Jump to content

Proxy Server infection/Issue


Recommended Posts

Hello I'm trying to remove a nasty infection having to do with Windows 7 x32.

 

Every time i uncheck the proxy settings under IE they just get reenabled after 30 sec.

 

Please advise on what to do. I have ran malwarebytes, pitman pro etc..

 

they all find the entry for the proxy but cannot permanently resolve the issue.

 

 

Thanks, Lucas

Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites

Thanks for your reply! Here is the info you asked for, hopefully you can help :)

 

FRST Log:

 

aScan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-11-2014

Ran by Anytime (administrator) on ANYTIME-PC on 11-11-2014 16:17:04
Running from C:\Users\Anytime\Downloads
Loaded Profile: Anytime (Available profiles: Anytime & LogMeInRemoteUser & Owner)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
() C:\Program Files\Abthearial\Abthearial.exe
() C:\Program Files\Abthearial\HttpsProxy.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Kaseya International Limited) C:\Program Files\Kaseya\KSAASC00000000577510\AgentMon.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Anytime Fitness) C:\Program Files\Anytime Fitness\ClubHub DoorService\ClubHub.Club.DoorService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Abthearial\AbthearialHelper.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
( ) C:\Program Files\Kaseya\KSAASC00000000577510\extensions\Lua.exe
( ) C:\Program Files\Kaseya\KSAASC00000000577510\extensions\Lua.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(AMD) C:\Windows\System32\atieclxx.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Kaseya International Limited) C:\Program Files\Kaseya\KSAASC00000000577510\KaUsrTsk.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Anytime Fitness) C:\Users\Anytime\AppData\Local\Apps\2.0\0G2LCKN7.1ED\H3HLD4Q2.1GO\club..tion_d01621acc9164a2c_0001.0005_ecc2cbb253eb7698\ClubHub.Client.WPF.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(TeamViewer GmbH) C:\Users\Anytime\AppData\Local\temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Anytime\AppData\Local\temp\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Users\Anytime\AppData\Local\temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(Farbar) C:\Users\Anytime\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [startCCC] => c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-18] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [KASHKSAASC00000000577510] => C:\Program Files\Kaseya\KSAASC00000000577510\KaUsrTsk.exe [577536 2012-10-31] (Kaseya International Limited)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-11-29] (LogMeIn, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-10] (AVAST Software)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\~$TE TO INSTALLER.docx ()
Startup: C:\Users\Anytime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [uninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:9880;https=127.0.0.1:9880
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD0A0FD632FFDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1943978468-3023993088-3773399000-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKCU - DefaultScope {10EB500E-200F-4144-9C7D-6A1E2AAEE61D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {10EB500E-200F-4144-9C7D-6A1E2AAEE61D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {2B346FD2-0F75-4EDE-9BCC-DCB7136431B0} URL = 
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-10]
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-05]
CHR Extension: (Google Drive) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-05]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-05]
CHR Extension: (Google Search) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-10]
CHR Extension: (Google Wallet) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Anytime\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-10]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Abthearial; C:\Program Files\Abthearial\Abthearial.exe [4383192 2014-10-27] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-10] (AVAST Software)
R2 DoorService; C:\Program Files\Anytime Fitness\ClubHub DoorService\ClubHub.Club.DoorService.exe [8192 2013-03-25] (Anytime Fitness) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-10-31] (SurfRight B.V.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [112800 2011-06-29] (Intel Corporation)
R2 KAKSAASC00000000577510; C:\Program Files\Kaseya\KSAASC00000000577510\AgentMon.exe [1085440 2012-12-20] (Kaseya International Limited) [File not signed]
S3 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S2 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-10] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-10] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-10] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-10] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422760 2014-11-10] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-10] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-10] ()
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [268968 2011-07-20] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)
R3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [19968 2012-12-19] (Kaseya) [File not signed]
R3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 netvsc; C:\Windows\System32\DRIVERS\netvsc60.sys [126464 2010-11-20] (Microsoft Corporation)
R3 OxMf; C:\Windows\System32\DRIVERS\OxMf.sys [52016 2011-11-29] (OEM)
R3 OxSer; C:\Windows\System32\DRIVERS\OxSer.sys [84272 2011-11-29] (OEM)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R3 SNXPCARD; C:\Windows\System32\DRIVERS\snxpcard.sys [49016 2010-12-03] (SUNIX Co., Ltd.)
R3 SNXPPALX; C:\Windows\System32\DRIVERS\snxppalx.sys [86392 2010-12-03] (SUNIX Co., Ltd.)
R3 SNXPSERX; C:\Windows\System32\DRIVERS\snxpserx.sys [78712 2010-12-03] (SUNIX Co., Ltd.)
S3 SynthVid; C:\Windows\System32\DRIVERS\VMBusVideoM.sys [19456 2010-11-20] (Microsoft Corporation)
S4 LMIRfsClientNP; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 16:17 - 2014-11-11 16:17 - 00017961 _____ () C:\Users\Anytime\Downloads\FRST.txt
2014-11-11 16:02 - 2014-11-11 16:16 - 01107968 _____ (Farbar) C:\Users\Anytime\Downloads\FRST (1).exe
2014-11-11 16:02 - 2014-11-11 16:02 - 14672984 _____ () C:\Users\Anytime\Downloads\RogueKiller.exe
2014-11-11 15:11 - 2014-11-11 15:11 - 00000237 _____ () C:\Users\Anytime\Desktop\Google.url
2014-11-11 04:34 - 2014-11-11 04:34 - 00293900 _____ () C:\Users\Anytime\Downloads\Liz (19).xlsx
2014-11-10 18:01 - 2014-11-10 18:01 - 00000362 _____ () C:\Users\Anytime\Desktop\Club Hub.appref-ms
2014-11-10 18:01 - 2014-11-10 18:01 - 00000000 ____D () C:\Users\Anytime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anytime Fitness
2014-11-10 17:55 - 2014-11-10 17:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Deployment
2014-11-10 17:55 - 2014-11-10 17:55 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apps\2.0
2014-11-10 17:54 - 2014-11-10 17:54 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-11-10 17:54 - 2014-11-10 17:54 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-11-10 17:52 - 2014-11-10 17:52 - 00104568 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Intel Corporation
2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\ATI
2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\LogMeIn
2014-11-10 17:52 - 2014-11-10 17:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\ATI
2014-11-10 17:51 - 2014-11-10 17:51 - 00001419 _____ () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-10 17:51 - 2014-11-10 17:51 - 00000020 ___SH () C:\Users\Owner\ntuser.ini
2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
2014-11-10 17:51 - 2014-11-10 17:51 - 00000000 ____D () C:\Users\Owner
2014-11-10 17:51 - 2013-01-28 18:17 - 00000000 ____D () C:\Users\Owner\AppData\Local\Microsoft Help
2014-11-10 17:51 - 2009-07-13 23:42 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-10 17:51 - 2009-07-13 23:37 - 00000000 ___RD () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-10 17:49 - 2014-11-10 17:49 - 01107968 _____ (Farbar) C:\Users\Anytime\Downloads\FRST.exe
2014-11-10 17:40 - 2014-11-11 16:17 - 00000000 ____D () C:\FRST
2014-11-10 17:39 - 2014-11-10 17:39 - 00001251 _____ () C:\Users\Anytime\Desktop\JRT.txt
2014-11-10 17:26 - 2014-11-10 17:26 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-10 17:26 - 2014-11-10 17:26 - 00016749 _____ () C:\ComboFix.txt
2014-11-10 17:26 - 2014-11-10 17:26 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-10 17:16 - 2014-11-10 17:26 - 00000000 ____D () C:\ComboFix
2014-11-10 17:11 - 2014-11-10 17:11 - 00000000 ____D () C:\Windows\ERUNT
2014-11-10 17:00 - 2014-11-10 17:03 - 00000000 ____D () C:\AdwCleaner
2014-11-10 16:57 - 2014-11-10 16:58 - 00000008 __RSH () C:\Users\Anytime\ntuser.pol
2014-11-10 16:44 - 2014-11-10 17:26 - 00000000 ____D () C:\Qoobox
2014-11-10 16:44 - 2014-11-10 16:52 - 00000000 ____D () C:\Windows\erdnt
2014-11-10 16:44 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-10 16:44 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-10 16:44 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-10 16:44 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-10 16:44 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-10 16:44 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-10 16:44 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-10 16:44 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-10 16:42 - 2014-11-10 16:43 - 00000000 ____D () C:\Users\Anytime\Downloads\tdsskiller
2014-11-10 16:36 - 2014-11-10 18:02 - 00000168 _____ () C:\Windows\setupact.log
2014-11-10 16:36 - 2014-11-10 17:59 - 00001888 _____ () C:\Windows\PFRO.log
2014-11-10 16:36 - 2014-11-10 16:36 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-10 16:31 - 2014-11-10 16:31 - 00000971 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-10 16:31 - 2014-11-10 16:31 - 00000068 _____ () C:\Users\Owner\Desktop\Club Hub.url
2014-11-10 16:31 - 2014-11-10 16:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-11-10 16:31 - 2014-11-10 16:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-10 16:29 - 2014-11-10 16:29 - 00000000 ____D () C:\Windows\pss
2014-11-10 16:22 - 2014-11-10 16:22 - 00000000 ____D () C:\Users\Anytime\AppData\Roaming\AVAST Software
2014-11-10 16:21 - 2014-11-10 16:21 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00422760 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-10 16:21 - 2014-11-10 16:21 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-10 16:21 - 2014-11-10 16:21 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-10 16:21 - 2014-11-10 16:21 - 00002123 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-11-10 16:21 - 2014-11-10 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-11-10 16:19 - 2014-11-10 16:19 - 00000000 ____D () C:\Program Files\AVAST Software
2014-11-10 16:18 - 2014-11-10 16:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-10 16:04 - 2014-11-10 17:32 - 00000000 ____D () C:\Users\Anytime\AppData\Local\Apps\2.0
2014-11-10 16:00 - 2014-07-24 14:37 - 00000216 _____ () C:\Users\Anytime\Desktop\ClubHubUIFix.bat
2014-11-10 15:17 - 2014-11-10 15:17 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5
2014-11-10 15:11 - 2014-11-10 15:11 - 00001040 _____ () C:\Users\Anytime\Desktop\join.me.lnk
2014-11-10 15:11 - 2014-11-10 15:11 - 00001040 _____ () C:\Users\Anytime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2014-11-10 14:56 - 2014-11-10 15:11 - 00000000 ____D () C:\Users\Anytime\AppData\Local\join.me
2014-11-10 11:24 - 2014-11-10 16:31 - 00000000 ____D () C:\Windows\Minidump
2014-11-10 04:32 - 2014-11-10 04:33 - 00107413 _____ () C:\Users\Anytime\Downloads\Donna (21).xlsx
2014-11-09 12:15 - 2014-11-09 12:15 - 00044032 _____ () C:\Users\Anytime\Documents\Copy of Terryl_South_Lyon11__9.xls
2014-11-07 18:13 - 2014-11-07 18:14 - 00615381 _____ () C:\Users\Anytime\Downloads\Michael_kessler (1) (1) (3).xlsx
2014-11-07 18:13 - 2014-11-07 18:14 - 00029677 _____ () C:\Users\Anytime\Downloads\Nick (4).xlsx
2014-11-07 13:41 - 2014-11-07 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-07 13:41 - 2014-11-07 13:41 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-11-07 13:41 - 2014-09-26 18:42 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-11-07 13:41 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-11-07 13:41 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-11-07 13:41 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-11-07 13:40 - 2014-11-07 13:41 - 00004613 _____ () C:\Windows\system32\jupdate-1.7.0_71-b14.log
2014-11-07 04:33 - 2014-11-07 05:10 - 00104122 _____ () C:\Users\Anytime\Downloads\Donna (20).xlsx
2014-10-31 07:51 - 2014-10-31 07:51 - 00052394 _____ () C:\Windows\system32\.crusader
2014-10-31 07:46 - 2014-10-31 07:46 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-31 07:46 - 2014-10-31 07:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-31 07:46 - 2014-10-31 07:46 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-31 07:45 - 2014-10-31 07:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-31 04:24 - 2014-11-03 05:29 - 00098661 _____ () C:\Users\Anytime\Downloads\Donna (19).xlsx
2014-10-30 03:38 - 2014-10-30 03:41 - 00298300 _____ () C:\Users\Anytime\Downloads\Liz (18).xlsx
2014-10-29 18:02 - 2014-10-29 18:10 - 00026277 _____ () C:\Users\Anytime\Downloads\Nick (3).xlsx
2014-10-28 03:34 - 2014-10-28 03:36 - 00294951 _____ () C:\Users\Anytime\Downloads\Liz (17).xlsx
2014-10-27 16:59 - 2014-11-11 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dietmaster Pro V11
2014-10-27 16:59 - 2014-10-27 16:59 - 00000772 _____ () C:\Users\LogMeInRemoteUser\Desktop\DietMaster Pro V11.lnk
2014-10-27 16:59 - 2011-08-17 14:52 - 01318912 _____ (Lifestyles Technologies, Inc.) C:\Windows\system32\DM32Pro.dll
2014-10-27 16:59 - 2005-09-28 09:59 - 00299008 _____ (Biospace) C:\Windows\system32\DataCompatiable.ocx
2014-10-27 16:59 - 2004-01-28 11:38 - 00172032 _____ (ComponentOne ) C:\Windows\system32\vsPDF.ocx
2014-10-27 16:59 - 2004-01-28 11:38 - 00122880 _____ (ComponentOne) C:\Windows\system32\vsppgvp7.dll
2014-10-27 16:59 - 2004-01-28 11:08 - 00364544 _____ (ComponentOne) C:\Windows\system32\VSPRINT7.ocx
2014-10-27 16:59 - 2004-01-28 11:08 - 00131072 _____ ( ComponentOne) C:\Windows\system32\vsvport7.ocx
2014-10-27 16:59 - 2004-01-28 11:07 - 00167936 _____ (ComponentOne) C:\Windows\system32\VSDRAW7.ocx
2014-10-27 16:59 - 2002-07-31 15:13 - 00115920 _____ (Microsoft Corporation) C:\Windows\system32\MSINET.OCX
2014-10-27 16:59 - 2001-08-08 11:12 - 00239248 _____ (ComponenetOne) C:\Windows\system32\SizerOne.ocx
2014-10-27 16:59 - 2001-06-05 15:54 - 00376832 _____ () C:\Windows\system32\VSRpt7.ocx
2014-10-27 16:59 - 2001-01-26 14:02 - 00049152 _____ (Vivitech Software, LLC) C:\Windows\system32\VTFormUtility.dll
2014-10-27 16:59 - 2000-02-04 09:21 - 00364544 _____ (VideoSoft) C:\Windows\system32\Vsflex6d.ocx
2014-10-27 16:59 - 2000-02-02 02:56 - 00356352 _____ (VideoSoft) C:\Windows\system32\VsVIEW6.ocx
2014-10-27 16:59 - 2000-01-04 14:54 - 00028672 _____ (Vivitech Software Creations, LLC) C:\Windows\system32\VTRegistry.dll
2014-10-27 16:59 - 2000-01-04 14:53 - 00024576 _____ (Vivitech Software, LLC) C:\Windows\system32\VTADO.dll
2014-10-27 16:59 - 1999-12-21 14:03 - 00247192 _____ (VideoSoft) C:\Windows\system32\Vsocx6.ocx
2014-10-27 16:59 - 1999-06-06 09:36 - 00151824 _____ (Microsoft Corporation) C:\Windows\system32\temp.002
2014-10-27 16:59 - 1999-05-09 23:00 - 01384448 _____ (Microsoft Corporation) C:\Windows\system32\temp.000
2014-10-27 16:59 - 1999-05-06 23:00 - 01009136 _____ (Microsoft Corporation) C:\Windows\system32\MSChrt20.ocx
2014-10-27 16:59 - 1999-05-06 23:00 - 00209408 _____ (Microsoft Corporation) C:\Windows\system32\TabCtl32.ocx
2014-10-27 16:59 - 1999-02-01 23:00 - 00266293 _____ (Microsoft Corporation) C:\Windows\system32\temp.001
2014-10-27 16:25 - 2014-10-27 16:43 - 00365723 _____ () C:\Users\Anytime\Downloads\Matt G (17).xlsx
2014-10-27 04:26 - 2014-10-27 04:28 - 00097485 _____ () C:\Users\Anytime\Downloads\Donna (18).xlsx
2014-10-25 09:44 - 2014-10-27 10:16 - 00000000 __SHD () C:\Program Files\Abthearial
2014-10-25 05:29 - 2014-10-25 05:29 - 00000000 ____D () C:\Program Files\MSECache
2014-10-24 17:58 - 2014-10-24 18:00 - 00022887 _____ () C:\Users\Anytime\Downloads\Nick (2).xlsx
2014-10-24 04:23 - 2014-10-24 04:24 - 00094207 _____ () C:\Users\Anytime\Downloads\Donna (17).xlsx
2014-10-23 16:22 - 2014-10-23 16:22 - 00361317 _____ () C:\Users\Anytime\Downloads\Matt G (16).xlsx
2014-10-23 03:37 - 2014-10-23 03:37 - 00291577 _____ () C:\Users\Anytime\Downloads\Liz (16).xlsx
2014-10-21 09:08 - 2014-10-21 09:08 - 00036864 _____ () C:\Users\Anytime\Documents\deliquent
2014-10-21 03:35 - 2014-10-21 03:39 - 00283078 _____ () C:\Users\Anytime\Downloads\Liz (15).xlsx
2014-10-20 16:31 - 2014-10-20 16:32 - 00352558 _____ () C:\Users\Anytime\Downloads\Matt G (15).xlsx
2014-10-20 04:28 - 2014-10-20 04:29 - 00090953 _____ () C:\Users\Anytime\Downloads\Donna (16).xlsx
2014-10-18 11:11 - 2014-10-18 11:11 - 00052956 _____ () C:\Users\Anytime\Documents\1bb6fd96-9eea-11e3-bedf-0000ac14e364
2014-10-17 17:58 - 2014-10-17 18:54 - 00019355 _____ () C:\Users\Anytime\Downloads\Nick (1).xlsx
2014-10-17 12:58 - 2014-10-17 12:58 - 00095299 _____ () C:\Users\Anytime\Documents\TRX FLYER
2014-10-17 11:43 - 2014-10-17 11:43 - 00185052 _____ () C:\Users\Anytime\Documents\Brenda Miller.jpeg
2014-10-17 04:26 - 2014-10-17 04:27 - 00087690 _____ () C:\Users\Anytime\Downloads\Donna (15).xlsx
2014-10-16 16:22 - 2014-10-16 16:23 - 00348140 _____ () C:\Users\Anytime\Downloads\Matt G (14).xlsx
2014-10-16 09:44 - 2014-10-16 18:49 - 00023342 _____ () C:\Users\Anytime\Documents\South Lyon_Cash_Box_Tracking 2014 (2).xlsx
2014-10-16 09:35 - 2014-10-16 09:35 - 00103350 _____ () C:\Users\Anytime\Documents\cash_sheet.zip
2014-10-16 03:38 - 2014-10-16 03:39 - 00279708 _____ () C:\Users\Anytime\Downloads\Liz (14).xlsx
2014-10-15 10:13 - 2014-10-15 10:15 - 00026148 _____ () C:\Users\Anytime\Desktop\Copy of South Lyon_Cash_Box_Tracking 2014.xlsx
2014-10-15 10:10 - 2014-10-15 10:10 - 00026242 _____ () C:\Users\Anytime\Documents\South Lyon_Cash_Box_Tracking 2014.xlsx
2014-10-14 16:11 - 2014-09-28 19:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 16:11 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 16:11 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 16:11 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 16:11 - 2014-09-18 20:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-14 16:11 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 16:11 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-14 16:11 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 16:11 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 16:11 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 16:11 - 2014-09-18 19:50 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-14 16:11 - 2014-09-18 19:44 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-14 16:11 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-14 16:11 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 16:11 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 16:10 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-14 16:10 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 16:10 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 16:10 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 16:10 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 16:10 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 16:10 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-14 16:10 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-14 16:10 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 16:10 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-14 16:10 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-14 16:10 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-14 16:10 - 2014-09-18 19:20 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-14 16:10 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 16:10 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-14 16:10 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 16:10 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-14 16:10 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-14 16:10 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-14 16:10 - 2014-08-28 20:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 16:10 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 16:10 - 2014-07-16 20:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 16:10 - 2014-07-16 20:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 16:10 - 2014-07-16 20:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 16:10 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 16:10 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 16:10 - 2014-07-16 20:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 16:10 - 2014-07-16 20:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 16:10 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 16:10 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 16:10 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 16:09 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 13:53 - 2014-10-31 14:05 - 00014433 _____ () C:\Users\Anytime\Desktop\Daily notes.xlsx
2014-10-14 13:34 - 2014-10-14 13:35 - 00011296 _____ () C:\Users\Anytime\Desktop\NOTES.xlsx
2014-10-14 03:36 - 2014-10-14 03:38 - 00280867 _____ () C:\Users\Anytime\Downloads\Liz (13).xlsx
2014-10-13 16:26 - 2014-10-13 16:26 - 00348129 _____ () C:\Users\Anytime\Downloads\Matt G (13).xlsx
2014-10-13 14:31 - 2014-10-15 15:56 - 00027513 _____ () C:\Users\Anytime\Desktop\Copy of South Lyon_Cash_Box_Tracking 2014 (2).xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 16:02 - 2014-10-04 16:03 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 15:59 - 2012-12-17 11:18 - 00000000 ____D () C:\Users\Anytime\AppData\Roaming\TeamViewer
2014-11-11 15:53 - 2012-07-27 17:02 - 00000000 ____D () C:\Users\Anytime\AppData\Local\Deployment
2014-11-11 15:52 - 2013-09-05 19:01 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 15:38 - 2013-01-14 18:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 14:40 - 2012-12-19 16:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-11-11 14:28 - 2011-11-25 00:49 - 01317227 _____ () C:\Windows\WindowsUpdate.log
2014-11-11 13:24 - 2014-01-26 16:35 - 00000000 ____D () C:\Users\Anytime\Desktop\April Bown
2014-11-11 13:23 - 2014-10-02 19:20 - 00029782 _____ () C:\Users\Anytime\Desktop\South Lyon_Cash_Box_Tracking 2014 (2).xlsx
2014-11-11 11:25 - 2012-12-24 10:17 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-11-11 10:49 - 2013-02-22 12:18 - 00000000 ____D () C:\Users\Anytime\Documents\Fax
2014-11-11 10:49 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-11 10:32 - 2011-11-25 01:13 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-11 10:00 - 2012-07-27 16:59 - 00000000 ____D () C:\ClubHub
2014-11-10 20:52 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-10 20:22 - 2014-01-02 13:07 - 00081408 _____ () C:\Users\Anytime\Desktop\Key Tracker Jan 2014.xls
2014-11-10 18:10 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 18:10 - 2009-07-13 23:34 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 18:03 - 2014-01-28 12:49 - 00000976 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-11-10 18:03 - 2014-01-28 12:49 - 00000960 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-11-10 18:03 - 2012-12-17 12:47 - 00000000 ____D () C:\kworking
2014-11-10 18:02 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 17:51 - 2009-07-13 23:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-10 17:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-11-10 17:26 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Default
2014-11-10 17:26 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-11-10 17:24 - 2009-07-13 21:04 - 00000215 _____ () C:\Windows\system.ini
2014-11-10 16:58 - 2012-01-06 14:34 - 00000000 ____D () C:\Users\Anytime
2014-11-10 16:56 - 2009-07-13 21:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-10 16:31 - 2011-02-10 11:03 - 00000000 ____D () C:\Windows\panther
2014-11-10 16:24 - 2012-02-20 13:22 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-11-10 16:24 - 2012-02-20 13:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-11-10 15:15 - 2009-07-13 23:33 - 00390368 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-10 14:23 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-11-10 14:18 - 2013-12-26 10:28 - 00000000 ____D () C:\Users\Anytime\Desktop\Mike
2014-11-10 14:05 - 2012-12-11 16:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-10 14:02 - 2013-09-05 08:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-10 13:55 - 2012-01-06 15:05 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 13:53 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-11-10 10:57 - 2013-12-04 12:34 - 00206848 _____ () C:\Users\Anytime\Desktop\PT_Commissions_2014.xls
2014-11-09 15:42 - 2012-12-26 12:40 - 00000000 ____D () C:\Users\Anytime\Documents\Dave PT
2014-11-09 12:09 - 2012-12-17 13:12 - 00000000 ____D () C:\Users\Anytime\Desktop\Terry
2014-11-07 13:42 - 2014-04-21 04:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-07 13:41 - 2012-11-16 12:34 - 00000000 ____D () C:\Program Files\Java
2014-11-07 13:31 - 2010-11-20 16:01 - 00786558 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 18:55 - 2013-12-04 14:18 - 00126635 _____ () C:\Users\Anytime\Desktop\IN CLUB PAYMENTS 2014.xlsx
2014-11-04 18:56 - 2013-07-24 10:57 - 00000000 ____D () C:\Users\Anytime\Desktop\Kaitlin
2014-10-31 14:36 - 2014-02-15 12:43 - 00000000 ____D () C:\Users\Anytime\Desktop\Liz
2014-10-30 06:24 - 2012-01-06 14:47 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-28 12:54 - 2013-09-05 19:06 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-27 20:19 - 2013-08-09 07:26 - 00000000 ____D () C:\Users\Anytime\Documents\Outlook Files
2014-10-25 10:09 - 2014-02-05 10:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-25 09:27 - 2012-01-06 14:34 - 00104568 _____ () C:\Users\Anytime\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-25 05:30 - 2011-11-25 01:06 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-22 17:02 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-18 07:47 - 2013-09-05 19:01 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-16 09:53 - 2013-01-29 17:21 - 00000175 _____ () C:\config.xml
2014-10-16 09:50 - 2013-06-26 11:49 - 00000000 ____D () C:\Program Files\Recuva
2014-10-14 03:56 - 2014-10-04 16:03 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-14 03:56 - 2014-10-04 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-14 03:56 - 2014-10-04 16:03 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
 
Some content of TEMP:
====================
C:\Users\Anytime\AppData\Local\temp\GLB1A2B.EXE
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-07 18:45
 
==================== End Of Log ============================
 
RogueKiller V10.0.5.0 [Nov 11 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Anytime [Administrator]
Mode : Scan -- Date : 11/11/2014  16:30:06
a
¤¤¤ Processes : 1 ¤¤¤
[suspicious.Path] ClubHub.Client.WPF.exe -- C:\Users\Anytime\AppData\Local\Apps\2.0\0G2LCKN7.1ED\H3HLD4Q2.1GO\club..tion_d01621acc9164a2c_0001.0005_ecc2cbb253eb7698\ClubHub.Client.WPF.exe[-] -> Killed [TermProc]
 
¤¤¤ Registry : 11 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:9880;https=127.0.0.1:9880  -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1943978468-3023993088-3773399000-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST250DM000-1BD141 +++++
--- User ---
[MBR] 6217f11d3680bb21375d11873c228781
[bSP] 19481fdd0191d445e63f281ff48575d7 : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 752 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1622016 | Size: 181360 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 373047296 | Size: 56323 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_DEL_11102014_173207.log - RKreport_DEL_11102014_173210.log - RKreport_SCN_11102014_173131.log

Malwarebytes log 11-11-14.txt

FRST.txt

Link to post
Share on other sites

Sorry here is the content of Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-11-2014

Ran by Anytime at 2014-11-11 16:17:44
Running from C:\Users\Anytime\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
ACS480 1.0.4.4 (HKLM\...\ACS_is1) (Version: 1.0.4.4 - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bing Bar (HKLM\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Bosch Divar 700 Series 3.35 Control Center (HKLM\...\{AFCD5AFF-3CBD-4B75-A6FF-178234529095}) (Version: 3.35 - Bosch Security Systems)
Bosch Divar 700 Series 3.41 PC Software (HKLM\...\{C439237F-B211-4A96-9FF8-757B40DF534C}) (Version: 3.41 - Bosch Security Systems)
Catalyst Control Center (HKLM\...\{8B1A559A-FB9D-42F5-A8A7-2F132CF28414}) (Version: 1.00.0000 - )
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Check In System (HKLM\...\{3040AA83-BD35-46F0-A131-7B550EBF51A9}) (Version: 14.2.2008 - Anytime Fitness)
Check-In (HKLM\...\{1FEA4938-55ED-406E-A487-07C5884979AC}) (Version: 01.21.2008 - Mark Carlson)
Check-In (HKLM\...\{554C1E78-B508-402C-8DAE-D5798231F028}) (Version: 10.23.2008 - Check-In)
ClubHub DoorService (HKLM\...\{267AF53B-7996-4702-A510-FB7B0938A061}) (Version: 1.0.0 - Anytime Fitness)
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.0.0 - Business Objects)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4418 - CyberLink Corp.)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Client System Update (HKLM\...\{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}) (Version: 1.2.1 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.001 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.001 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.00.00.108 - Wave Systems Corp.) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
ElkRP2 (HKLM\...\{09812D5D-BD58-4B11-B871-D22E6D535FA8}) (Version: 2.0.14 - Elk Products, Inc.)
ElkRP2 (Version: 2.0.14 - Elk Products, Inc.) Hidden
ElkRP2 (Version: 2.0.8 - Elk Products, Inc.) Hidden
EMBASSY Security Center (Version: 04.02.00.173 - Wave Systems Corp.) Hidden
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
IBCTEST (HKLM\...\ST6UNST #1) (Version:  - )
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Dell)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaseya Agent (southlyon1492.mi.nonprov.root.atf - saas27.kaseya.net) (HKLM\...\KAKSAASC00000000577510) (Version: 6.3.0.5 - Kaseya)
LogMeIn (HKLM\...\{FA653F5B-483A-4E92-BF75-BB3BBF1D550D}) (Version: 4.1.2634 - LogMeIn, Inc.)
M1XEP Diagnostic Utility (HKLM\...\{1A817CE4-7E1D-4F90-B700-3B29595FA853}) (Version: 1.0.2 - Elk Products)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access Runtime (English) 2007 (HKLM\...\{90120000-001C-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 ENU (HKLM\...\{2F141715-E144-48C0-8562-D193B7AB85BC}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.3 - )
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.02.00.096 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.047 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
STA V8.4 Installation (HKLM\...\ST6UNST #2) (Version:  - )
TailgateSetup (Advanced) (HKLM\...\{B655553E-C3F6-4D03-986E-B27B05255B86}) (Version: 1.0.0 - IRISYS)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VideoCapX control version 6.3 Lite (HKLM\...\VideoCapX control_is1) (Version:  - )
Wave Infrastructure Installer (Version: 07.03.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.036 - Wave Systems Corp) Hidden
Windows Driver Package - B&B Electronics CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\8AF696F5B8552F8F354DAFB1B4B4125C228A1AB1) (Version: 02/17/2009 2.04.16 - B&B Electronics)
Windows Driver Package - B&B Electronics CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\8D2AE4247BBAFCC7C72BE6BD6565D965DE40F327) (Version: 02/17/2009 2.04.16 - B&B Electronics)
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{50BAEED9-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{50BAEEDA-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{50BAEEDB-ED25-11D2-B97B-000000000000}\InprocServer32 -> C:\Program Files\Common Files\System\ole db\vfpoledb.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1943978468-3023993088-3773399000-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
 
==================== Restore Points  =========================
 
31-10-2014 12:50:23 Checkpoint by HitmanPro
31-10-2014 12:51:02 Checkpoint by HitmanPro
31-10-2014 16:12:27 Checkpoint by HitmanPro
03-11-2014 16:06:50 Windows Update
05-11-2014 10:32:56 Checkpoint by HitmanPro
06-11-2014 16:08:25 Windows Update
07-11-2014 16:07:05 Checkpoint by HitmanPro
07-11-2014 18:40:35 Installed Java 7 Update 71
08-11-2014 17:36:29 Checkpoint by HitmanPro
09-11-2014 18:39:34 Windows Update
10-11-2014 16:35:33 Windows Update
10-11-2014 18:52:00 Windows Update
10-11-2014 20:24:54 Checkpoint by HitmanPro
10-11-2014 21:19:30 avast! antivirus system restore point
10-11-2014 21:41:20 Checkpoint by HitmanPro
10-11-2014 22:37:56 Checkpoint by HitmanPro
11-11-2014 19:40:13 Removed Food Planner v1.3
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-11-10 16:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {03E3A746-BF5B-489D-9D92-A9530CA1D041} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {2FEA0697-E9B9-4423-9AFD-03DD0826F980} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
Task: {66B600E7-F082-44B7-91AF-A6B10F65F00A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-10] (AVAST Software)
Task: {72207846-87B4-4D42-9893-6007122A0368} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {D37F40FB-D389-46CD-8EB7-D99CCB6C129C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-10-25 09:44 - 2014-10-27 03:56 - 04383192 _____ () C:\Program Files\Abthearial\Abthearial.exe
2014-10-25 09:44 - 2014-03-07 19:56 - 00117262 ___SH () C:\Program Files\Abthearial\libgcc_s_dw2-1.dll
2014-10-25 09:44 - 2014-03-07 19:56 - 00970766 ___SH () C:\Program Files\Abthearial\libstdc++-6.dll
2014-10-27 03:56 - 2014-10-27 03:56 - 00417752 ___SH () C:\Program Files\Abthearial\HttpsProxy.exe
2014-11-11 06:03 - 2014-11-11 06:03 - 02902016 _____ () C:\Program Files\AVAST Software\Avast\defs\14111100\algo.dll
2012-12-17 12:41 - 2011-11-07 13:21 - 00925696 _____ () C:\Program Files\Kaseya\KSAASC00000000577510\libkacm.dll
2014-10-25 09:45 - 2014-10-25 09:45 - 00160728 _____ () C:\Program Files\Abthearial\AbthearialHelper.exe
2013-01-17 18:51 - 2012-02-16 18:48 - 00110592 _____ () C:\Program Files\Kaseya\KSAASC00000000577510\extensions\scripts\socket\core.dll
2013-01-17 18:51 - 2012-02-16 18:48 - 00073728 _____ () C:\Program Files\Kaseya\KSAASC00000000577510\extensions\scripts\mime\core.dll
2011-11-25 00:59 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2011-02-18 19:36 - 2011-02-18 19:36 - 00243712 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-08-26 17:12 - 2010-08-26 17:12 - 00016384 ____R () c:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-11-10 16:21 - 2014-11-10 16:21 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Anytime\Documents\Brenda Miller.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Anytime\Documents\Brenda Miller.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Anytime\Documents\Maria 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Anytime\Documents\Maria 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Anytime\Documents\Maria P.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Anytime\Documents\Maria P.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Anytime\Documents\Tom Hodges #32803.jpg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Anytime\Documents\Tom Hodges #32803.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAKSAASC00000000577510 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KAKSAASC00000000577510 => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NOTE TO INSTALLER.docx => C:\Windows\pss\NOTE TO INSTALLER.docx.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1943978468-3023993088-3773399000-500 - Administrator - Disabled)
Anytime (S-1-5-21-1943978468-3023993088-3773399000-1000 - Administrator - Enabled) => C:\Users\Anytime
Guest (S-1-5-21-1943978468-3023993088-3773399000-501 - Limited - Disabled)
LogMeInRemoteUser (S-1-5-21-1943978468-3023993088-3773399000-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Owner (S-1-5-21-1943978468-3023993088-3773399000-1003 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/10/2014 06:03:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2014 06:01:09 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2014 05:48:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1148
 
Start Time: 01cffd372c53ecd1
 
Termination Time: 31
 
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
 
Report Id:
 
 
System errors:
=============
Error: (11/10/2014 06:02:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NTRU TSS v1.2.1.36 TCS service depends on the TPM Base Services service which failed to start because of the following error: 
%%0
 
Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 05:59:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (11/10/2014 05:59:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (11/10/2014 05:59:35 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (11/10/2014 05:59:33 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
 
Microsoft Office Sessions:
=========================
Error: (11/10/2014 06:03:29 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 06:01:09 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (11/10/2014 05:48:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe11.0.9600.17344114801cffd372c53ecd131C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G630 @ 2.70GHz
Percentage of memory in use: 62%
Total physical RAM: 3317.05 MB
Available physical RAM: 1250.73 MB
Total Pagefile: 6632.39 MB
Available Pagefile: 4185.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.74 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:177.11 GB) (Free:112.35 GB) NTFS
Drive i: (BACKUP) (Fixed) (Total:55 GB) (Free:39.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 819D0E2E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=752 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=177.1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=55 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
Link to post
Share on other sites

What is this program:
C:\Program Files\Abthearial

====================================

The proxy should be gone after this...here's how to disable it if needed:
http://kb.linksys.com/Linksys/ukp.aspx?pid=80&vw=1&articleid=5452

====================================

(This will cause the computer to reboot!)

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
Run FRST.exe/FRST64.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

From your logs, it looks like you ran all the programs already.

Reboot and if there's no other problems........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • If you can't post it, attach it
MrC
Link to post
Share on other sites

  • 4 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.