View Single Post
  #8  
Old September 6th, 2015, 12:52 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,366
thanks so much I will uninstall as you requested.


is this what you requested?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015
Ran by Jmg (administrator) on JMG-PC (05-09-2015 20:19:39)
Running from C:\Users\Jmg\Downloads
Loaded Profiles: Jmg & RA Media Server (Available Profiles: Jmg & RA Media Server)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
() C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 2600 Series\ezprint.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
(SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
( ) C:\Windows\System32\lxdncoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-28] (AVAST Software)
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver performer.lnk [2011-04-20]
ShortcutTarget: Driver performer.lnk -> C:\Users\Jmg\AppData\Local\temp\7ZipSfx.000\dp.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dell Dock.lnk [2011-04-20]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CCADCF13-5116-436B-A314-EFE343CAB0DE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {2C905420-E03E-466F-8B90-3B3A4C25FA95} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&s rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_ 232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160 .dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-433151091-2507789458-3595603629-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Jmg\AppData\Roaming\RevTrax\RevTraxPrintM yCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-04-05] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849\searchplugins\yahoo-avast.xml [2015-05-21]
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-08-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-08]

Chrome:
=======
CHR Profile: C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Motive Extension) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnk ogchec [2013-09-29]
CHR Extension: (Avast Online Security) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2015-05-08]
CHR Extension: (Google Wallet) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2015-05-08]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-06-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-28] (Avast Software)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-12-03] (Coupons.com Inc.)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2009-03-21] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-28] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [589824 2007-11-28] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-28] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-28] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-28] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-28] (AVAST Software)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-28] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 20:19 - 2015-09-05 20:20 - 00019873 _____ C:\Users\Jmg\Downloads\FRST.txt
2015-09-05 20:19 - 2015-09-05 20:19 - 01690624 _____ (Farbar) C:\Users\Jmg\Downloads\FRST.exe
2015-09-05 20:19 - 2015-09-05 20:19 - 00000000 ____D C:\FRST
2015-09-02 12:05 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-31 08:25 - 2015-08-31 08:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58C726B8.sys
2015-08-30 14:18 - 2015-08-30 14:18 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2CB36667.sys
2015-08-28 10:00 - 2015-08-28 11:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-28 08:51 - 2015-08-28 08:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-08-28 08:50 - 2015-08-28 08:49 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-28 08:50 - 2015-08-28 08:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-28 08:49 - 2015-08-28 08:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-19 08:53 - 2015-08-19 08:53 - 00000000 ____D C:\Program Files\Valassis
2015-08-19 08:52 - 2015-08-19 08:53 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-hUg1CcKg.exe
2015-08-19 08:50 - 2015-08-19 08:50 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-l8n52RuC.exe
2015-08-19 08:28 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 08:28 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-19 08:28 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(7).msi
2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(6).msi
2015-08-18 18:37 - 2015-08-18 18:37 - 00000000 ____D C:\Users\Jmg\AppData\Roaming\RevTrax
2015-08-18 18:36 - 2015-08-18 18:36 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(5).msi
2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(4).msi
2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(3).msi
2015-08-18 18:34 - 2015-08-18 18:34 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(2).msi
2015-08-18 17:19 - 2015-08-18 17:19 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-vHF6sFRP.exe
2015-08-11 17:08 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 17:08 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-11 17:08 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 17:08 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-11 17:08 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 17:08 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-11 17:08 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 17:08 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 17:07 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-11 17:06 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 17:06 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 17:06 - 2015-07-09 09:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-11 14:25 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 14:25 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 14:25 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 14:24 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-11 14:24 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 14:24 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-11 14:24 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 14:24 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 14:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 14:22 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 14:22 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 14:22 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 14:22 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 14:22 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 14:22 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 14:22 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-11 14:22 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 14:22 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-11 14:22 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-11 14:22 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 20:08 - 2012-04-02 17:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-05 19:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 19:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 18:13 - 2009-03-21 11:21 - 02025272 _____ C:\Windows\WindowsUpdate.log
2015-09-05 17:30 - 2014-06-21 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-04 15:13 - 2009-03-31 17:29 - 00000000 ____D C:\ProgramData\TEMP
2015-09-04 15:12 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\Program Files\Dell
2015-09-02 17:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-09-02 11:40 - 2006-11-02 08:01 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-02 11:20 - 2013-10-11 09:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-09-02 09:40 - 2010-02-01 15:41 - 00000000 ____D C:\Windows\system32\Adobe
2015-08-28 11:53 - 2014-06-14 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 11:53 - 2008-01-20 21:47 - 00781758 _____ C:\Windows\PFRO.log
2015-08-28 10:00 - 2015-03-17 15:45 - 00000000 ____D C:\Windows\system32\vbox
2015-08-28 08:50 - 2015-05-08 14:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-28 08:49 - 2015-05-08 14:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-27 17:30 - 2009-03-31 17:33 - 00000906 _____ C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Windows Media Player.lnk
2015-08-27 08:58 - 2009-06-02 21:01 - 00000000 ____D C:\ProgramData\lx_cats
2015-08-16 14:28 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-11 17:20 - 2009-03-21 17:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-11 17:19 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-11 17:08 - 2010-07-07 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 14:33 - 2006-11-02 07:47 - 00229608 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-11 14:29 - 2013-07-11 07:08 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 14:26 - 2006-11-02 05:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-11 14:08 - 2012-04-02 17:30 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-11 14:08 - 2011-05-25 08:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-15 13:32 - 2013-03-15 13:32 - 4126720 _____ () C:\Program Files\GUT35A3.tmp
2014-01-22 09:43 - 2014-01-22 09:44 - 50063360 _____ () C:\Program Files\GUTA045.tmp
2009-08-17 11:33 - 2012-03-25 15:22 - 0005632 _____ () C:\Users\Jmg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-03 18:17 - 2015-07-15 08:45 - 0000504 _____ () C:\ProgramData\FastPics.log
2011-04-23 13:43 - 2011-04-23 13:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\Jmg\AppData\Local\temp\0_Offer_0.exe
C:\Users\Jmg\AppData\Local\temp\6_Offer_15.exe
C:\Users\Jmg\AppData\Local\temp\6_Offer_17.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Jmg\AppData\Local\temp\pcDesktopAlertNoti fierX.dll
C:\Users\Jmg\AppData\Local\temp\Quarantine.exe
C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Finish.exe
C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Start.exe
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite .dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 14928.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 22853.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 23069.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 25902.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 26767.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 57279.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 62558.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 69918.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 98294.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-04 15:22

==================== End of FRST.txt ============================

Last edited by perplexed; September 6th, 2015 at 01:06 PM.
Reply With Quote