Go Back   Cyber Tech Help Support Forums > Operating Systems > Older Windows Versions > Windows Vista

Notices

Windows Vista Problem solving for the Windows Vista Operating System. Please remember to state which edition of Vista you are using - Home Basic, Home Premium, Business, Ultimate etc. and whether you are using the 32-bit or 64-bit version if you know.

Reply
 
Topic Tools
  #1  
Old August 31st, 2015, 04:40 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,397
Unhappy Firefox stop responding & computer freezing-Moved from malware by schrauber

I am getting a lot of Firefox stop responding & computer freezing. I did a scan on malware bytes and it found 7 items and I sent them to quarantine all were
pup.optional.outbrowse. I tried to do a avast scan and it froze mid way through.

I did another avast scan and it found 3 items I sent to vault, do I post them here or in another forum to see if I need to proceed futher?


I try and use the ctrl alt delete to get my computer to be active again and it may or may not work. I often have to push button on tower to restart. Is there another way other than that ?

Thanks for any help you may give

Last edited by perplexed; August 31st, 2015 at 06:13 PM.
Reply With Quote
  #2  
Old September 3rd, 2015, 05:10 PM
Murf's Avatar
Murf Murf is offline
Moderator
 
Join Date: Oct 2001
O/S: Windows XP Pro
Posts: 17,424
Lets move this over to our malware forum to see if an infection is causing this.
Reply With Quote
  #3  
Old September 3rd, 2015, 06:47 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Hello, perplexed
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.
Reply With Quote
  #4  
Old September 4th, 2015, 05:04 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,397
okay I did do a malwarebytes scan nothing shows and I did a avast scan and sent 3 items to chest before I ever posted . Thank you .

Last edited by perplexed; September 4th, 2015 at 09:18 PM.
Reply With Quote
  #5  
Old September 5th, 2015, 01:47 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please run the FRST scan from my post above. Otherwise I am not able to help or say anything about the state of the system.
Reply With Quote
  #6  
Old September 6th, 2015, 02:24 AM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,397
Thanks so much!


Additional scan result of Farbar Recovery Scan Tool (x86) Version:04-09-2015
Ran by Jmg (2015-09-05 20:20:15)
Running from C:\Users\Jmg\Downloads
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-433151091-2507789458-3595603629-500 - Administrator - Disabled)
ASPNET (S-1-5-21-433151091-2507789458-3595603629-1003 - Limited - Enabled)
Guest (S-1-5-21-433151091-2507789458-3595603629-501 - Limited - Disabled)
Jmg (S-1-5-21-433151091-2507789458-3595603629-1000 - Administrator - Enabled) => C:\Users\Jmg
RA Media Server (S-1-5-21-433151091-2507789458-3595603629-1001 - Administrator - Enabled) => C:\Users\RA Media Server

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D 1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - )
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.1.4) (Version: 5.0.1.4 - Coupons.com Incorporated)
Creative MediaSource 5 (HKLM\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.00 - )
Dell DataSafe Online (HKLM\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0023 - Dell, Inc.)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Remote Access (HKLM\...\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}) (Version: 1.0.0.0 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.08298 - Dell)
DELL0604 (Version: 1.0.0 - WildTangent) Hidden
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version: - Lexmark International, Inc.)
Lexmark Toolbar (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.13.37.0 - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
P@H-Protocol (HKLM\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
RC_Vista.exe (HKLM\...\RC_Vista.exe) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
RevTraxPrintMyCoupon (HKLM\...\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}) (Version: 1.0.0.0 - RevTrax) <==== ATTENTION
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Sound Blaster Audigy ADVANCED MB (HKLM\...\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}) (Version: 1.0 - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
WildTangent Games (HKLM\...\WildTangent dell Master Uninstall) (Version: 1.0.0.62 - WildTangent)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-433151091-2507789458-3595603629-1000_Classes\CLSID\{9F3041F6-9C7A-5252-AD04-F3C9EF05D2D9}\InprocServer32 -> C:\Users\Jmg\AppData\Roaming\RevTrax\RevTraxPrintM yCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll (RevTrax)

==================== Restore Points =========================

02-09-2015 12:05:11 Windows Update
02-09-2015 18:08:35 Removed CouponPrinterPlugin
02-09-2015 18:09:08 Removed Dell Dock
02-09-2015 18:10:33 Removed Dell Dock
02-09-2015 18:11:50 Removed Walgreens PictureMover.
02-09-2015 18:13:56 Removed Dell Getting Started Guide.
02-09-2015 18:14:17 Removed Dell Support Center (Support Software).
02-09-2015 18:16:25 Removed Java 8 Update 45
05-09-2015 13:45:39 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2010-08-20 10:33 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {AA39DF3E-0F1E-42A6-873A-8022831E320A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {D21D6367-0CD4-44E0-AEED-FA3AEA4830C1} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {E62B38A7-3744-4059-8731-02C0BBD23D81} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-28] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe

==================== Loaded Modules (Whitelisted) ==============

2015-05-08 14:58 - 2015-08-28 08:49 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-08 14:58 - 2015-08-28 08:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-04 14:56 - 2015-09-04 14:56 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090402\algo.dll
2015-09-05 06:51 - 2015-09-05 06:51 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090500\algo.dll
2015-09-05 13:12 - 2015-09-05 13:12 - 02964480 _____ () C:\Program Files\AVAST Software\Avast\defs\15090502\algo.dll
2014-06-03 10:25 - 2009-08-13 12:02 - 00147968 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdndrpp .dll
2014-06-03 18:17 - 2010-02-04 04:05 - 00660136 _____ () C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
2014-06-03 18:17 - 2009-07-23 14:48 - 00380928 _____ () C:\Program Files\Lexmark 2600 Series\lxdnscw.dll
2014-06-03 18:17 - 2007-05-29 02:39 - 00589824 _____ () C:\Program Files\Lexmark 2600 Series\lxdndatr.dll
2014-06-03 18:17 - 2009-07-23 14:49 - 00782336 _____ () C:\Program Files\Lexmark 2600 Series\lxdnDRS.dll
2014-06-03 18:17 - 2009-05-14 08:46 - 00081920 _____ () C:\Program Files\Lexmark 2600 Series\lxdncaps.dll
2014-06-03 18:17 - 2007-10-02 09:51 - 00069632 _____ () C:\Program Files\Lexmark 2600 Series\lxdncnv4.dll
2014-06-03 18:17 - 2007-10-12 13:24 - 00364544 _____ () C:\Program Files\Lexmark 2600 Series\iptk.dll
2007-09-14 14:35 - 2007-09-14 14:35 - 05730304 _____ () C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
2007-09-24 08:27 - 2007-09-24 08:27 - 02035712 _____ () C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\LIBMYSQL.dll
2009-07-23 19:49 - 2009-07-23 19:49 - 00782336 _____ () C:\Windows\system32\lxdndrs.dll
2009-05-14 13:46 - 2009-05-14 13:46 - 00081920 _____ () C:\Windows\system32\lxdncaps.dll
2007-10-02 14:51 - 2007-10-02 14:51 - 00069632 _____ () C:\Windows\system32\lxdncnv4.dll
2015-05-08 14:58 - 2015-05-08 14:58 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\meebo.com -> meebo.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-433151091-2507789458-3595603629-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{9848DDCD-4411-49F3-A928-60683F9DAC1D}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe
FirewallRules: [{B2D82E31-64F6-4D3D-8B89-86CBCFFF5CB2}] => (Allow) C:\Program Files\Dell Remote Access\ezi_ra.exe
FirewallRules: [{9F8730F1-B717-481D-AF8E-B3CFA9893842}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{E0C063D8-6EE0-4B31-A4D7-EA6816EEF629}] => (Allow) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
FirewallRules: [{27F59DB3-14AA-41A0-BD71-0E632B83BEF3}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{3A4CE0C9-D062-4EA6-8E65-D08EBC7BCD90}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FDB3063F-9E44-47A7-B118-2847554D2872}] => (Allow) svchost.exe
FirewallRules: [{5EE23785-B670-4267-9653-5AEBE689D02A}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B6E40CF1-42ED-4585-8F95-6890D1900EA7}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe
FirewallRules: [{7A3E70FF-7FF8-4611-8CD0-1D333AE62F85}] => (Allow) C:\ProgramData\SingleClick Systems\VLC\vlc.exe
FirewallRules: [{3D5ED5A9-57A4-4432-9189-434F2993B0DD}] => (Allow) C:\Program Files\AVG\AVG8\avgemc.exe
FirewallRules: [{739AF580-3943-48FB-9419-C400A09C7E0B}] => (Allow) C:\Program Files\AVG\AVG8\avgupd.exe
FirewallRules: [{2E97D523-625D-457A-A445-63BF4B337F40}] => (Allow) C:\Program Files\AVG\AVG8\avgnsx.exe
FirewallRules: [{352D6A03-86CA-4BEE-9C51-49284A232967}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{999D8CE7-44BD-4638-9635-0C3A3CFE20EF}] => (Allow) C:\Program Files\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{B18D1CA4-8E41-42DD-A890-886FE05C3BD1}] => (Allow) C:\Program Files\AIM6\aim6.exe
FirewallRules: [{AF86C38C-17A7-4813-B041-76E39CBD4767}] => (Allow) C:\Program Files\AIM6\aim6.exe
FirewallRules: [TCP Query User{EFB87D27-89B3-4AE9-A8F3-A0495394C91C}C:\program files\aim6\aim6.exe] => (Block) C:\program files\aim6\aim6.exe
FirewallRules: [UDP Query User{8AAB5B7A-6B60-4D92-ABF5-7A2FD9E3B966}C:\program files\aim6\aim6.exe] => (Block) C:\program files\aim6\aim6.exe
FirewallRules: [{FBBF1D12-A13A-4355-86B5-9F6F18C02908}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{059C0A5F-F027-4CF2-9AFF-B0B5E9881399}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5D9677E5-6EC7-4F2C-B2A4-CC590FF403C4}C:\windows\temp\occ.exe] => (Block) C:\windows\temp\occ.exe
FirewallRules: [UDP Query User{808641AD-1597-4C0A-B34E-51420174C37A}C:\windows\temp\occ.exe] => (Block) C:\windows\temp\occ.exe
FirewallRules: [{EE822A05-03F0-4F59-949C-08F75716DB29}] => (Allow) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
FirewallRules: [{E5A36D76-16D2-473B-84A6-859F36964FC6}] => (Allow) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
FirewallRules: [{C1B53403-871F-444B-AEEF-52F12160B8D8}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
FirewallRules: [{ABF0445D-A4FE-401C-A7B2-0C1381A3F556}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
FirewallRules: [{1DD1C47A-AF02-49C5-B19E-7D8228A03C4B}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysql.exe
FirewallRules: [{905D490A-F6EE-441B-829B-000185F50AFB}] => (Allow) C:\ProgramData\SingleClick Systems\MySQL\bin\mysql.exe
FirewallRules: [{D038D729-5974-4647-838C-7D3CF6632203}] => (Allow) C:\ProgramData\SingleClick Systems\apache\php.exe
FirewallRules: [{698B1E2F-A6F2-4EBB-996A-9F60F2811BF0}] => (Allow) C:\ProgramData\SingleClick Systems\apache\php.exe
FirewallRules: [{FC881E16-BC35-4DCA-9F7A-BEB1A5F046F9}] => (Allow) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
FirewallRules: [{ADAE2C2D-DA84-4F34-860E-BBA56154F96C}] => (Allow) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
FirewallRules: [{AB4A85C5-EAC0-43F6-9584-A7C9487F8873}] => (Allow) LPort=40080
FirewallRules: [{949B0706-B5AD-4AE3-BA0F-A60BF85D27C7}] => (Allow) LPort=40090
FirewallRules: [{8CAC6681-9D7D-4317-B99D-F52803276666}] => (Allow) LPort=40091
FirewallRules: [{51CB3201-AAE5-4E62-B26E-7E2F9B123CC3}] => (Allow) LPort=40092
FirewallRules: [{B4582D87-E460-4980-B040-A82725052A60}] => (Allow) LPort=40093
FirewallRules: [{64E4602D-771F-4EC7-8264-66413EADB292}] => (Allow) LPort=40094
FirewallRules: [{1B9B7B2F-83B2-4361-98BB-53AA4534D4F4}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [{EFB17237-7F39-4301-A137-E70D9B75C6B6}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [{FDA3FC38-FAE8-42B7-9218-C495196022A7}] => (Allow) LPort=80
FirewallRules: [{67572C9C-22BF-474C-A93E-E8C3CE218C5F}] => (Allow) LPort=80
FirewallRules: [{C3C2D8AA-115F-4F31-A0B2-B1EBE3A21905}] => (Allow) LPort=80
FirewallRules: [{9648E0E8-B9BA-4B61-A0A5-B1A832C4419E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSv cHost.exe
FirewallRules: [{84F83860-34A5-49A9-B38D-A4420C5DAC74}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe
FirewallRules: [{BC4D219C-00B5-4F10-B9A4-0DC9A3CD534D}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe
FirewallRules: [{4214F0E6-C4FD-455D-B79C-9D91737BC473}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{9D418FB9-E377-43D6-88DA-C197BC020EF8}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{97D49608-93A2-4DF9-A459-E1CAB530F497}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{84E4F7E0-3B2A-47BC-8EF5-F6701E2B1763}] => (Allow) C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{06799D81-C9B3-4A7C-84E0-D35B9D5517DB}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{0E06D329-2C78-46B8-B226-60D2A6A0EE32}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{EAC641B5-8646-43D8-8115-87E2F7B66048}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdntim e.exe
FirewallRules: [{347A41FF-EE9F-48A2-BE46-DFF53903382F}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdntim e.exe
FirewallRules: [{94F80B55-2D80-49C8-8C3F-D8B064189D28}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnwbg w.exe
FirewallRules: [{B55555F7-62EB-44A6-AFD1-947EC7471F7B}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnwbg w.exe
FirewallRules: [{72983580-B411-4366-8E7D-774EC253959F}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnjsw x.exe
FirewallRules: [{12EBD3D1-9EE5-4B8C-AB0D-03B73E240476}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnjsw x.exe
FirewallRules: [{83216514-E440-40EF-B8D9-5960AD96F483}] => (Allow) C:\Program Files\Lexmark 2600 Series\frun.exe
FirewallRules: [{565665DD-0246-44E0-8BC6-EDF2CC6C9948}] => (Allow) C:\Program Files\Lexmark 2600 Series\frun.exe
FirewallRules: [{4E7EF32B-8F2C-427C-B99C-F418F2B8486F}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{F3F0BDF1-B466-40B4-9ED5-99B45A6028A1}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [TCP Query User{CFD34DE9-5AFC-426E-9170-D807AD95C9E7}C:\program files\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [UDP Query User{9FBE153B-55F9-4212-859A-48AB33654B2D}C:\program files\lexmark 2600 series\lxdnlscn.exe] => (Allow) C:\program files\lexmark 2600 series\lxdnlscn.exe
FirewallRules: [{2BA90ADE-4565-4666-A78E-6E42BBFE29A0}] => (Allow) C:\Program Files\ATT-HSI\pcBrowser.exe
FirewallRules: [{E288CEFA-46E6-441C-B118-976A3D42C7B4}] => (Allow) C:\Program Files\ATT-HSI\pcBrowser.exe
FirewallRules: [{DACA6E86-D0BA-4B24-9BE7-EC7F0564495A}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{122094BB-2CEA-4DF9-AABA-A69E2FCDD9B5}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{721BE386-2E84-44A7-86D2-16AED7C21F8A}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe
FirewallRules: [{8388936B-9D60-49FE-B13F-F5A3C12DE40F}] => (Allow) C:\Program Files\Lexmark 2600 Series\lxdnlscn.exe
FirewallRules: [{B6FED07E-006E-4C9D-B456-4FC3C0CDCC72}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{4B53A483-C5C5-45FD-8EA9-C3337B0D9AFE}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{F2A1C7B9-198F-4654-88F2-960D233E9651}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe
FirewallRules: [{1CB5E030-33F1-456C-B553-FA86B27157CF}] => (Allow) C:\Windows\System32\spool\drivers\w32x86\3\lxdnpsw x.exe
FirewallRules: [{36F907C1-3401-422C-84D4-66D0BA95B2FE}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [{697217FD-1C5A-4B6F-9890-9A2C958EDB18}] => (Allow) C:\Program Files\AIM\aim.exe
FirewallRules: [{5EE1B311-E0B8-4CEA-9190-0488DE11657D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8D3227C4-7A99-4E23-832B-1126F12F95AD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A94B297A-4E6F-4C9E-94D1-58C172A54CED}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CF046C62-4B55-4D41-A0C7-ECD850A47CEF}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7D515ED1-FEB5-4621-B1A0-763C4F0DEDF6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{49900F62-9631-4583-865F-BE27C55C77C5}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

==================== Faulty Device Manager Devices =============

Name: Lexmark 2600 Series #3
Description: Lexmark 2600 Series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Lexmark
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2015 03:13:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 05:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 11:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 11:23:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 05:26:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2015 10:30:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 40.0.3.5716, time stamp 0x55ddb213, faulting module mozglue.dll, version 40.0.3.5716, time stamp 0x55dda062, exception code 0x80000003, fault offset 0x0000e250,
process id 0x35c, application start time 0xplugin-container.exe0.

Error: (08/31/2015 10:22:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2015 08:25:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2015 02:17:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:55:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (09/04/2015 03:13:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Remote Access Media Server%%1053

Error: (09/04/2015 03:13:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Remote Access Media Server

Error: (09/04/2015 03:11:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:07:39 PM on 9/4/2015 was unexpected.

Error: (09/02/2015 05:42:55 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:38:50 PM on 9/2/2015 was unexpected.

Error: (09/02/2015 02:13:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000MBAMScheduler

Error: (09/01/2015 05:25:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:23:15 PM on 9/1/2015 was unexpected.

Error: (08/31/2015 10:21:06 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:39:54 AM on 8/31/2015 was unexpected.

Error: (08/31/2015 08:24:01 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:20:32 AM on 8/31/2015 was unexpected.

Error: (08/30/2015 04:27:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000Netman

Error: (08/30/2015 02:16:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:12:37 PM on 8/30/2015 was unexpected.


Microsoft Office:
=========================
Error: (09/04/2015 03:13:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 05:43:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 11:41:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/02/2015 11:23:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2015 05:26:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2015 10:30:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3. 571655dda062800000030000e25035c01d0e401e2f48d45

Error: (08/31/2015 10:22:03 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2015 08:25:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2015 02:17:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:55:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity:
===================================
Date: 2015-09-05 20:19:52.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 20:19:52.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 20:19:51.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 20:19:50.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 09:38:43.942
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 09:38:42.853
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 09:38:41.808
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 09:38:40.532
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 09:38:39.475
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-09-05 09:38:38.492
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 56%
Total physical RAM: 3060.45 MB
Available physical RAM: 1343.48 MB
Total Virtual: 6351.17 MB
Available Virtual: 4679.58 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:242.88 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.79 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (Size: 298.1 GB) (Disk ID: 850B2CCD)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #7  
Old September 6th, 2015, 06:36 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please uninstall RevTraxPrintMyCoupon.

Also please post the content of FRST.txt, created by the program FRST.
Reply With Quote
  #8  
Old September 6th, 2015, 12:52 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,397
thanks so much I will uninstall as you requested.


is this what you requested?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:04-09-2015
Ran by Jmg (administrator) on JMG-PC (05-09-2015 20:19:39)
Running from C:\Users\Jmg\Downloads
Loaded Profiles: Jmg & RA Media Server (Available Profiles: Jmg & RA Media Server)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
() C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 2600 Series\ezprint.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
(SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
( ) C:\Windows\System32\lxdncoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-28] (AVAST Software)
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-28] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver performer.lnk [2011-04-20]
ShortcutTarget: Driver performer.lnk -> C:\Users\Jmg\AppData\Local\temp\7ZipSfx.000\dp.exe (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dell Dock.lnk [2011-04-20]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CCADCF13-5116-436B-A314-EFE343CAB0DE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {2C905420-E03E-466F-8B90-3B3A4C25FA95} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&s rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)
BHO: Windows Live Toolbar Helper -> {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_ 232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160 .dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-433151091-2507789458-3595603629-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\Jmg\AppData\Roaming\RevTrax\RevTraxPrintM yCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-04-05] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849\searchplugins\yahoo-avast.xml [2015-05-21]
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-08-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-08]

Chrome:
=======
CHR Profile: C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Motive Extension) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnk ogchec [2013-09-29]
CHR Extension: (Avast Online Security) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2015-05-08]
CHR Extension: (Google Wallet) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2015-05-08]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2013-06-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-28] (Avast Software)
R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [154096 2014-12-03] (Coupons.com Inc.)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2009-03-21] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-28] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [589824 2007-11-28] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-28] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-28] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-28] (AVAST Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [98520 2015-09-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-28] (AVAST Software)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-28] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 20:19 - 2015-09-05 20:20 - 00019873 _____ C:\Users\Jmg\Downloads\FRST.txt
2015-09-05 20:19 - 2015-09-05 20:19 - 01690624 _____ (Farbar) C:\Users\Jmg\Downloads\FRST.exe
2015-09-05 20:19 - 2015-09-05 20:19 - 00000000 ____D C:\FRST
2015-09-02 12:05 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-31 08:25 - 2015-08-31 08:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58C726B8.sys
2015-08-30 14:18 - 2015-08-30 14:18 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2CB36667.sys
2015-08-28 10:00 - 2015-08-28 11:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-28 08:51 - 2015-08-28 08:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-08-28 08:50 - 2015-08-28 08:49 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-28 08:50 - 2015-08-28 08:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-28 08:49 - 2015-08-28 08:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-19 08:53 - 2015-08-19 08:53 - 00000000 ____D C:\Program Files\Valassis
2015-08-19 08:52 - 2015-08-19 08:53 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-hUg1CcKg.exe
2015-08-19 08:50 - 2015-08-19 08:50 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-l8n52RuC.exe
2015-08-19 08:28 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 08:28 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-19 08:28 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(7).msi
2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(6).msi
2015-08-18 18:37 - 2015-08-18 18:37 - 00000000 ____D C:\Users\Jmg\AppData\Roaming\RevTrax
2015-08-18 18:36 - 2015-08-18 18:36 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(5).msi
2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(4).msi
2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(3).msi
2015-08-18 18:34 - 2015-08-18 18:34 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(2).msi
2015-08-18 17:19 - 2015-08-18 17:19 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-vHF6sFRP.exe
2015-08-11 17:08 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 17:08 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-11 17:08 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 17:08 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-11 17:08 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 17:08 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-11 17:08 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 17:08 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 17:07 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-11 17:06 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 17:06 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 17:06 - 2015-07-09 09:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-11 14:25 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 14:25 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 14:25 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 14:24 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-11 14:24 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 14:24 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-11 14:24 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 14:24 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 14:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 14:22 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 14:22 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 14:22 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 14:22 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 14:22 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 14:22 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 14:22 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-11 14:22 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 14:22 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-11 14:22 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-11 14:22 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 20:08 - 2012-04-02 17:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-05 19:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 19:11 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 18:13 - 2009-03-21 11:21 - 02025272 _____ C:\Windows\WindowsUpdate.log
2015-09-05 17:30 - 2014-06-21 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-04 15:13 - 2009-03-31 17:29 - 00000000 ____D C:\ProgramData\TEMP
2015-09-04 15:12 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\Program Files\Dell
2015-09-02 17:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-09-02 11:40 - 2006-11-02 08:01 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-02 11:20 - 2013-10-11 09:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-09-02 09:40 - 2010-02-01 15:41 - 00000000 ____D C:\Windows\system32\Adobe
2015-08-28 11:53 - 2014-06-14 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 11:53 - 2008-01-20 21:47 - 00781758 _____ C:\Windows\PFRO.log
2015-08-28 10:00 - 2015-03-17 15:45 - 00000000 ____D C:\Windows\system32\vbox
2015-08-28 08:50 - 2015-05-08 14:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-28 08:49 - 2015-05-08 14:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-27 17:30 - 2009-03-31 17:33 - 00000906 _____ C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Windows Media Player.lnk
2015-08-27 08:58 - 2009-06-02 21:01 - 00000000 ____D C:\ProgramData\lx_cats
2015-08-16 14:28 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-11 17:20 - 2009-03-21 17:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-11 17:19 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-11 17:08 - 2010-07-07 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 14:33 - 2006-11-02 07:47 - 00229608 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-11 14:29 - 2013-07-11 07:08 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 14:26 - 2006-11-02 05:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-11 14:08 - 2012-04-02 17:30 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-11 14:08 - 2011-05-25 08:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-15 13:32 - 2013-03-15 13:32 - 4126720 _____ () C:\Program Files\GUT35A3.tmp
2014-01-22 09:43 - 2014-01-22 09:44 - 50063360 _____ () C:\Program Files\GUTA045.tmp
2009-08-17 11:33 - 2012-03-25 15:22 - 0005632 _____ () C:\Users\Jmg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-03 18:17 - 2015-07-15 08:45 - 0000504 _____ () C:\ProgramData\FastPics.log
2011-04-23 13:43 - 2011-04-23 13:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\Jmg\AppData\Local\temp\0_Offer_0.exe
C:\Users\Jmg\AppData\Local\temp\6_Offer_15.exe
C:\Users\Jmg\AppData\Local\temp\6_Offer_17.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Jmg\AppData\Local\temp\pcDesktopAlertNoti fierX.dll
C:\Users\Jmg\AppData\Local\temp\Quarantine.exe
C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Finish.exe
C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Start.exe
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite .dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 14928.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 22853.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 23069.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 25902.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 26767.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 57279.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 62558.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 69918.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 98294.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-04 15:22

==================== End of FRST.txt ============================

Last edited by perplexed; September 6th, 2015 at 01:06 PM.
Reply With Quote
  #9  
Old September 7th, 2015, 06:48 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[C1].txt as well.
Reply With Quote
  #10  
Old September 7th, 2015, 08:30 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,397
great directions and thanks.

# AdwCleaner v5.006 - Logfile created 07/09/2015 at 14:24:34
# Updated 06/09/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Jmg - JMG-PC
# Running from : C:\Users\Jmg\Downloads\adwcleaner_5.006.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\System Optimizer Pro
[-] Folder Deleted : C:\Program Files\Coupons
[!] Folder Not Deleted : C:\Program Files\Coupons
[-] Folder Deleted : C:\Program Files\Optimizer Pro
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[!] Folder Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[-] Folder Deleted : C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnk ogchec
[-] Folder Deleted : C:\Users\Jmg\AppData\Roaming\ARecEngine

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Driver Performer.lnk

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\edmgmpmklgf bohogafcfobonnkogchec
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Coupon Printer for Windows5.0.1.4
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.4

***** [ Web browsers ] *****

[-] [C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : edmgmpmklgfbohogafcfobonnkogchec

*************************

:: Winsock settings cleared

*************************

C:\AdwCleaner[S1].txt - [322 bytes] - [13/02/2013 12:33:59]
C:\AdwCleaner[S2].txt - [3116 bytes] - [13/02/2013 12:34:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3625 bytes] ##########

Last edited by perplexed; September 7th, 2015 at 08:40 PM.
Reply With Quote
  #11  
Old September 8th, 2015, 04:18 PM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Let's run an onlinescan, then we will cleanup the leftovers.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Also please post back with a fresh FRST logfile and tell me how the system is running.
Reply With Quote
  #12  
Old September 8th, 2015, 06:07 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,397
may I ask what this means?

you said push push

When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

I tried to figure it out, I think this is it.it said it cleaned them is that correct?

C:\Users\Jmg\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\7803WIDZ\BuzzIT2Checker11-6[1].exe Win32/OutBrowse.Z potentially unwanted application cleaned by deleting - quarantined
C:\Users\Jmg\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\F6ZGUPDN\PriceMeter[1].exe a variant of Win32/DealPly.R potentially unwanted application cleaned by deleting - quarantined
C:\Users\Jmg\AppData\Local\Microsoft\Windows\Tempo rary Internet Files\Content.IE5\XA5WSTRU\VuuPC-Installer[1].exe Win32/VOPackage.B potentially unwanted application deleted - quarantined
C:\Users\Jmg\AppData\Local\temp\0_Offer_0.exe Win32/OutBrowse.R potentially unwanted application deleted - quarantined
C:\Users\Jmg\AppData\Local\temp\nso8FC1.tmp\Conver t.dll Win32/OutBrowse.V potentially unwanted application cleaned by deleting - quarantined

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-09-2015
Ran by Jmg (administrator) on JMG-PC (08-09-2015 14:47:39)
Running from C:\Users\Jmg\Downloads
Loaded Profiles: Jmg & RA Media Server (Available Profiles: Jmg & RA Media Server)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 2600 Series\ezprint.exe
(Apache Software Foundation) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
(Creative Labs) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
(Creative Technology Ltd) C:\Windows\System32\CTSVCCDA.EXE
() C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe
(Apache Software Foundation) C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe
(SingleClick Systems) C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe
(Dell Inc.) C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
( ) C:\Windows\System32\lxdncoms.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlug in_18_0_0_232.exe
(Farbar) C:\Users\Jmg\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-05-11] (Realtek Semiconductor)
HKLM\...\Run: [dellsupportcenter] => C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-04] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark 2600 Series\ezprint.exe [107176 2010-02-04] (Lexmark International Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-28] (AVAST Software)
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-28] (AVAST Software)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-03-21]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\Dell Dock.lnk [2011-04-20]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-01-22]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{CCADCF13-5116-436B-A314-EFE343CAB0DE}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
HKU\S-1-5-21-433151091-2507789458-3595603629-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com?fr=hp-avast&type=odc179
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> {2C905420-E03E-466F-8B90-3B3A4C25FA95} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&s rc=IE-SearchBox
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: No Name -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27] (Adobe Systems Incorporated)
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2008-12-04] (Microsoft Corp.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-29] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-28] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-29] (Oracle Corporation)
Toolbar: HKLM - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-433151091-2507789458-3595603629-1000 -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849
FF DefaultSearchEngine: Yahoo! (Avast)
FF DefaultSearchEngine.US: Yahoo! (Avast)
FF DefaultSearchUrl: hxxps://search.yahoo.com/yhs/search
FF SearchEngineOrder.1: Yahoo! (Avast)
FF SelectedSearchEngine: Yahoo! (Avast)
FF Homepage: hxxps://www.yahoo.com/?fr=hp-avast&type=agc511
FF Keyword.URL: hxxps://search.yahoo.com/yhs/search
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_ 232.dll [2015-08-11] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219160 .dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1. dll [2015-07-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-16] (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-04-05] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2012-07-27] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Jmg\AppData\Roaming\Mozilla\Firefox\Profi les\dlrfpkkn.default-1413475615849\searchplugins\yahoo-avast.xml [2015-05-21]
FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-08-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-08]

Chrome:
=======
CHR Profile: C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2015-05-08]
CHR Extension: (Google Wallet) - C:\Users\Jmg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2015-05-08]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.2; C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-28] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-28] (Avast Software)
R2 Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [72704 2009-03-21] (Creative Labs) [File not signed]
R2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 2008-07-28] (Creative Technology Ltd) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation) [File not signed]
R2 dsl-db; C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [5730304 2007-09-14] () [File not signed]
R2 dsl-fs-sync; C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [173296 2008-09-30] (SingleClick Systems)
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
R2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
R2 lxdn_device; C:\Windows\system32\lxdncoms.exe [589824 2007-11-28] ( )
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 pcCMService; C:\Program Files\Common Files\Motive\pcCMService.exe [369152 2013-03-02] (Alcatel-Lucent) [File not signed]
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-08-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-28] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [161472 2015-08-28] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-08-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-28] (AVAST Software)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-10-16] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-28] (AVAST Software)
R2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-28] (Avast Software)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S4 eapihdrv; \??\C:\Users\Jmg\AppData\Local\Temp\ehdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S4 USBSTOR; \SystemRoot\system32\drivers\usbstor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 14:47 - 2015-09-08 14:47 - 01692160 _____ (Farbar) C:\Users\Jmg\Downloads\FRST(1).exe
2015-09-08 14:40 - 2015-09-08 14:40 - 00001720 _____ C:\Users\Jmg\Desktop\eset.txt
2015-09-08 13:32 - 2015-09-08 13:32 - 02870984 _____ (ESET) C:\Users\Jmg\Downloads\esetsmartinstaller_enu(1).e xe
2015-09-08 11:58 - 2015-09-08 11:58 - 00000000 ____D C:\Program Files\ESET
2015-09-08 11:57 - 2015-09-08 11:57 - 02870984 _____ (ESET) C:\Users\Jmg\Downloads\esetsmartinstaller_enu.exe
2015-09-07 14:20 - 2015-09-07 14:20 - 01654784 _____ C:\Users\Jmg\Downloads\adwcleaner_5.006.exe
2015-09-05 20:20 - 2015-09-05 20:20 - 00034606 _____ C:\Users\Jmg\Downloads\Addition.txt
2015-09-05 20:19 - 2015-09-08 14:47 - 00018930 _____ C:\Users\Jmg\Downloads\FRST.txt
2015-09-05 20:19 - 2015-09-08 14:47 - 00000000 ____D C:\FRST
2015-09-05 20:19 - 2015-09-05 20:19 - 01690624 _____ (Farbar) C:\Users\Jmg\Downloads\FRST.exe
2015-09-02 12:05 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-31 08:25 - 2015-08-31 08:25 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\58C726B8.sys
2015-08-30 14:18 - 2015-08-30 14:18 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2CB36667.sys
2015-08-28 10:00 - 2015-08-28 11:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-28 08:51 - 2015-08-28 08:50 - 00161472 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2015-08-28 08:50 - 2015-08-28 08:49 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-08-28 08:50 - 2015-08-28 08:49 - 00095112 _____ (AVAST Software) C:\Windows\system32\Drivers\ngvss.sys
2015-08-28 08:49 - 2015-08-28 08:49 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-08-19 08:53 - 2015-08-19 08:53 - 00000000 ____D C:\Program Files\Valassis
2015-08-19 08:52 - 2015-08-19 08:53 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-hUg1CcKg.exe
2015-08-19 08:50 - 2015-08-19 08:50 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-l8n52RuC.exe
2015-08-19 08:28 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-19 08:28 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-19 08:28 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(7).msi
2015-08-18 18:37 - 2015-08-18 18:37 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(6).msi
2015-08-18 18:36 - 2015-08-18 18:36 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(5).msi
2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(4).msi
2015-08-18 18:35 - 2015-08-18 18:35 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(3).msi
2015-08-18 18:34 - 2015-08-18 18:34 - 01732608 _____ C:\Users\Jmg\Downloads\RevTraxPrintMyCoupon(2).msi
2015-08-18 17:19 - 2015-08-18 17:19 - 02166416 _____ (Valassis) C:\Users\Jmg\Downloads\P@H_prod308-vHF6sFRP.exe
2015-08-11 17:08 - 2015-07-21 15:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 17:08 - 2015-07-21 11:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-11 17:08 - 2015-07-21 11:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 17:08 - 2015-07-21 11:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-11 17:08 - 2015-07-21 11:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 17:08 - 2015-07-21 11:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-11 17:08 - 2015-07-21 11:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 17:08 - 2015-07-21 11:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 17:07 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-11 17:06 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 17:06 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 17:06 - 2015-07-09 09:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-11 14:25 - 2015-07-18 11:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 14:25 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 14:25 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 14:24 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-11 14:24 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-11 14:24 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 14:24 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-11 14:24 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 14:24 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 14:24 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 14:24 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 14:23 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 14:22 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 14:22 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 14:22 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 14:22 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 14:22 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 14:22 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 14:22 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-11 14:22 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 14:22 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 14:22 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-11 14:22 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-11 14:22 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-11 14:22 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-08 14:08 - 2012-04-02 17:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-08 13:42 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-08 13:42 - 2006-11-02 07:47 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-08 13:30 - 2009-03-21 11:21 - 02089585 _____ C:\Windows\WindowsUpdate.log
2015-09-08 08:58 - 2014-06-21 15:48 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-08 07:24 - 2009-03-31 17:29 - 00000000 ____D C:\ProgramData\TEMP
2015-09-08 07:23 - 2006-11-02 08:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-07 14:33 - 2006-11-02 08:01 - 00032598 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-07 14:24 - 2014-06-16 19:05 - 00000000 ____D C:\AdwCleaner
2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-09-02 18:14 - 2009-03-21 17:06 - 00000000 ____D C:\Program Files\Dell
2015-09-02 17:59 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
2015-09-02 11:20 - 2013-10-11 09:38 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2015-09-02 09:40 - 2010-02-01 15:41 - 00000000 ____D C:\Windows\system32\Adobe
2015-08-28 11:53 - 2014-06-14 20:47 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-28 11:53 - 2008-01-20 21:47 - 00781758 _____ C:\Windows\PFRO.log
2015-08-28 10:00 - 2015-03-17 15:45 - 00000000 ____D C:\Windows\system32\vbox
2015-08-28 08:50 - 2015-05-08 14:58 - 00433264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00208664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00076000 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00057888 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00055200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00049776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-08-28 08:50 - 2015-05-08 14:58 - 00024016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-08-28 08:49 - 2015-05-08 14:58 - 00788784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-08-27 17:30 - 2009-03-31 17:33 - 00000906 _____ C:\Users\Jmg\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Windows Media Player.lnk
2015-08-27 08:58 - 2009-06-02 21:01 - 00000000 ____D C:\ProgramData\lx_cats
2015-08-16 14:28 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-11 17:20 - 2009-03-21 17:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-11 17:19 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-11 17:08 - 2010-07-07 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 14:33 - 2006-11-02 07:47 - 00229608 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-11 14:29 - 2013-07-11 07:08 - 00000000 ____D C:\Windows\system32\MRT
2015-08-11 14:26 - 2006-11-02 05:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-11 14:08 - 2012-04-02 17:30 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-11 14:08 - 2011-05-25 08:24 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2013-03-15 13:32 - 2013-03-15 13:32 - 4126720 _____ () C:\Program Files\GUT35A3.tmp
2014-01-22 09:43 - 2014-01-22 09:44 - 50063360 _____ () C:\Program Files\GUTA045.tmp
2009-08-17 11:33 - 2012-03-25 15:22 - 0005632 _____ () C:\Users\Jmg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-03 18:17 - 2015-07-15 08:45 - 0000504 _____ () C:\ProgramData\FastPics.log
2011-04-23 13:43 - 2011-04-23 13:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\Jmg\AppData\Local\temp\6_Offer_15.exe
C:\Users\Jmg\AppData\Local\temp\6_Offer_17.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Jmg\AppData\Local\temp\jre-8u31-windows-au.exe
C:\Users\Jmg\AppData\Local\temp\pcDesktopAlertNoti fierX.dll
C:\Users\Jmg\AppData\Local\temp\Quarantine.exe
C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Finish.exe
C:\Users\Jmg\AppData\Local\temp\SfpcHelper_install Start.exe
C:\Users\Jmg\AppData\Local\temp\sqlite3.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite .dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 14928.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 22853.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 23069.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 25902.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 26767.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 57279.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 62558.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 69918.dll
C:\Users\Jmg\AppData\Local\temp\System.Data.SQLite 98294.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-08 11:46

==================== End of FRST.txt ============================

Last edited by perplexed; September 8th, 2015 at 08:55 PM.
Reply With Quote
  #13  
Old September 9th, 2015, 06:11 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
Correct. Push means press, sorry.

How is the system running now?
Reply With Quote
  #14  
Old September 9th, 2015, 12:26 PM
perplexed perplexed is offline
Senior Member
 
Join Date: Jun 2001
Posts: 2,397
Thanks so much your so kind. Well it is better. It tries to freeze some but now I am able to press the ctrl alt delete and although it takes a few mins it has worked thus far to unfreeze my computer.

thanks so much, if it continues I will post back.
Reply With Quote
  #15  
Old September 10th, 2015, 06:13 AM
schrauber's Avatar
schrauber schrauber is offline
CTH Subscriber
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 42
Posts: 5,017
ok
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Firefox stop responding computer freezing Moved from malware by schrauber Soaddyrara Malware Removal 1 September 20th, 2017 05:53 PM
network issues - moved from malware by schrauber blue_70517 Networking 43 October 23rd, 2015 03:16 AM
Need Help with Laptop Not Responding and Freezing - moved by Jintan JohnNgSF Malware Removal 23 November 18th, 2012 12:27 AM
psf: my computer is doing a very similar thing - moved by schrauber psf Malware Removal 1 January 19th, 2010 11:30 PM
to stop spyware and malware popups: Moved from WinNT by Murray padmee Malware Removal 9 December 6th, 2007 12:17 PM


All times are GMT +1. The time now is 11:36 PM.