-10-16 16:22 - 2014-10-16 16:23 - 00348140 _____ () C:\Users\Anytime\Downloads\Matt G (14).xlsx2014-10-16 09:44 - 2014-10-16 18:49 - 00023342 _____ () C:\Users\Anytime\Documents\South Lyon_Cash_Box_Tracking 2014 (2).xlsx2014-10-16 09:35 - 2014-10-16 09:35 - 00103350 _____ () C:\Users\Anytime\Documents\cash_sheet.zip2014-10-16 03:38 - 2014-10-16 03:39 - 00279708 _____ () C:\Users\Anytime\Downloads\Liz (14).xlsx2014-10-15 10:13 - 2014-10-15 10:15 - 00026148 _____ () C:\Users\Anytime\Desktop\Copy of South Lyon_Cash_Box_Tracking 2014.xlsx2014-10-15 10:10 - 2014-10-15 10:10 - 00026242 _____ () C:\Users\Anytime\Documents\South Lyon_Cash_Box_Tracking 2014.xlsx2014-10-14 16:11 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-14 16:11 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-14 16:11 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-14 16:11 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-14 16:11 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-10-14 16:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-14 16:11 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-10-14 16:11 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-14 16:11 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-14 16:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-14 16:11 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-10-14 16:11 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-10-14 16:11 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-10-14 16:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-14 16:11 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-14 16:10 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-10-14 16:10 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-14 16:10 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-14 16:10 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-14 16:10 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-14 16:10 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-14 16:10 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-10-14 16:10 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-10-14 16:10 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-14 16:10 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-10-14 16:10 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-10-14 16:10 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-10-14 16:10 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-10-14 16:10 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-14 16:10 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-10-14 16:10 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-14 16:10 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-10-14 16:10 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-14 16:10 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-14 16:10 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-14 16:10 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-14 16:10 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-14 16:10 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-14 16:10 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-14 16:10 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-14 16:10 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-14 16:10 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-14 16:10 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys2014-10-14 16:10 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-14 16:10 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-14 16:10 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-14 16:09 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-14 13:53 - 2014-10-31 14:05 - 00014433 _____ () C:\Users\Anytime\Desktop\Daily notes.xlsx2014-10-14 13:34 - 2014-10-14 13:35 - 00011296 _____ () C:\Users\Anytime\Desktop\NOTES.xlsx2014-10-14 03:36 - 2014-10-14 03:38 - 00280867 _____ () C:\Users\Anytime\Downloads\Liz (13).xlsx2014-10-13 16:26 - 2014-10-13 16:26 - 00348129 _____ () C:\Users\Anytime\Downloads\Matt G (13).xlsx2014-10-13 14:31 - 2014-10-15 15:56 - 00027513 _____ () C:\Users\Anytime\Desktop\Copy of South Lyon_Cash_Box_Tracking 2014 (2).xlsx ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-11 16:02 - 2014-10-04 16:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-11 15:59 - 2012-12-17 11:18 - 00000000 ____D () C:\Users\Anytime\AppData\Roaming\TeamViewer2014-11-11 15:53 - 2012-07-27 17:02 - 00000000 ____D () C:\Users\Anytime\AppData\Local\Deployment2014-11-11 15:52 - 2013-09-05 19:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-11 15:38 - 2013-01-14 18:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-11 14:40 - 2012-12-19 16:23 - 00000000 ____D () C:\Windows\system32\appmgmt2014-11-11 14:28 - 2011-11-25 00:49 - 01317227 _____ () C:\Windows\WindowsUpdate.log2014-11-11 13:24 - 2014-01-26 16:35 - 00000000 ____D () C:\Users\Anytime\Desktop\April Bown2014-11-11 13:23 - 2014-10-02 19:20 - 00029782 _____ () C:\Users\Anytime\Desktop\South Lyon_Cash_Box_Tracking 2014 (2).xlsx2014-11-11 11:25 - 2012-12-24 10:17 - 00000000 ____D () C:\ProgramData\LogMeIn2014-11-11 10:49 - 2013-02-22 12:18 - 00000000 ____D () C:\Users\Anytime\Documents\Fax2014-11-11 10:49 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-11-11 10:32 - 2011-11-25 01:13 - 00000000 ____D () C:\ProgramData\Sonic2014-11-11 10:00 - 2012-07-27 16:59 - 00000000 ____D () C:\ClubHub2014-11-10 20:52 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET2014-11-10 20:22 - 2014-01-02 13:07 - 00081408 _____ () C:\Users\Anytime\Desktop\Key Tracker Jan 2014.xls2014-11-10 18:10 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-10 18:10 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-10 18:03 - 2014-01-28 12:49 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk2014-11-10 18:03 - 2014-01-28 12:49 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk2014-11-10 18:03 - 2012-12-17 12:47 - 00000000 ____D () C:\kworking2014-11-10 18:02 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-10 17:51 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-11-10 17:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration2014-11-10 17:26 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default2014-11-10 17:26 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public2014-11-10 17:24 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini2014-11-10 16:58 - 2012-01-06 14:34 - 00000000 ____D () C:\Users\Anytime2014-11-10 16:56 - 2009-07-13 21:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2014-11-10 16:31 - 2011-02-10 11:03 - 00000000 ____D () C:\Windows\panther2014-11-10 16:24 - 2012-02-20 13:22 - 00001945 _____ () C:\Windows\epplauncher.mif2014-11-10 16:24 - 2012-02-20 13:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-11-10 15:15 - 2009-07-13 23:33 - 00390368 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-10 14:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp2014-11-10 14:18 - 2013-12-26 10:28 - 00000000 ____D () C:\Users\Anytime\Desktop\Mike2014-11-10 14:05 - 2012-12-11 16:06 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-11-10 14:02 - 2013-09-05 08:08 - 00000000 ____D () C:\Windows\system32\MRT2014-11-10 13:55 - 2012-01-06 15:05 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-11-10 13:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-11-10 10:57 - 2013-12-04 12:34 - 00206848 _____ () C:\Users\Anytime\Desktop\PT_Commissions_2014.xls2014-11-09 15:42 - 2012-12-26 12:40 - 00000000 ____D () C:\Users\Anytime\Documents\Dave PT2014-11-09 12:09 - 2012-12-17 13:12 - 00000000 ____D () C:\Users\Anytime\Desktop\Terry2014-11-07 13:42 - 2014-04-21 04:58 - 00000000 ____D () C:\ProgramData\Oracle2014-11-07 13:41 - 2012-11-16 12:34 - 00000000 ____D () C:\Program Files\Java2014-11-07 13:31 - 2010-11-20 16:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-06 18:55 - 2013-12-04 14:18 - 00126635 _____ () C:\Users\Anytime\Desktop\IN CLUB PAYMENTS 2014.xlsx2014-11-04 18:56 - 2013-07-24 10:57 - 00000000 ____D () C:\Users\Anytime\Desktop\Kaitlin2014-10-31 14:36 - 2014-02-15 12:43 - 00000000 ____D () C:\Users\Anytime\Desktop\Liz2014-10-30 06:24 - 2012-01-06 14:47 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-28 12:54 - 2013-09-05 19:06 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-27 20:19 - 2013-08-09 07:26 - 00000000 ____D () C:\Users\Anytime\Documents\Outlook Files2014-10-25 10:09 - 2014-02-05 10:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox2014-10-25 09:27 - 2012-01-06 14:34 - 00104568 _____ () C:\Users\Anytime\AppData\Local\GDIPFONTCACHEV1.DAT2014-10-25 05:30 - 2011-11-25 01:06 - 00000000 ____D () C:\Program Files\Microsoft Office2014-10-22 17:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF2014-10-18 07:47 - 2013-09-05 19:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-16 09:53 - 2013-01-29 17:21 - 00000175 _____ () C:\config.xml2014-10-16 09:50 - 2013-06-26 11:49 - 00000000 ____D () C:\Program Files\Recuva2014-10-14 03:56 - 2014-10-04 16:03 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-14 03:56 - 2014-10-04 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-14 03:56 - 2014-10-04 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware Some content of TEMP:====================C:\Users\Anytime\AppData\Local\temp\GLB1A2B.EXE ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-07 18:45 ==================== End Of Log ============================ RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Anytime [Administrator]Mode : Scan -- Date : 11/11/2014 16:30:06a¤¤¤ Processes : 1 ¤¤¤[suspicious.Path] ClubHub.Client.WPF.exe -- C:\Users\Anytime\AppData\Local\Apps\2.0\0G2LCKN7.1ED\H3HLD4Q2.1GO\club..tion_d01621acc9164a2c_0001.0005_ecc2cbb253eb7698\ClubHub.Client.WPF.exe[-] -> Killed [TermProc] ¤¤¤ Registry : 11 ¤¤¤[PUM.Proxy] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Found[PUM.Proxy] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880 -> Found[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found[PUM.StartMenu] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST250DM000-1BD141 +++++--- User ---[MBR] 6217f11d3680bb21375d11873c228781[bSP] 19481fdd0191d445e63f281ff48575d7 : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 752 MB2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1622016 | Size: 181360 MB3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 373047296 | Size: 56323 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) ============================================RKreport_DEL_11102014_173207.log - RKreport_DEL_11102014_173210.log - RKreport_SCN_11102014_173131.logMalwarebytes log 11-11-14.txtFRST.txt Link to post Share on other sites More sharing options...
MrCharlie Posted November 11, 2014 ID:906637 Share Posted November 11, 2014 I need to see the Addition.txt You post and attached the FRST.txt MrC Link to post Share on other sites More sharing options...
machine2013 Posted November 12, 2014 Author ID:906662 Share Posted November 12, 2014 Sorry here is the content of Addition.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014Ran by Anytime at 2014-11-11 16:17:44Running from C:\Users\Anytime\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )ACS480 1.0.4.4 (HKLM\...\ACS_is1) (Version: 1.0.4.4 - )Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)Bing Bar (HKLM\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)BioAPI Framework (Version: 1.0.2 - Dell Inc.) HiddenBosch Divar 700 Series 3.35 Control Center (HKLM\...\{AFCD5AFF-3CBD-4B75-A6FF-178234529095}) (Version: 3.35 - Bosch Security Systems)Bosch Divar 700 Series 3.41 PC Software (HKLM\...\{C439237F-B211-4A96-9FF8-757B40DF534C}) (Version: 3.41 - Bosch Security Systems)Catalyst Control Center (HKLM\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)Check In System (HKLM\...\{3040AA83-BD35-46F0-A131-7B550EBF51A9}) (Version: 14.2.2008 - Anytime Fitness)Check-In (HKLM\...\{1FEA4938-55ED-406E-A487-07C5884979AC}) (Version: 01.21.2008 - Mark Carlson)Check-In (HKLM\...\{554C1E78-B508-402C-8DAE-D5798231F028}) (Version: 10.23.2008 - Check-In)ClubHub DoorService (HKLM\...\{267AF53B-7996-4702-A510-FB7B0938A061}) (Version: 1.0.0 - Anytime Fitness)Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)Custom (Version: 01.00.00.000 - Wave Systems Corp.) HiddenCyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDell Client System Update (HKLM\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.1 - Dell Inc.)Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.001 - Dell Inc.)Dell Data Protection | Access (Version: 02.01.01.001 - Wave Systems Corp) HiddenDell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)DellAccess (Version: 01.00.00.108 - Wave Systems Corp.) HiddenDirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) HiddenElkRP2 (HKLM\...\{09812D5D-BD58-4B11-B871-D22E6D535FA8}) (Version: 2.0.14 - Elk Products, Inc.)ElkRP2 (Version: 2.0.14 - Elk Products, Inc.) HiddenElkRP2 (Version: 2.0.8 - Elk Products, Inc.) HiddenEMBASSY Security Center (Version: 04.02.00.173 - Wave Systems Corp.) HiddenGemalto (Version: 01.01.01.0000 - Wave Systems Corp) HiddenGoogle Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Update Helper (Version: 1.3.25.5 - Google Inc.) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)IBCTEST (HKLM\...\ST6UNST #1) (Version: - )Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Dell)Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKaseya Agent (southlyon1492.mi.nonprov.root.atf - saas27.kaseya.net) (HKLM\...\KAKSAASC00000000577510) (Version: 6.3.0.5 - Kaseya)LogMeIn (HKLM\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)M1XEP Diagnostic Utility (HKLM\...\{1A817CE4-7E1D-4F90-B700-3B29595FA853}) (Version: 1.0.2 - Elk Products)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office Access Runtime (English) 2007 (HKLM\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual FoxPro OLE DB Provider (HKLM\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Notepad++ (HKLM\...\Notepad++) (Version: 6.3 - )NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) HiddenPC-CCID (Version: 2.0.0 - Gemalto) HiddenPhotoShowExpress (Version: 2.0.063 - Sonic Solutions) HiddenPreboot Manager (Version: 03.02.00.096 - Wave Systems Corp.) HiddenPrivate Information Manager (Version: 07.00.00.047 - Wave Systems Corp.) HiddenRealtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) HiddenSPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) HiddenSTA V8.4 Installation (HKLM\...\ST6UNST #2) (Version: - )TailgateSetup (Advanced) (HKLM\...\{B655553E-C3F6-4D03-986E-B27B05255B86}) (Version: 1.0.0 - IRISYS)Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) HiddenUpek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) HiddenVideoCapX control version 6.3 Lite (HKLM\...\VideoCapX control_is1) (Version: - )Wave Infrastructure Installer (Version: 07.03.17.0010 - Wave Systems Corp) HiddenWave Support Software Installer (Version: 05.12.00.036 - Wave Systems Corp) HiddenWindows Driver Package - B&B Electronics CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\8AF696F5B8552F8F354DAFB1B4B4125C228A1AB1) (Version: 02/17/2009 2.04.16 - B&B Electronics)Windows Driver Package - B&B Electronics CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\8D2AE4247BBAFCC7C72BE6BD6565D965DE40F327) (Version: 02/17/2009 2.04.16 - B&B Electronics)Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) ==================== Restore Points ========================= 31-10-2014 12:50:23 Checkpoint by HitmanPro31-10-2014 12:51:02 Checkpoint by HitmanPro31-10-2014 16:12:27 Checkpoint by HitmanPro03-11-2014 16:06:50 Windows Update05-11-2014 10:32:56 Checkpoint by HitmanPro06-11-2014 16:08:25 Windows Update07-11-2014 16:07:05 Checkpoint by HitmanPro07-11-2014 18:40:35 Installed Java 7 Update 7108-11-2014 17:36:29 Checkpoint by HitmanPro09-11-2014 18:39:34 Windows Update10-11-2014 16:35:33 Windows Update10-11-2014 18:52:00 Windows Update10-11-2014 20:24:54 Checkpoint by HitmanPro10-11-2014 21:19:30 avast! antivirus system restore point10-11-2014 21:41:20 Checkpoint by HitmanPro10-11-2014 22:37:56 Checkpoint by HitmanPro11-11-2014 19:40:13 Removed Food Planner v1.3 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:04 - 2014-11-10 16:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03E3A746-BF5B-489D-9D92-A9530CA1D041} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)Task: {2FEA0697-E9B9-4423-9AFD-03DD0826F980} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)Task: {66B600E7-F082-44B7-91AF-A6B10F65F00A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-10] (AVAST Software)Task: {72207846-87B4-4D42-9893-6007122A0368} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)Task: {D37F40FB-D389-46CD-8EB7-D99CCB6C129C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-25 09:44 - 2014-10-27 03:56 - 04383192 _____ () C:\Program Files\Abthearial\Abthearial.exe2014-10-25 09:44 - 2014-03-07 19:56 - 00117262 ___SH () C:\Program Files\Abthearial\libgcc_s_dw2-1.dll2014-10-25 09:44 - 2014-03-07 19:56 - 00970766 ___SH () C:\Program Files\Abthearial\libstdc++-6.dll2014-10-27 03:56 - 2014-10-27 03:56 - 00417752 ___SH () C:\Program Files\Abthearial\HttpsProxy.exe2014-11-11 06:03 - 2014-11-11 06:03 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111100\algo.dll2012-12-17 12:41 - 2011-11-07 13:21 - 00925696 _____ () C:\Program Files\Kaseya\KSAASC00000000577510\libkacm.dll2014-10-25 09:45 - 2014-10-25 09:45 - 00160728 _____ () C:\Program Files\Abthearial\AbthearialHelper.exe2013-01-17 18:51 - 2012-02-16 18:48 - 00110592 _____ () C:\Program Files\Kaseya\KSAASC00000000577510\extensions\scripts\socket\core.dll2013-01-17 18:51 - 2012-02-16 18:48 - 00073728 _____ () C:\Program Files\Kaseya\KSAASC00000000577510\extensions\scripts\mime\core.dll2011-11-25 00:59 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll2012-06-18 10:24 - 2012-06-18 10:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll2011-02-18 19:36 - 2011-02-18 19:36 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2010-08-26 17:12 - 2010-08-26 17:12 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll2014-11-10 16:21 - 2014-11-10 16:21 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Anytime\Documents\Brenda Miller.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Anytime\Documents\Brenda Miller.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Anytime\Documents\Maria 1.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Anytime\Documents\Maria 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Anytime\Documents\Maria P.jpeg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Anytime\Documents\Maria P.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}AlternateDataStreams: C:\Users\Anytime\Documents\Tom Hodges #32803.jpg:3or4kl4x13tuuug3Byamue2s4bAlternateDataStreams: C:\Users\Anytime\Documents\Tom Hodges #32803.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAKSAASC00000000577510 => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAKSAASC00000000577510 => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NOTE TO INSTALLER.docx => C:\Windows\pss\NOTE TO INSTALLER.docx.CommonStartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" ========================= Accounts: ========================== Administrator (S-1-5-21-1943978468-3023993088-3773399000-500 - Administrator - Disabled)Anytime (S-1-5-21-1943978468-3023993088-3773399000-1000 - Administrator - Enabled) => C:\Users\AnytimeGuest (S-1-5-21-1943978468-3023993088-3773399000-501 - Limited - Disabled)LogMeInRemoteUser (S-1-5-21-1943978468-3023993088-3773399000-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUserOwner (S-1-5-21-1943978468-3023993088-3773399000-1003 - Administrator - Enabled) => C:\Users\Owner ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/10/2014 06:03:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/10/2014 06:01:09 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/10/2014 05:48:52 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1148 Start Time: 01cffd372c53ecd1 Termination Time: 31 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: System errors:=============Error: (11/10/2014 06:02:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: %%0 Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 05:59:35 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (11/10/2014 05:59:35 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (11/10/2014 05:59:33 PM) (Source: DCOM) (EventID: 10005) (User: )Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF} Microsoft Office Sessions:=========================Error: (11/10/2014 06:03:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/10/2014 06:01:09 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (11/10/2014 05:48:52 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: iexplore.exe11.0.9600.17344114801cffd372c53ecd131C:\Program Files\Internet Explorer\iexplore.exe ==================== Memory info =========================== Processor: Intel® Pentium® CPU G630 @ 2.70GHzPercentage of memory in use: 62%Total physical RAM: 3317.05 MBAvailable physical RAM: 1250.73 MBTotal Pagefile: 6632.39 MBAvailable Pagefile: 4185.45 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1925.74 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:177.11 GB) (Free:112.35 GB) NTFSDrive i: (BACKUP) (Fixed) (Total:55 GB) (Free:39.05 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 819D0E2E)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=177.1 GB) - (Type=07 NTFS)Partition 4: (Not Active) - (Size=55 GB) - (Type=OF Extended) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted November 12, 2014 ID:906669 Share Posted November 12, 2014 What is this program:C:\Program Files\Abthearial====================================The proxy should be gone after this...here's how to disable it if needed:http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=5452====================================(This will cause the computer to reboot!)Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.Run FRST.exe/FRST64.exe and click Fix only once and waitThe tool will create a log (Fixlog.txt) in the folder, please post it to your reply.MrC Link to post Share on other sites More sharing options...
machine2013 Posted November 12, 2014 Author ID:906671 Share Posted November 12, 2014 Not sure let me ask my wife and see if she knows, ive never heard of it. here is the fix log attached. Thanks for your help.Fixlog.txt Link to post Share on other sites More sharing options...
machine2013 Posted November 12, 2014 Author ID:906672 Share Posted November 12, 2014 wife has never heard of Abthearial either Link to post Share on other sites More sharing options...
MrCharlie Posted November 12, 2014 ID:906690 Share Posted November 12, 2014 See if there's an uninstaller inside the folder:C:\Program Files\Abthearial If so uninstall it, if not see if you can delete it.If not we'll use FRST to delete it. MrC Link to post Share on other sites More sharing options...
machine2013 Posted November 12, 2014 Author ID:906703 Share Posted November 12, 2014 No uninstaller in the folder just the following Link to post Share on other sites More sharing options...
MrCharlie Posted November 12, 2014 ID:906708 Share Posted November 12, 2014 Delete the folder....a Google search comes up with nothing on that program. MrC Link to post Share on other sites More sharing options...
machine2013 Posted November 12, 2014 Author ID:906714 Share Posted November 12, 2014 That has seemed to do the trick with IE ticking the proxy server, should i do a reboot or any other steps to assure its gone? Link to post Share on other sites More sharing options...
MrCharlie Posted November 12, 2014 ID:906722 Share Posted November 12, 2014 From your logs, it looks like you ran all the programs already. Reboot and if there's no other problems........ Lets check your computers security before you go and we have a little cleanup to do also: Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.If you get Unsupported operating system. Aborting now, just reboot and try again.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.If you can't post it, attach itMrC Link to post Share on other sites More sharing options...
machine2013 Posted November 12, 2014 Author ID:906725 Share Posted November 12, 2014 Thanks will do Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 10, 2014 Root Admin ID:917653 Share Posted December 10, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts