|
Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know. |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
![]()
I am getting a lot of Firefox stop responding & computer freezing. I did a scan on malware bytes and it found 7 items and I sent them to quarantine all were
pup.optional.outbrowse. I tried to do a avast scan and it froze mid way through. I did another avast scan and it found 3 items I sent to vault, do I post them here or in another forum to see if I need to proceed futher? I try and use the ctrl alt delete to get my computer to be active again and it may or may not work. I often have to push button on tower to restart. Is there another way other than that ? Thanks for any help you may give Last edited by perplexed; August 31st, 2015 at 06:13 PM. |
#2
|
||||
|
||||
Lets move this over to our malware forum to see if an infection is causing this.
|
#3
|
||||
|
||||
Hello, perplexed
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems. Please take note of some guidelines for this fix:
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop. For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop. Please run it and click Scan, post back with the 2 logfiles. |
#4
|
|||
|
|||
okay I did do a malwarebytes scan nothing shows and I did a avast scan and sent 3 items to chest before I ever posted . Thank you .
Last edited by perplexed; September 4th, 2015 at 09:18 PM. |
#5
|
||||
|
||||
Please run the FRST scan from my post above. Otherwise I am not able to help or say anything about the state of the system.
|
#6
|
|||
|
|||
Thanks so much!
Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-09-2015 Ran by Jmg (2015-09-05 20:20:15) Running from C:\Users\Jmg\Downloads Boot Mode: Normal ================================================== ======== ==================== Accounts: ============================= Administrator (S-1-5-21-433151091-2507789458-3595603629-500 - Administrator - Disabled) ASPNET (S-1-5-21-433151091-2507789458-3595603629-1003 - Limited - Enabled) Guest (S-1-5-21-433151091-2507789458-3595603629-501 - Limited - Disabled) Jmg (S-1-5-21-433151091-2507789458-3595603629-1000 - Administrator - Enabled) => C:\Users\Jmg RA Media Server (S-1-5-21-433151091-2507789458-3595603629-1001 - Administrator - Enabled) => C:\Users\RA Media Server ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House) Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D 1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.) ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - ) Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software) Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated) Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - ) Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0023 - Dell, Inc.) Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell) Dell Remote Access (HKLM\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.) Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08298 - Dell) DELL0604 (Version: 1.0.0 - WildTangent) Hidden EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - ) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel) Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation) Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.) Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.13.37.0 - ) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla) P@H-Protocol (HKLM\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis) RC_Vista.exe (HKLM\...\RC_Vista.exe) (Version: - ) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - ) RevTraxPrintMyCoupon (HKLM\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio) Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - ) Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden WildTangent Games (HKLM\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent) Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation) Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation) Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-433151091-2507789458-3595603629-1000_Classes\CLSID\{9F3041F6-9C7A-5252-AD04-F3C9EF05D2D9}\InprocServer32 -> C:\Users\Jmg\AppData\Roaming\RevTrax\RevTraxPrintM yCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax) ==================== Restore Points ========================= 02-09-2015 12:05:11 Windows Update 02-09-2015 18:08:35 Removed CouponPrinterPlugin 02-09-2015 18:09:08 Removed Dell Dock 02-09-2015 18:10:33 Removed Dell Dock 02-09-2015 18:11:50 Removed Walgreens PictureMover. 02-09-2015 18:13:56 Removed Dell Getting Started Guide. 02-09-2015 18:14:17 Removed Dell Support Center (Support Software). 02-09-2015 18:16:25 Removed Java 8 Update 45 05-09-2015 13:45:39 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 05:23 - 2010-08-20 10:33 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {AA39DF3E-0F1E-42A6-873A-8022831E320A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2015-08-11] (Adobe Systems Incorporated) Task: {D21D6367-0CD4-44E0-AEED-FA3AEA4830C1} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.) Task: {E62B38A7-3744-4059-8731-02C0BBD23D81} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-28] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe ==================== Loaded Modules (Whitelisted) ============== 2015-05-08 14:58 - 2015-08-28 08:49 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-05-08 14:58 - 2015-08-28 08:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-09-04 14:56 - 2015-09-04 14:56 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090402\algo.dll 2015-09-05 06:51 - 2015-09-05 06:51 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090500\algo.dll 2015-09-05 13:12 - 2015-09-05 13:12 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090502\algo.dll 2014-06-03 10:25 - 2009-08-13 12:02 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdndrpp .dll 2014-06-03 18:17 - 2010-02-04 04:05 - 00660136 _____ () C:\Program Files\Lexmark 2600 Series\lxdnmon.exe 2014-06-03 18:17 - 2009-07-23 14:48 - 00380928 _____ () C:\Program Files\Lexmark 2600 Series\lxdnscw.dll 2014-06-03 18:17 - 2007-05-29 02:39 - 00589824 _____ () C:\Program Files\Lexmark 2600 Series\lxdndatr.dll 2014-06-03 18:17 - 2009-07-23 14:49 - 00782336 _____ () C:\Program Files\Lexmark 2600 Series\lxdnDRS.dll 2014-06-03 18:17 - 2009-05-14 08:46 - 00081920 _____ () C:\Program Files\Lexmark 2600 Series\lxdncaps.dll 2014-06-03 18:17 - 2007-10-02 09:51 - 00069632 _____ () C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll 2014-06-03 18:17 - 2007-10-12 13:24 - 00364544 _____ () C:\Program Files\Lexmark 2600 Series\iptk.dll 2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe 2007-09-24 08:27 - 2007-09-24 08:27 - 02035712 _____ () C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\LIBMYSQL.dll 2009-07-23 19:49 - 2009-07-23 19:49 - 00782336 _____ () C:\Windows\system32\lxdndrs.dll 2009-05-14 13:46 - 2009-05-14 13:46 - 00081920 _____ () C:\Windows\system32\lxdncaps.dll 2007-10-02 14:51 - 2007-10-02 14:51 - 00069632 _____ () C:\Windows\system32\lxdncnv4.dll 2015-05-08 14:58 - 2015-05-08 14:58 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE restricted site: HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\meebo.com -> meebo.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Control Panel\Desktop\\Wallpaper -> HKU\S-1-5-21-433151091-2507789458-3595603629-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg DNS Servers: 192.168.1.254 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe FirewallRules: [{9848DDCD-4411-49F3-A928-60683F9DAC1D}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe FirewallRules: [{B2D82E31-64F6-4D3D-8B89-86CBCFFF5CB2}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe FirewallRules: [{9F8730F1-B717-481D-AF8E-B3CFA9893842}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe FirewallRules: [{E0C063D8-6EE0-4B31-A4D7-EA6816EEF629}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe FirewallRules: [{27F59DB3-14AA-41A0-BD71-0E632B83BEF3}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe FirewallRules: [{3A4CE0C9-D062-4EA6-8E65-D08EBC7BCD90}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{FDB3063F-9E44-47A7-B118-2847554D2872}] => (Allow) svchost.exe FirewallRules: [{5EE23785-B670-4267-9653-5AEBE689D02A}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe FirewallRules: [{B6E40CF1-42ED-4585-8F95-6890D1900EA7}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe FirewallRules: [{7A3E70FF-7FF8-4611-8CD0-1D333AE62F85}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe FirewallRules: [{3D5ED5A9-57A4-4432-9189-434F2993B0DD}] => (Allow) C:\Program Files\AVG\AVG8\avgemc.exe FirewallRules: [{739AF580-3943-48FB-9419-C400A09C7E0B}] => (Allow) C:\Program Files\AVG\AVG8\avgupd.exe FirewallRules: [{2E97D523-625D-457A-A445-63BF4B337F40}] => (Allow) C:\Program Files\AVG\AVG8\avgnsx.exe FirewallRules: [{352D6A03-86CA-4BEE-9C51-49284A232967}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe FirewallRules: [{999D8CE7-44BD-4638-9635-0C3A3CFE20EF}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe FirewallRules: [{B18D1CA4-8E41-42DD-A890-886FE05C3BD1}] => (Allow) C:\Program Files\AIM6\aim6.exe FirewallRules: [{AF86C38C-17A7-4813-B041-76E39CBD4767}] => (Allow) C:\Program Files\AIM6\aim6.exe FirewallRules: [TCP Query User{EFB87D27-89B3-4AE9-A8F3-A0495394C91C}C:\program files\aim6\aim6.exe] => (Block) C:\program files\aim6\aim6.exe FirewallRules: [UDP Query User{8AAB5B7A-6B60-4D92-ABF5-7A2FD9E3B966}C:\program files\aim6\aim6.exe] => (Block) C:\program files\aim6\aim6.exe FirewallRules: [{FBBF1D12-A13A-4355-86B5-9F6F18C02908}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{059C0A5F-F027-4CF2-9AFF-B0B5E9881399}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{5D9677E5-6EC7-4F2C-B2A4-CC590FF403C4}C:\windows\temp\occ.exe] => (Block) C:\windows\temp\occ.exe FirewallRules: [UDP Query User{808641AD-1597-4C0A-B34E-51420174C37A}C:\windows\temp\occ.exe] => (Block) C:\windows\temp\occ.exe FirewallRules: [{EE822A05-03F0-4F59-949C-08F75716DB29}] => (Allow) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe FirewallRules: [{E5A36D76-16D2-473B-84A6-859F36964FC6}] => (Allow) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe FirewallRules: [{C1B53403-871F-444B-AEEF-52F12160B8D8}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe FirewallRules: [{ABF0445D-A4FE-401C-A7B2-0C1381A3F556}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe FirewallRules: [{1DD1C47A-AF02-49C5-B19E-7D8228A03C4B}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysql.exe FirewallRules: [{905D490A-F6EE-441B-829B-000185F50AFB}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysql.exe FirewallRules: [{D038D729-5974-4647-838C-7D3CF6632203}] => (Allow) C:\ProgramData\SingleClick Systems\apache\php.exe FirewallRules: [{698B1E2F-A6F2-4EBB-996A-9F60F2811BF0}] => (Allow) C:\ProgramData\SingleClick Systems\apache\php.exe FirewallRules: [{FC881E16-BC35-4DCA-9F7A-BEB1A5F046F9}] => (Allow) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe FirewallRules: [{ADAE2C2D-DA84-4F34-860E-BBA56154F96C}] => (Allow) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe FirewallRules: [{AB4A85C5-EAC0-43F6-9584-A7C9487F8873}] => (Allow) LPort=40080 FirewallRules: [{949B0706-B5AD-4AE3-BA0F-A60BF85D27C7}] => (Allow) LPort=40090 FirewallRules: [{8CAC6681-9D7D-4317-B99D-F52803276666}] => (Allow) LPort=40091 FirewallRules: [{51CB3201-AAE5-4E62-B26E-7E2F9B123CC3}] => (Allow) LPort=40092 FirewallRules: [{B4582D87-E460-4980-B040-A82725052A60}] => (Allow) LPort=40093 FirewallRules: [{64E4602D-771F-4EC7-8264-66413EADB292}] => (Allow) LPort=40094 FirewallRules: [{1B9B7B2F-83B2-4361-98BB-53AA4534D4F4}] => (Allow) C:\Program Files\AIM\aim.exe FirewallRules: [{EFB17237-7F39-4301-A137-E70D9B75C6B6}] => (Allow) C:\Program Files\AIM\aim.exe FirewallRules: [{FDA3FC38-FAE8-42B7-9218-C495196022A7}] => (Allow) LPort=80 FirewallRules: [{67572C9C-22BF-474C-A93E-E8C3CE218C5F}] => (Allow) LPort=80 FirewallRules: [{C3C2D8AA-115F-4F31-A0B2-B1EBE3A21905}] => (Allow) LPort=80 FirewallRules: [{9648E0E8-B9BA-4B61-A0A5-B1A832C4419E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe FirewallRules: [{84F83860-34A5-49A9-B38D-A4420C5DAC74}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe FirewallRules: [{BC4D219C-00B5-4F10-B9A4-0DC9A3CD534D}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe FirewallRules: [{4214F0E6-C4FD-455D-B79C-9D91737BC473}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnamon.exe FirewallRules: [{9D418FB9-E377-43D6-88DA-C197BC020EF8}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnamon.exe FirewallRules: [{97D49608-93A2-4DF9-A459-E1CAB530F497}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe FirewallRules: [{84E4F7E0-3B2A-47BC-8EF5-F6701E2B1763}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe FirewallRules: [{06799D81-C9B3-4A7C-84E0-D35B9D5517DB}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe FirewallRules: [{0E06D329-2C78-46B8-B226-60D2A6A0EE32}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe FirewallRules: [{EAC641B5-8646-43D8-8115-87E2F7B66048}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdntim e.exe FirewallRules: [{347A41FF-EE9F-48A2-BE46-DFF53903382F}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdntim e.exe FirewallRules: [{94F80B55-2D80-49C8-8C3F-D8B064189D28}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnwbg w.exe FirewallRules: [{B55555F7-62EB-44A6-AFD1-947EC7471F7B}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnwbg w.exe FirewallRules: [{72983580-B411-4366-8E7D-774EC253959F}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnjsw x.exe FirewallRules: [{12EBD3D1-9EE5-4B8C-AB0D-03B73E240476}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnjsw x.exe FirewallRules: [{83216514-E440-40EF-B8D9-5960AD96F483}] => (Allow) C:\Program Files\Lexmark 2600 Series\frun.exe FirewallRules: [{565665DD-0246-44E0-8BC6-EDF2CC6C9948}] => (Allow) C:\Program Files\Lexmark 2600 Series\frun.exe FirewallRules: [{4E7EF32B-8F2C-427C-B99C-F418F2B8486F}] => (Allow) C:\Windows\System32\lxdncoms.exe FirewallRules: [{F3F0BDF1-B466-40B4-9ED5-99B45A6028A1}] => (Allow) C:\Windows\System32\lxdncoms.exe FirewallRules: [TCP Query User{CFD34DE9-5AFC-426E-9170-D807AD95C9E7}C:\program files\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files\lexmark 2600 series\lxdnlscn.exe FirewallRules: [UDP Query User{9FBE153B-55F9-4212-859A-48AB33654B2D}C:\program files\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files\lexmark 2600 series\lxdnlscn.exe FirewallRules: [{2BA90ADE-4565-4666-A78E-6E42BBFE29A0}] => (Allow) C:\Program Files\ATT-HSI\pcBrowser.exe FirewallRules: [{E288CEFA-46E6-441C-B118-976A3D42C7B4}] => (Allow) C:\Program Files\ATT-HSI\pcBrowser.exe FirewallRules: [{DACA6E86-D0BA-4B24-9BE7-EC7F0564495A}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe FirewallRules: [{122094BB-2CEA-4DF9-AABA-A69E2FCDD9B5}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe FirewallRules: [{721BE386-2E84-44A7-86D2-16AED7C21F8A}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe FirewallRules: [{8388936B-9D60-49FE-B13F-F5A3C12DE40F}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe FirewallRules: [{B6FED07E-006E-4C9D-B456-4FC3C0CDCC72}] => (Allow) C:\Windows\System32\lxdncoms.exe FirewallRules: [{4B53A483-C5C5-45FD-8EA9-C3337B0D9AFE}] => (Allow) C:\Windows\System32\lxdncoms.exe FirewallRules: [{F2A1C7B9-198F-4654-88F2-960D233E9651}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe FirewallRules: [{1CB5E030-33F1-456C-B553-FA86B27157CF}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe FirewallRules: [{36F907C1-3401-422C-84D4-66D0BA95B2FE}] => (Allow) C:\Program Files\AIM\aim.exe FirewallRules: [{697217FD-1C5A-4B6F-9890-9A2C958EDB18}] => (Allow) C:\Program Files\AIM\aim.exe FirewallRules: [{5EE1B311-E0B8-4CEA-9190-0488DE11657D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{8D3227C4-7A99-4E23-832B-1126F12F95AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{A94B297A-4E6F-4C9E-94D1-58C172A54CED}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{CF046C62-4B55-4D41-A0C7-ECD850A47CEF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe FirewallRules: [{7D515ED1-FEB5-4621-B1A0-763C4F0DEDF6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{49900F62-9631-4583-865F-BE27C55C77C5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Faulty Device Manager Devices ============= Name: Lexmark 2600 Series #3 Description: Lexmark 2600 Series Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Lexmark Service: usbscan Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (09/04/2015 03:13:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/02/2015 05:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/02/2015 11:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/02/2015 11:23:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/01/2015 05:26:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2015 10:30:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application plugin-container.exe, version 40.0.3.5716, time stamp 0x55ddb213, faulting module mozglue.dll, version 40.0.3.5716, time stamp 0x55dda062, exception code 0x80000003, fault offset 0x0000e250, process id 0x35c, application start time 0xplugin-container.exe0. Error: (08/31/2015 10:22:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2015 08:25:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 02:17:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/28/2015 11:55:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (09/04/2015 03:13:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Remote Access Media Server%%1053 Error: (09/04/2015 03:13:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: 30000Remote Access Media Server Error: (09/04/2015 03:11:56 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 3:07:39 PM on 9/4/2015 was unexpected. Error: (09/02/2015 05:42:55 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:38:50 PM on 9/2/2015 was unexpected. Error: (09/02/2015 02:13:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000MBAMScheduler Error: (09/01/2015 05:25:38 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 5:23:15 PM on 9/1/2015 was unexpected. Error: (08/31/2015 10:21:06 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 9:39:54 AM on 8/31/2015 was unexpected. Error: (08/31/2015 08:24:01 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 8:20:32 AM on 8/31/2015 was unexpected. Error: (08/30/2015 04:27:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: 30000Netman Error: (08/30/2015 02:16:19 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 2:12:37 PM on 8/30/2015 was unexpected. Microsoft Office: ========================= Error: (09/04/2015 03:13:33 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/02/2015 05:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/02/2015 11:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/02/2015 11:23:43 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (09/01/2015 05:26:35 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2015 10:30:04 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3. 571655dda062800000030000e25035c01d0e401e2f48d45 Error: (08/31/2015 10:22:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/31/2015 08:25:01 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/30/2015 02:17:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/28/2015 11:55:07 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity: =================================== Date: 2015-09-05 20:19:52.757 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 20:19:52.100 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 20:19:51.439 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 20:19:50.781 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 09:38:43.942 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 09:38:42.853 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 09:38:41.808 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 09:38:40.532 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 09:38:39.475 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2015-09-05 09:38:38.492 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz Percentage of memory in use: 56% Total physical RAM: 3060.45 MB Available physical RAM: 1343.48 MB Total Virtual: 6351.17 MB Available Virtual: 4679.58 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:242.88 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.79 GB) NTFS ==================== MBR & Partition Table ================== ================================================== ====== Disk: 0 (Size: 298.1 GB) (Disk ID: 850B2CCD) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
#7
|
||||
|
||||
Please uninstall RevTraxPrintMyCoupon.
Also please post the content of FRST.txt, created by the program FRST. |
#8
|
|||
|
|||
thanks so much I will uninstall as you requested.
is this what you requested? Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015 Ran by Jmg (administrator) on JMG-PC (05-09-2015 20:19:39) Running from C:\Users\Jmg\Downloads Loaded Profiles: Jmg & RA Media Server (Available Profiles: Jmg & RA Media Server) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe () C:\Program Files\Lexmark 2600 Series\lxdnmon.exe (Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe (Lexmark International Inc.) C:\Program Files\Lexmark 2600 Series\ezprint.exe (Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe (SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe (Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe ( ) C:\Windows\System32\lxdncoms.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor) HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.) HKLM\...\Run: [lxdnmon.exe] => C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] () HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-28] (AVAST Software) HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-28] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver performer.lnk [2011-04-20] ShortcutTarget: Driver performer.lnk -> C:\Users\Jmg\AppData\Local\temp\7ZipSfx.000\dp.exe (No File) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dell Dock.lnk [2011-04-20] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-22] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{CCADCF13-5116-436B-A314-EFE343CAB0DE}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-433151091-2507789458-3595603629-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc179 HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179 SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> {2C905420-E03E-466F-8B90-3B3A4C25FA95} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&s rc=IE-SearchBox SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> No File BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation) BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation) Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation) Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation) Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849 FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchEngine.US: Yahoo! (Avast) FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=agc511 FF Keyword.URL: hxxps://search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_ 232.dll [2015-08-11] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160 .dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-07-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent) FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-433151091-2507789458-3595603629-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Jmg\AppData\Roaming\RevTrax\RevTraxPrintM yCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-04-05] (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.) FF SearchPlugin: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849\searchplugins\yahoo-avast.xml [2015-05-21] FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-08-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-08] Chrome: ======= CHR Profile: C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Motive Extension) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnk ogchec [2013-09-29] CHR Extension: (Avast Online Security) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2015-05-08] CHR Extension: (Google Wallet) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2015-05-08] CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-06-08] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-08] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-08] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-28] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-28] (Avast Software) R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-12-03] (Coupons.com Inc.) R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2009-03-21] (Creative Labs) [File not signed] R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-28] (Creative Technology Ltd) [File not signed] R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed] R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed] R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems) S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.) R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.) R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [589824 2007-11-28] ( ) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed] R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-28] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-28] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-28] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-28] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-28] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-28] (AVAST Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-05] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-28] (AVAST Software) R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-28] (Avast Software) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-05 20:19 - 2015-09-05 20:20 - 00019873 _____ C:\Users\Jmg\Downloads\FRST.txt 2015-09-05 20:19 - 2015-09-05 20:19 - 01690624 _____ (Farbar) C:\Users\Jmg\Downloads\FRST.exe 2015-09-05 20:19 - 2015-09-05 20:19 - 00000000 ____D C:\FRST 2015-09-02 12:05 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-08-31 08:25 - 2015-08-31 08:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58C726B8.sys 2015-08-30 14:18 - 2015-08-30 14:18 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2CB36667.sys 2015-08-28 10:00 - 2015-08-28 11:53 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-28 08:51 - 2015-08-28 08:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-08-28 08:50 - 2015-08-28 08:49 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-28 08:50 - 2015-08-28 08:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-28 08:49 - 2015-08-28 08:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-19 08:53 - 2015-08-19 08:53 - 00000000 ____D C:\Program Files\Valassis 2015-08-19 08:52 - 2015-08-19 08:53 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-hUg1CcKg.exe 2015-08-19 08:50 - 2015-08-19 08:50 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-l8n52RuC.exe 2015-08-19 08:28 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-19 08:28 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-19 08:28 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(7).msi 2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(6).msi 2015-08-18 18:37 - 2015-08-18 18:37 - 00000000 ____D C:\Users\Jmg\AppData\Roaming\RevTrax 2015-08-18 18:36 - 2015-08-18 18:36 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(5).msi 2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(4).msi 2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(3).msi 2015-08-18 18:34 - 2015-08-18 18:34 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(2).msi 2015-08-18 17:19 - 2015-08-18 17:19 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-vHF6sFRP.exe 2015-08-11 17:08 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-11 17:08 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-11 17:08 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-11 17:08 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-11 17:08 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-11 17:08 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-11 17:08 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-11 17:08 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-11 17:07 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll 2015-08-11 17:06 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-11 17:06 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-11 17:06 - 2015-07-09 09:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-11 14:25 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-11 14:25 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-11 14:25 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-11 14:24 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-11 14:24 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-11 14:24 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-11 14:24 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-11 14:24 - 2015-07-31 15:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-11 14:24 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-11 14:24 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-11 14:24 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-11 14:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-11 14:22 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-11 14:22 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-11 14:22 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-11 14:22 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-11 14:22 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-11 14:22 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-11 14:22 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-11 14:22 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-11 14:22 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-11 14:22 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-11 14:22 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-05 20:08 - 2012-04-02 17:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-05 19:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-05 19:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-05 18:13 - 2009-03-21 11:21 - 02025272 _____ C:\Windows\WindowsUpdate.log 2015-09-05 17:30 - 2014-06-21 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-04 15:13 - 2009-03-31 17:29 - 00000000 ____D C:\ProgramData\TEMP 2015-09-04 15:12 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\Program Files\Dell 2015-09-02 17:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache 2015-09-02 11:40 - 2006-11-02 08:01 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-09-02 11:20 - 2013-10-11 09:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2015-09-02 09:40 - 2010-02-01 15:41 - 00000000 ____D C:\Windows\system32\Adobe 2015-08-28 11:53 - 2014-06-14 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-28 11:53 - 2008-01-20 21:47 - 00781758 _____ C:\Windows\PFRO.log 2015-08-28 10:00 - 2015-03-17 15:45 - 00000000 ____D C:\Windows\system32\vbox 2015-08-28 08:50 - 2015-05-08 14:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-28 08:49 - 2015-05-08 14:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-27 17:30 - 2009-03-31 17:33 - 00000906 _____ C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Windows Media Player.lnk 2015-08-27 08:58 - 2009-06-02 21:01 - 00000000 ____D C:\ProgramData\lx_cats 2015-08-16 14:28 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-11 17:20 - 2009-03-21 17:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-11 17:19 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-11 17:08 - 2010-07-07 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-11 14:33 - 2006-11-02 07:47 - 00229608 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-11 14:29 - 2013-07-11 07:08 - 00000000 ____D C:\Windows\system32\MRT 2015-08-11 14:26 - 2006-11-02 05:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-11 14:08 - 2012-04-02 17:30 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-11 14:08 - 2011-05-25 08:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2013-03-15 13:32 - 2013-03-15 13:32 - 4126720 _____ () C:\Program Files\GUT35A3.tmp 2014-01-22 09:43 - 2014-01-22 09:44 - 50063360 _____ () C:\Program Files\GUTA045.tmp 2009-08-17 11:33 - 2012-03-25 15:22 - 0005632 _____ () C:\Users\Jmg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-03 18:17 - 2015-07-15 08:45 - 0000504 _____ () C:\ProgramData\FastPics.log 2011-04-23 13:43 - 2011-04-23 13:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt Some files in TEMP: ==================== C:\Users\Jmg\AppData\Local\temp\0_Offer_0.exe C:\Users\Jmg\AppData\Local\temp\6_Offer_15.exe C:\Users\Jmg\AppData\Local\temp\6_Offer_17.exe C:\Users\Jmg\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-8u31-windows-au.exe C:\Users\Jmg\AppData\Local\temp\pcDesktopAlertNoti fierX.dll C:\Users\Jmg\AppData\Local\temp\Quarantine.exe C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Finish.exe C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Start.exe C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite .dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 14928.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 22853.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 23069.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 25902.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 26767.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 57279.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 62558.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 69918.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 98294.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-04 15:22 ==================== End of FRST.txt ============================ Last edited by perplexed; September 6th, 2015 at 01:06 PM. |
#9
|
||||
|
||||
Please download AdwCleaner by Xplode onto your desktop.
|
#10
|
|||
|
|||
great directions and thanks.
# AdwCleaner v5.006 - Logfile created 07/09/2015 at 14:24:34 # Updated 06/09/2015 by Xplode # Database : 2015-09-04.4 [Server] # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86) # Username : Jmg - JMG-PC # Running from : C:\Users\Jmg\Downloads\adwcleaner_5.006.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : CouponPrinterService ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files\System Optimizer Pro [-] Folder Deleted : C:\Program Files\Coupons [!] Folder Not Deleted : C:\Program Files\Coupons [-] Folder Deleted : C:\Program Files\Optimizer Pro [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [!] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [-] Folder Deleted : C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnk ogchec [-] Folder Deleted : C:\Users\Jmg\AppData\Roaming\ARecEngine ***** [ Files ] ***** [-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver Performer.lnk ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edmgmpmklgf bohogafcfobonnkogchec [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} [-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068} [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}] [-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}] [-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Coupon Printer for Windows5.0.1.4 [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.4 ***** [ Web browsers ] ***** [-] [C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com [-] [C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com [-] [C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : edmgmpmklgfbohogafcfobonnkogchec ************************* :: Winsock settings cleared ************************* C:\AdwCleaner[S1].txt - [322 bytes] - [13/02/2013 12:33:59] C:\AdwCleaner[S2].txt - [3116 bytes] - [13/02/2013 12:34:45] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3625 bytes] ########## Last edited by perplexed; September 7th, 2015 at 08:40 PM. |
#11
|
||||
|
||||
Let's run an onlinescan, then we will cleanup the leftovers.
I'd like us to scan your machine with ESET OnlineScan
Also please post back with a fresh FRST logfile and tell me how the system is running. |
#12
|
|||
|
|||
may I ask what this means?
you said push push When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push I tried to figure it out, I think this is it.it said it cleaned them is that correct? C:\Users\Jmg\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\7803WIDZ\BuzzIT2Checker11-6[1].exe Win32/OutBrowse.Z potentially unwanted application cleaned by deleting - quarantined C:\Users\Jmg\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\F6ZGUPDN\PriceMeter[1].exe a variant of Win32/DealPly.R potentially unwanted application cleaned by deleting - quarantined C:\Users\Jmg\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\XA5WSTRU\VuuPC-Installer[1].exe Win32/VOPackage.B potentially unwanted application deleted - quarantined C:\Users\Jmg\AppData\Local\temp\0_Offer_0.exe Win32/OutBrowse.R potentially unwanted application deleted - quarantined C:\Users\Jmg\AppData\Local\temp\nso8FC1.tmp\Conver t.dll Win32/OutBrowse.V potentially unwanted application cleaned by deleting - quarantined Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015 Ran by Jmg (administrator) on JMG-PC (08-09-2015 14:47:39) Running from C:\Users\Jmg\Downloads Loaded Profiles: Jmg & RA Media Server (Available Profiles: Jmg & RA Media Server) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States) Internet Explorer Version 9 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe () C:\Program Files\Lexmark 2600 Series\lxdnmon.exe (Lexmark International Inc.) C:\Program Files\Lexmark 2600 Series\ezprint.exe (Apache Software Foundation) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe (Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe (Apache Software Foundation) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe (SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe (Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe ( ) C:\Windows\System32\lxdncoms.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe (Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe (Farbar) C:\Users\Jmg\Downloads\FRST(1).exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation) HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor) HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.) HKLM\...\Run: [lxdnmon.exe] => C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] () HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-28] (AVAST Software) HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation) HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation) ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-28] (AVAST Software) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dell Dock.lnk [2011-04-20] ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-22] ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{CCADCF13-5116-436B-A314-EFE343CAB0DE}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-433151091-2507789458-3595603629-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc179 HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179 SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\.DEFAULT -> {2C905420-E03E-466F-8B90-3B3A4C25FA95} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&s rc=IE-SearchBox SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms} BHO: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> No File BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software) BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation) Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849 FF DefaultSearchEngine: Yahoo! (Avast) FF DefaultSearchEngine.US: Yahoo! (Avast) FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search FF SearchEngineOrder.1: Yahoo! (Avast) FF SelectedSearchEngine: Yahoo! (Avast) FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=agc511 FF Keyword.URL: hxxps://search.yahoo.com/yhs/search FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_ 232.dll [2015-08-11] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160 .dll [2015-07-23] (Adobe Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-07-29] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent) FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-04-05] (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.) FF SearchPlugin: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849\searchplugins\yahoo-avast.xml [2015-05-21] FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-08-28] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-08] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-08] Chrome: ======= CHR Profile: C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Avast Online Security) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2015-05-08] CHR Extension: (Google Wallet) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2015-05-08] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-08] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-08] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed] R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-28] (AVAST Software) R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-28] (Avast Software) R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2009-03-21] (Creative Labs) [File not signed] R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-28] (Creative Technology Ltd) [File not signed] R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed] R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed] R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems) S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.) R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.) R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [589824 2007-11-28] ( ) S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed] R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-28] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-28] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-28] (AVAST Software) R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-28] (AVAST Software) R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-28] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-28] (AVAST Software) R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-28] (AVAST Software) S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-28] (AVAST Software) R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-28] (AVAST Software) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-28] (AVAST Software) R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems) R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-28] (Avast Software) U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation) S4 eapihdrv; \??\C:\Users\Jmg\AppData\Local\Temp\ehdrv.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-08 14:47 - 2015-09-08 14:47 - 01692160 _____ (Farbar) C:\Users\Jmg\Downloads\FRST(1).exe 2015-09-08 14:40 - 2015-09-08 14:40 - 00001720 _____ C:\Users\Jmg\Desktop\eset.txt 2015-09-08 13:32 - 2015-09-08 13:32 - 02870984 _____ (ESET) C:\Users\Jmg\Downloads\esetsmartinstaller_enu(1).e xe 2015-09-08 11:58 - 2015-09-08 11:58 - 00000000 ____D C:\Program Files\ESET 2015-09-08 11:57 - 2015-09-08 11:57 - 02870984 _____ (ESET) C:\Users\Jmg\Downloads\esetsmartinstaller_enu.exe 2015-09-07 14:20 - 2015-09-07 14:20 - 01654784 _____ C:\Users\Jmg\Downloads\adwcleaner_5.006.exe 2015-09-05 20:20 - 2015-09-05 20:20 - 00034606 _____ C:\Users\Jmg\Downloads\Addition.txt 2015-09-05 20:19 - 2015-09-08 14:47 - 00018930 _____ C:\Users\Jmg\Downloads\FRST.txt 2015-09-05 20:19 - 2015-09-08 14:47 - 00000000 ____D C:\FRST 2015-09-05 20:19 - 2015-09-05 20:19 - 01690624 _____ (Farbar) C:\Users\Jmg\Downloads\FRST.exe 2015-09-02 12:05 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2015-08-31 08:25 - 2015-08-31 08:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58C726B8.sys 2015-08-30 14:18 - 2015-08-30 14:18 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2CB36667.sys 2015-08-28 10:00 - 2015-08-28 11:53 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-08-28 08:51 - 2015-08-28 08:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys 2015-08-28 08:50 - 2015-08-28 08:49 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2015-08-28 08:50 - 2015-08-28 08:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys 2015-08-28 08:49 - 2015-08-28 08:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr 2015-08-19 08:53 - 2015-08-19 08:53 - 00000000 ____D C:\Program Files\Valassis 2015-08-19 08:52 - 2015-08-19 08:53 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-hUg1CcKg.exe 2015-08-19 08:50 - 2015-08-19 08:50 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-l8n52RuC.exe 2015-08-19 08:28 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-08-19 08:28 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-08-19 08:28 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(7).msi 2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(6).msi 2015-08-18 18:36 - 2015-08-18 18:36 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(5).msi 2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(4).msi 2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(3).msi 2015-08-18 18:34 - 2015-08-18 18:34 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(2).msi 2015-08-18 17:19 - 2015-08-18 17:19 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-vHF6sFRP.exe 2015-08-11 17:08 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-08-11 17:08 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2015-08-11 17:08 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-08-11 17:08 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys 2015-08-11 17:08 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-08-11 17:08 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll 2015-08-11 17:08 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-08-11 17:08 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-08-11 17:07 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll 2015-08-11 17:06 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-08-11 17:06 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2015-08-11 17:06 - 2015-07-09 09:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2015-08-11 14:25 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll 2015-08-11 14:25 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2015-08-11 14:25 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-08-11 14:24 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2015-08-11 14:24 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2015-08-11 14:24 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2015-08-11 14:24 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2015-08-11 14:24 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-08-11 14:24 - 2015-07-31 15:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-08-11 14:24 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2015-08-11 14:24 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2015-08-11 14:24 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-08-11 14:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe 2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe 2015-08-11 14:22 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-08-11 14:22 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-08-11 14:22 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-08-11 14:22 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-08-11 14:22 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-08-11 14:22 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-08-11 14:22 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-08-11 14:22 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-08-11 14:22 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-08-11 14:22 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-08-11 14:22 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-08-11 14:22 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-08-11 14:22 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-08 14:08 - 2012-04-02 17:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-09-08 13:42 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-09-08 13:42 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-09-08 13:30 - 2009-03-21 11:21 - 02089585 _____ C:\Windows\WindowsUpdate.log 2015-09-08 08:58 - 2014-06-21 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-09-08 07:24 - 2009-03-31 17:29 - 00000000 ____D C:\ProgramData\TEMP 2015-09-08 07:23 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-09-07 14:33 - 2006-11-02 08:01 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-09-07 14:24 - 2014-06-16 19:05 - 00000000 ____D C:\AdwCleaner 2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\Program Files\Dell 2015-09-02 17:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache 2015-09-02 11:20 - 2013-10-11 09:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2015-09-02 09:40 - 2010-02-01 15:41 - 00000000 ____D C:\Windows\system32\Adobe 2015-08-28 11:53 - 2014-06-14 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-08-28 11:53 - 2008-01-20 21:47 - 00781758 _____ C:\Windows\PFRO.log 2015-08-28 10:00 - 2015-03-17 15:45 - 00000000 ____D C:\Windows\system32\vbox 2015-08-28 08:50 - 2015-05-08 14:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys 2015-08-28 08:50 - 2015-05-08 14:58 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys 2015-08-28 08:49 - 2015-05-08 14:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2015-08-27 17:30 - 2009-03-31 17:33 - 00000906 _____ C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Windows Media Player.lnk 2015-08-27 08:58 - 2009-06-02 21:01 - 00000000 ____D C:\ProgramData\lx_cats 2015-08-16 14:28 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET 2015-08-11 17:20 - 2009-03-21 17:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2015-08-11 17:19 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer 2015-08-11 17:08 - 2010-07-07 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-08-11 14:33 - 2006-11-02 07:47 - 00229608 _____ C:\Windows\system32\FNTCACHE.DAT 2015-08-11 14:29 - 2013-07-11 07:08 - 00000000 ____D C:\Windows\system32\MRT 2015-08-11 14:26 - 2006-11-02 05:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2015-08-11 14:08 - 2012-04-02 17:30 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-08-11 14:08 - 2011-05-25 08:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2013-03-15 13:32 - 2013-03-15 13:32 - 4126720 _____ () C:\Program Files\GUT35A3.tmp 2014-01-22 09:43 - 2014-01-22 09:44 - 50063360 _____ () C:\Program Files\GUTA045.tmp 2009-08-17 11:33 - 2012-03-25 15:22 - 0005632 _____ () C:\Users\Jmg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-03 18:17 - 2015-07-15 08:45 - 0000504 _____ () C:\ProgramData\FastPics.log 2011-04-23 13:43 - 2011-04-23 13:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt Some files in TEMP: ==================== C:\Users\Jmg\AppData\Local\temp\6_Offer_15.exe C:\Users\Jmg\AppData\Local\temp\6_Offer_17.exe C:\Users\Jmg\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe C:\Users\Jmg\AppData\Local\temp\jre-8u31-windows-au.exe C:\Users\Jmg\AppData\Local\temp\pcDesktopAlertNoti fierX.dll C:\Users\Jmg\AppData\Local\temp\Quarantine.exe C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Finish.exe C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Start.exe C:\Users\Jmg\AppData\Local\temp\sqlite3.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite .dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 14928.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 22853.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 23069.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 25902.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 26767.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 57279.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 62558.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 69918.dll C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 98294.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-09-08 11:46 ==================== End of FRST.txt ============================ Last edited by perplexed; September 8th, 2015 at 08:55 PM. |
#13
|
||||
|
||||
Correct. Push means press, sorry.
How is the system running now? |
#14
|
|||
|
|||
Thanks so much your so kind. Well it is better. It tries to freeze some but now I am able to press the ctrl alt delete and although it takes a few mins it has worked thus far to unfreeze my computer.
thanks so much, if it continues I will post back. |
#15
|
||||
|
||||
ok
![]() |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
Topic Tools | |
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Firefox stop responding computer freezing Moved from malware by schrauber | Soaddyrara | Malware Removal | 1 | September 20th, 2017 05:53 PM |
network issues - moved from malware by schrauber | blue_70517 | Networking | 43 | October 23rd, 2015 03:16 AM |
Need Help with Laptop Not Responding and Freezing - moved by Jintan | JohnNgSF | Malware Removal | 23 | November 18th, 2012 12:27 AM |
psf: my computer is doing a very similar thing - moved by schrauber | psf | Malware Removal | 1 | January 19th, 2010 11:30 PM |
to stop spyware and malware popups: Moved from WinNT by Murray | padmee | Malware Removal | 9 | December 6th, 2007 12:17 PM |
All times are GMT +1. The time now is 07:48 PM.