Hello…my PC has started to act VERY STRANGE and lethargic and it is quite an endeavor to just get it to go to any websites. I ran your AVAST DETECTION SCAN and the results said I had ONE VIRUS, namely: Win32:Enistery - but it did NOT tell me if it was quarantined, if it was removed or where it is and how to I get RID OF IT on my PC. I cleaned my cache and ran CCleaner and rebooted, but STILL it seems that in the “address bar” there seems to be a lot of letters and symbols after I add the website address and it seems to be taking almost a MINUTE to go to any site !! Please help me with this problem and tell me what I can do to eradicate any and all malware that has invaded my PC !! yosoy4ever Thursday January 8, 2015 at 12:12 pm est

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

My Norton Internet Security WILL NOT LET ME DOWNLOAD this Farbar link - I keep getting a pop up telling me that it is a THREAT…what do I do now ? thanks, Sue

Temporarily disable Norton, the programme is safe

HERE ARE THE TWO LOGS below as attachments, as they were both TOO LARGE to just copy and paste per your system - THE FIRST ONE I FORGOT TO CHECK OFF “ADDITIONS” AND THE SECOND ONE i DID…thanks, Sue

Could you let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION ProxyServer: [S-1-5-21-4200233565-3368421019-1326646657-1002] => http=127.0.0.1:49161;https=127.0.0.1:49161 URLSearchHook: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 - Default Value = {4219427b-0228-4356-a78b-eb7668d37d07} SearchScopes: HKLM-x32 -> DefaultScope value is missing. SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = Toolbar: HKU\.DEFAULT -> No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Task: {03B0614E-92A6-4907-910C-ECD3E7B0163D} - \TidyNetwork Update No Task File <==== ATTENTION Task: {1DD5498E-C788-48F4-90C7-DF5F207EA9E7} - System32\Tasks\IHUninstallTrackingTASK => CMD Task: {9C2E09D8-F0ED-4526-BA6E-F989236B92F2} - \BrowserSafeguard Update Task No Task File <==== ATTENTION AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766 AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964 AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923 C:\Users\DELL\DOSXPRES.EXE C:\Users\DELL\EXPRESS.EXE C:\Users\DELL\PRIMOSDK.DLL C:\Users\DELL\PX.DLL C:\Users\DELL\PXCPYA64.EXE C:\Users\DELL\PXCPYI64.EXE C:\Users\DELL\PXDRV.DLL C:\Users\DELL\PXHPINST.EXE C:\Users\DELL\PXINSA64.EXE C:\Users\DELL\PXINSI64.EXE C:\Users\DELL\PXMAS.DLL C:\Users\DELL\PXSETUP.EXE C:\Users\DELL\PXWAVE.DLL C:\Users\DELL\P_ESCG.DAT C:\Users\DELL\SYSINFO.DAT C:\Users\DELL\USBS3KB.REG C:\Users\DELL\VBRUN300.DLL C:\Users\DELL\VXBLOCK.DLL EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

I was UNABLE to save where avastui.exe is located - what do I do now to be allowed to save it ? avastui.exe is located in: computer/os(c:)/program files/AVAST Software/AVAST - BUT IT DOES NOT LET ME SAVE THIS NEW fixlist.txt there ? let me know, thanks, Sue

You need to save the fixlist in the same location as FRST as it has nothing to do with Avast

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by NewDesktop_3_2010 at 2015-01-09 12:10:49 Run:2
Running from C:\Users\NewDesktop_3_2010\Downloads
Loaded Profile: NewDesktop_3_2010 (Available profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)
Boot Mode: Normal

Content of fixlist:

CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-4200233565-3368421019-1326646657-1002] => http=127.0.0.1:49161;https=127.0.0.1:49161
URLSearchHook: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 - Default Value = {4219427b-0228-4356-a78b-eb7668d37d07}
SearchScopes: HKLM-x32 → DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 → {5B6DF038-D9DD-484B-B484-F20DAD050321} URL =
Toolbar: HKU.DEFAULT → No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 → No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
Task: {03B0614E-92A6-4907-910C-ECD3E7B0163D} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {1DD5498E-C788-48F4-90C7-DF5F207EA9E7} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {9C2E09D8-F0ED-4526-BA6E-F989236B92F2} - \BrowserSafeguard Update Task No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website:TASKICON_2favicon-2092717923
C:\Users\DELL\DOSXPRES.EXE
C:\Users\DELL\EXPRESS.EXE
C:\Users\DELL\PRIMOSDK.DLL
C:\Users\DELL\PX.DLL
C:\Users\DELL\PXCPYA64.EXE
C:\Users\DELL\PXCPYI64.EXE
C:\Users\DELL\PXDRV.DLL
C:\Users\DELL\PXHPINST.EXE
C:\Users\DELL\PXINSA64.EXE
C:\Users\DELL\PXINSI64.EXE
C:\Users\DELL\PXMAS.DLL
C:\Users\DELL\PXSETUP.EXE
C:\Users\DELL\PXWAVE.DLL
C:\Users\DELL\P_ESCG.DAT
C:\Users\DELL\SYSINFO.DAT
C:\Users\DELL\USBS3KB.REG
C:\Users\DELL\VBRUN300.DLL
C:\Users\DELL\VXBLOCK.DLL
EmptyTemp:
CMD: bitsadmin /reset /allusers

Error: (0) Failed to create a restore point.
“HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer” => Key deleted successfully.
“HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Policies\Microsoft\Internet Explorer” => Key deleted successfully.
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer => value deleted successfully.
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\ => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => Value was restored successfully.
“HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{5B6DF038-D9DD-484B-B484-F20DAD050321}” => Key deleted successfully.
HKCR\CLSID{5B6DF038-D9DD-484B-B484-F20DAD050321} => Key not found.
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => value deleted successfully.
HKCR\CLSID{1017A80C-6F09-4548-A84D-EDD6AC9525F0} => Key not found.
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}” => Key deleted successfully.
HKCR\Wow6432Node\CLSID{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} => Key not found.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{03B0614E-92A6-4907-910C-ECD3E7B0163D}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{03B0614E-92A6-4907-910C-ECD3E7B0163D}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{1DD5498E-C788-48F4-90C7-DF5F207EA9E7}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1DD5498E-C788-48F4-90C7-DF5F207EA9E7}” => Key deleted successfully.
C:\Windows\System32\Tasks\IHUninstallTrackingTASK => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9C2E09D8-F0ED-4526-BA6E-F989236B92F2}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9C2E09D8-F0ED-4526-BA6E-F989236B92F2}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserSafeguard Update Task” => Key deleted successfully.
C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => “:TASKICON_0favicon-2079221766” ADS removed successfully.
C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => “:TASKICON_1favicon1313128964” ADS removed successfully.
C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Yahoo!.website => “:TASKICON_2favicon-2092717923” ADS removed successfully.
C:\Users\DELL\DOSXPRES.EXE => Moved successfully.
C:\Users\DELL\EXPRESS.EXE => Moved successfully.
C:\Users\DELL\PRIMOSDK.DLL => Moved successfully.
C:\Users\DELL\PX.DLL => Moved successfully.
C:\Users\DELL\PXCPYA64.EXE => Moved successfully.
C:\Users\DELL\PXCPYI64.EXE => Moved successfully.
C:\Users\DELL\PXDRV.DLL => Moved successfully.
C:\Users\DELL\PXHPINST.EXE => Moved successfully.
C:\Users\DELL\PXINSA64.EXE => Moved successfully.
C:\Users\DELL\PXINSI64.EXE => Moved successfully.
C:\Users\DELL\PXMAS.DLL => Moved successfully.
C:\Users\DELL\PXSETUP.EXE => Moved successfully.
C:\Users\DELL\PXWAVE.DLL => Moved successfully.
C:\Users\DELL\P_ESCG.DAT => Moved successfully.
C:\Users\DELL\SYSINFO.DAT => Moved successfully.
C:\Users\DELL\USBS3KB.REG => Moved successfully.
C:\Users\DELL\VBRUN300.DLL => Moved successfully.
C:\Users\DELL\VXBLOCK.DLL => Moved successfully.

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{AC3D27A7-0AAD-4CA0-801B-3CD99BAFB86A} canceled.
{DE285BA8-0BD5-41BE-B6A7-7F48C4F05219} canceled.
2 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => Removed 160.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 12:11:42 ====

AdwCleaner v4.107 - Report created 09/01/2015 at 12:35:05

Updated 07/01/2015 by Xplode

Database : 2015-01-03.1 [Live]

Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

Username : NewDesktop_3_2010 - NEWDESKTOP_3_10

Running from : C:\Users\NewDesktop_3_2010\Downloads\AdwCleaner (1).exe

Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\TidyNetwork
Folder Found : C:\ProgramData\FileCure
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Found : C:\Users\NewDesktop_3_2010\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.8
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\ Internet Explorer v9.0.8112.16599

-\ Mozilla Firefox v

-\ Google Chrome v39.0.2171.95

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences] - Found [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

AdwCleaner[R0].txt - [1286 octets] - [18/02/2014 08:56:46]
AdwCleaner[R1].txt - [3421 octets] - [09/01/2015 12:35:05]
AdwCleaner[S0].txt - [1362 octets] - [18/02/2014 10:00:54]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3541 octets] ##########

here is the LOG after I hit CLEAN:

AdwCleaner v4.107 - Report created 09/01/2015 at 12:46:42

Updated 07/01/2015 by Xplode

Database : 2015-01-03.1 [Live]

Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

Username : NewDesktop_3_2010 - NEWDESKTOP_3_10

Running from : C:\Users\NewDesktop_3_2010\Downloads\AdwCleaner (1).exe

Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FileCure
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Roaming\catalina – print savings
Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Folder Deleted : C:\Users\NewDesktop_3_2010\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.8

***** [ Browsers ] *****

-\ Internet Explorer v9.0.8112.16599

-\ Mozilla Firefox v

-\ Google Chrome v39.0.2171.95

[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : mkfokfffehpeedafpekjeddnmnjhmcmk

AdwCleaner[R0].txt - [1286 octets] - [18/02/2014 08:56:46]
AdwCleaner[R1].txt - [3645 octets] - [09/01/2015 12:35:05]
AdwCleaner[S0].txt - [1362 octets] - [18/02/2014 10:00:54]
AdwCleaner[S1].txt - [3374 octets] - [09/01/2015 12:46:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3434 octets] ##########

How is the computer behaving now ?

NO appreciable change, still slow and lethargic, and I noted when I type in a web address and hit ENTER…two or three new window tabs OPEN UP for the same website I want to go to ? Also, I keep getting a RED X pop up from Norton, telling me that there is SUSPICIOUS ACTIVITY on my PC and it is: WS.Reputation.1 - I have NOT seen that before …ever. Any additional things I need to do ? thanks, Sue

Aye lets try a bigger hammer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

PC still acting slowly - will send you THIS LOG and then reboot and see if there is any CHANGE noted…thanks, let me know what I need to do next…Sue

this is an ATTACHMENT, AS THE FILE WAS TOO LONG and your system would NOT let me copy and paste:

ComboFix 15-01-08.01 - NewDesktop_3_2010 01/09/2015 16:05:25.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1988 [GMT -5:00]
Running from: c:\users\NewDesktop_3_2010\Downloads\ComboFix.exe
AV: avast! Antivirus Enabled/Updated {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Norton Internet Security Disabled/Updated {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security Disabled {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: avast! Antivirus Enabled/Updated {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Norton Internet Security Enabled/Updated {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

• Created a new restore point
  .
  .
  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  c:\users\NewDesktop_3_2010\Documents~WRL0005.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL0006.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL0895.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL1028.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL1431.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL1556.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL1702.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL1870.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL2756.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL2953.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3188.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3351.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3443.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3569.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3575.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3576.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3616.tmp
  c:\users\NewDesktop_3_2010\Documents~WRL3892.tmp
  .
  .
  ((((((((((((((((((((((((( Files Created from 2014-12-09 to 2015-01-09 )))))))))))))))))))))))))))))))
  .
  .
  2015-01-09 21:29 . 2015-01-09 21:29 -------- d-----w- c:\users\Public\AppData\Local\temp
  2015-01-09 21:29 . 2015-01-09 21:29 -------- d-----w- c:\users\Lexmark\AppData\Local\temp
  2015-01-09 21:29 . 2015-01-09 21:29 -------- d-----w- c:\users\DELL\AppData\Local\temp
  2015-01-09 21:29 . 2015-01-09 21:29 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
  2015-01-09 21:29 . 2015-01-09 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
  2015-01-09 21:29 . 2015-01-09 21:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
  2015-01-07 21:58 . 2015-01-07 21:58 -------- d-----w- c:\program files (x86)\Common Files\Java
  2015-01-07 21:57 . 2015-01-07 21:57 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
  2015-01-07 18:42 . 2015-01-07 18:42 -------- d-----w- c:\users\NewDesktop_3_2010\AppData\Roaming\AVAST Software
  2015-01-07 18:41 . 2015-01-07 18:40 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys
  2015-01-07 18:41 . 2015-01-07 18:40 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
  2015-01-07 18:41 . 2015-01-07 18:40 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
  2015-01-07 18:41 . 2015-01-07 18:40 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
  2015-01-07 18:41 . 2015-01-07 18:41 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
  2015-01-07 18:41 . 2015-01-07 18:40 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
  2015-01-07 18:41 . 2015-01-07 18:40 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
  2015-01-07 18:40 . 2015-01-07 18:41 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
  2015-01-07 18:40 . 2015-01-07 18:40 364512 ----a-w- c:\windows\system32\aswBoot.exe
  2015-01-07 18:40 . 2015-01-07 18:40 43152 ----a-w- c:\windows\avastSS.scr
  2015-01-07 18:40 . 2015-01-07 18:40 -------- d-----w- c:\program files\AVAST Software
  2015-01-07 18:39 . 2015-01-07 18:40 -------- d-----w- c:\programdata\AVAST Software
  2014-12-30 21:36 . 2014-12-30 21:51 -------- d-----w- c:\program files (x86)\AirDroid
  2014-12-28 15:57 . 2015-01-02 18:29 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
  2014-12-28 15:56 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
  2014-12-28 15:56 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
  2014-12-28 15:56 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
  2014-12-28 15:56 . 2014-12-28 15:56 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
  2014-12-11 16:49 . 2015-01-01 17:47 -------- d-----w- c:\program files\oneworldflights
  .
  .
  .
  (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2014-12-28 15:46 . 2013-05-02 18:52 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  2014-12-28 15:46 . 2013-05-02 18:52 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  2014-12-10 08:02 . 2010-04-15 11:11 112710672 ----a-w- c:\windows\system32\MRT.exe
  2014-12-04 02:50 . 2014-12-10 04:34 413184 ----a-w- c:\windows\system32\generaltel.dll
  2014-12-04 02:50 . 2014-12-10 04:34 741376 ----a-w- c:\windows\system32\invagent.dll
  2014-12-04 02:50 . 2014-12-10 04:34 396800 ----a-w- c:\windows\system32\devinv.dll
  2014-12-04 02:50 . 2014-12-10 04:34 830976 ----a-w- c:\windows\system32\appraiser.dll
  2014-12-04 02:50 . 2014-12-10 04:34 192000 ----a-w- c:\windows\system32\aepic.dll
  2014-12-04 02:50 . 2014-12-10 04:34 227328 ----a-w- c:\windows\system32\aepdu.dll
  2014-12-04 02:44 . 2014-12-10 04:34 1083392 ----a-w- c:\windows\system32\aeinv.dll
  2014-12-01 23:28 . 2014-12-10 04:34 1232040 ----a-w- c:\windows\system32\aitstatic.exe
  2014-11-24 22:12 . 2014-12-10 04:34 17874432 ----a-w- c:\windows\system32\mshtml.dll
  2014-11-24 21:59 . 2014-12-10 04:34 448512 ----a-w- c:\windows\system32\html.iec
  2014-11-24 21:54 . 2014-12-10 04:34 10921984 ----a-w- c:\windows\system32\ieframe.dll
  2014-11-24 21:53 . 2014-12-10 04:34 2339840 ----a-w- c:\windows\system32\jscript9.dll
  2014-11-24 21:47 . 2014-12-10 04:34 1388032 ----a-w- c:\windows\system32\urlmon.dll
  2014-11-24 21:47 . 2014-12-10 04:34 1392128 ----a-w- c:\windows\system32\wininet.dll
  2014-11-24 21:45 . 2014-12-10 04:34 1494016 ----a-w- c:\windows\system32\inetcpl.cpl
  2014-11-24 21:45 . 2014-12-10 04:34 237056 ----a-w- c:\windows\system32\url.dll
  2014-11-24 21:45 . 2014-12-10 04:34 86016 ----a-w- c:\windows\system32\jsproxy.dll
  2014-11-24 21:44 . 2014-12-10 04:34 173056 ----a-w- c:\windows\system32\ieUnatt.exe
  2014-11-24 21:44 . 2014-12-10 04:34 599040 ----a-w- c:\windows\system32\vbscript.dll
  2014-11-24 21:44 . 2014-12-10 04:34 2157056 ----a-w- c:\windows\system32\iertutil.dll
  2014-11-24 21:44 . 2014-12-10 04:34 816640 ----a-w- c:\windows\system32\jscript.dll
  2014-11-24 21:44 . 2014-12-10 04:34 729088 ----a-w- c:\windows\system32\msfeeds.dll
  2014-11-24 21:44 . 2014-12-10 04:34 453120 ----a-w- c:\windows\system32\dxtmsft.dll
  2014-11-24 21:44 . 2014-12-10 04:34 282112 ----a-w- c:\windows\system32\dxtrans.dll
  2014-11-24 21:44 . 2014-12-10 04:34 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
  2014-11-24 21:44 . 2014-12-10 04:34 11264 ----a-w- c:\windows\system32\msfeedssync.exe
  2014-11-24 21:43 . 2014-12-10 04:34 96768 ----a-w- c:\windows\system32\mshtmled.dll
  2014-11-24 21:43 . 2014-12-10 04:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
  2014-11-24 21:43 . 2014-12-10 04:34 12800 ----a-w- c:\windows\system32\mshta.exe
  2014-11-24 21:42 . 2014-12-10 04:34 248320 ----a-w- c:\windows\system32\ieui.dll
  2014-11-24 20:44 . 2014-12-10 04:34 367104 ----a-w- c:\windows\SysWow64\html.iec
  2014-11-24 20:40 . 2014-12-10 04:34 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
  2014-11-24 20:35 . 2014-12-10 04:34 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
  2014-11-24 20:34 . 2014-12-10 04:34 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
  2014-11-24 20:33 . 2014-12-10 04:34 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
  2014-11-24 20:33 . 2014-12-10 04:34 421376 ----a-w- c:\windows\SysWow64\vbscript.dll
  2014-11-24 20:32 . 2014-12-10 04:34 11776 ----a-w- c:\windows\SysWow64\mshta.exe
  2014-11-24 20:32 . 2014-12-10 04:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
  2014-11-11 03:09 . 2014-12-10 04:33 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
  2014-11-11 03:08 . 2014-11-19 15:32 241152 ----a-w- c:\windows\system32\pku2u.dll
  2014-11-11 03:08 . 2014-11-19 15:32 728064 ----a-w- c:\windows\system32\kerberos.dll
  2014-11-11 02:44 . 2014-12-10 04:33 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
  2014-11-11 02:44 . 2014-11-19 15:32 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
  2014-11-11 02:44 . 2014-11-19 15:32 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
  2014-11-11 01:46 . 2014-12-10 04:33 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
  2014-11-08 03:16 . 2014-12-10 04:33 2048 ----a-w- c:\windows\system32\tzres.dll
  2014-11-08 02:45 . 2014-12-10 04:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
  2014-10-30 02:03 . 2014-12-10 04:33 165888 ----a-w- c:\windows\system32\charmap.exe
  2014-10-30 01:45 . 2014-12-10 04:33 155136 ----a-w- c:\windows\SysWow64\charmap.exe
  2014-10-25 01:57 . 2014-11-12 01:30 77824 ----a-w- c:\windows\system32\packager.dll
  2014-10-25 01:32 . 2014-11-12 01:30 67584 ----a-w- c:\windows\SysWow64\packager.dll
  2014-10-20 19:27 . 2014-10-20 19:27 632 ----a-w- c:\windows\system32\cc_20141020_152730.reg
  2014-10-20 19:26 . 2014-10-20 19:26 30494 ----a-w- c:\windows\system32\cc_20141020_152646.reg
  2014-10-18 02:05 . 2014-11-12 01:30 861696 ----a-w- c:\windows\system32\oleaut32.dll
  2014-10-18 02:05 . 2014-12-10 08:00 4121600 ----a-w- c:\windows\system32\mf.dll
  2014-10-18 01:33 . 2014-11-12 01:30 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
  2014-10-18 01:33 . 2014-12-10 08:00 3209728 ----a-w- c:\windows\SysWow64\mf.dll
  2014-10-14 02:16 . 2014-11-12 01:32 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
  2014-10-14 02:13 . 2014-11-12 01:32 683520 ----a-w- c:\windows\system32\termsrv.dll
  2014-10-14 02:13 . 2014-11-12 01:30 3241984 ----a-w- c:\windows\system32\msi.dll
  2014-10-14 02:12 . 2014-11-12 01:32 1460736 ----a-w- c:\windows\system32\lsasrv.dll
  2014-10-14 02:09 . 2014-11-12 01:32 146432 ----a-w- c:\windows\system32\msaudite.dll
  2014-10-14 02:07 . 2014-11-12 01:32 681984 ----a-w- c:\windows\system32\adtschema.dll
  2014-10-14 01:50 . 2014-11-12 01:32 22016 ----a-w- c:\windows\SysWow64\secur32.dll
  2014-10-14 01:50 . 2014-11-12 01:30 2363904 ----a-w- c:\windows\SysWow64\msi.dll
  2014-10-14 01:49 . 2014-11-12 01:32 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
  2014-10-14 01:47 . 2014-11-12 01:32 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
  2014-10-14 01:46 . 2014-11-12 01:32 681984 ----a-w- c:\windows\SysWow64\adtschema.dll

.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Logitech Vid”=“c:\program files (x86)\Logitech\Vid HD\Vid.exe” [2010-10-29 5915480]
“Amazon Cloud Player”=“c:\users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe” [2013-11-24 3139072]
“GoogleChromeAutoLaunch_F17525095B4A5E72D4143C3FEC0A25AA”=“c:\program files (x86)\Google\Chrome\Application\chrome.exe” [2014-12-06 856904]
“CCleaner Monitoring”=“c:\program files\CCleaner\CCleaner64.exe” [2014-12-12 7394584]
“AirDroid 3”=“c:\program files (x86)\AirDroid\AirDroid.exe” [2014-12-19 11012608]
“DellSystemDetect”=“c:\users\NewDesktop_3_2010\AppData\Local\Apps\2.0\T8MZ2MDX.M6Y\TCMN94HH.7XT\dell…tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe” [2014-12-30 276776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
“LockStatusTray”=“c:\windows\LockStatusTray.exe” [2008-02-19 192512]
“Memeo Instant Backup”=“c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe” [2010-07-26 136416]
“AvastUI.exe”=“c:\program files\AVAST Software\Avast\AvastUI.exe” [2015-01-08 5227112]
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe” [2014-09-26 271744]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
“SoftwareSASGeneration”= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=“”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=“”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=“”
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=“”
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“SunJavaUpdateSched”=“c:\program files (x86)\Common Files\Java\Java Update\jusched.exe”
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys
R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe
S0 43985914;43985914;c:\windows\system32\DRIVERS\43985914.sys;c:\windows\SYSNATIVE\DRIVERS\43985914.sys
S0 aswRvrt;avast! Revert;
S0 aswVmm;avast! VM Monitor;
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141209.001\BHDrvx64.sys
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150108.002\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150108.002\IDSvia64.sys
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
S2 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe;c:\windows\SYSNATIVE\lxcycoms.exe
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWBS2.sys
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-12 11:38 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Contents of the ‘Scheduled Tasks’ folder
.
2015-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job

• c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-02 15:46]
  .
  2015-01-05 c:\windows\Tasks\EasyShare Registration Task.job
• c:\windows\system32\rundll32.exe [2009-07-13 01:14]
  .
  2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
• c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 07:25]
  .
  2015-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
• c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 07:25]
  .
  2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002Core.job
• c:\users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-12 23:45]
  .
  2015-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4200233565-3368421019-1326646657-1002UA.job
• c:\users\NewDesktop_3_2010\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-12 23:45]
  .
  2015-01-08 c:\windows\Tasks\ParetoLogic Registration.job
• c:\windows\system32\rundll32.exe [2009-07-13 01:14]
  .
  .
  --------- X64 Entries -----------
  .
  .
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
  @=“{472083B0-C522-11CF-8763-00608CC02F24}”
  [HKEY_CLASSES_ROOT\CLSID{472083B0-C522-11CF-8763-00608CC02F24}]
  2015-01-07 18:40 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
  .
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  “RtHDVCpl”=“c:\program files\Realtek\Audio\HDA\RAVCpl64.exe” [2009-01-21 6963744]
  .
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
  UxTuneUp
  .
  ------- Supplementary Scan -------
  .
  uLocal Page = c:\windows\system32\blank.htm
  uStart Page = https://www.yahoo.com/
  mLocal Page = c:\windows\SysWOW64\blank.htm
  uInternet Settings,ProxyOverride = <-loopback>
  IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
  Trusted Zone: dell.com
  Trusted Zone: intuit.com\ttlc
  Trusted Zone: turbotax.com
  TCP: DhcpNameServer = 192.168.1.254
  DPF: {413D6754-BFD4-47FE-9346-319559290BFA} - hxxps://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab
  DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
  .
• • • • ORPHANS REMOVED - - - -
        .
        HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
        .
        .
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]
        “ImagePath”=“"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe" /s "NCO" /m "c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll" /prefetch:1”
        –
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
        “ImagePath”=“"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe" /s "NIS" /m "c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll" /prefetch:1”
        “ImagePath”=“\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS”
        “TrustedImagePaths”=“c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32”
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------
        .
        [HKEY_USERS.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
        @Denied: (2) (LocalSystem)
        “{1017A80C-6F09-4548-A84D-EDD6AC9525F0}”=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,
        14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4
        .
        [HKEY_USERS.Default\Software\Microsoft\Internet Explorer\User Preferences]
        @Denied: (2) (LocalSystem)
        “88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977”=hex:01,00,00,00,d0,8c,9d,df,01,15,
        d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,36,e8,fa,02,8e,78,4a,8a,bf,d3,
        “2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81”=hex:01,00,00,00,d0,8c,9d,df,01,15,
        d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fc,36,e8,fa,02,8e,78,4a,8a,bf,d3,
        .
        [HKEY_USERS\S-1-5-21-4200233565-3368421019-1326646657-1002_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\10.0\Word\Text Converters\Import\¬ ¶ s
        *]
        “Name”=“C\1e\19\1d”
        “Path”=“c:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\MSWRD632.CNV”
        “Extensions”=“C\1e\19\1d”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
        @Denied: (A 2) (Everyone)
        @=“FlashBroker”
        “LocalizedString”=“@c:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe,-101”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
        “Enabled”=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
        @=“c:\Windows\system32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
        @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{299817DA-1FAC-4CE2-8F48-A108237013BD}]
        @Denied: (A 2) (Everyone)
        @=“IFlashBroker6”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
        @=“{00020424-0000-0000-C000-000000000046}”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
        @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
        “Version”=“1.0”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
        @Denied: (A 2) (Everyone)
        @=“FlashBroker”
        “LocalizedString”=“@c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_ActiveX.exe,-101”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
        “Enabled”=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
        @=“c:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_235_ActiveX.exe”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
        @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @=“Shockwave Flash Object”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_235.ocx”
        “ThreadingModel”=“Apartment”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
        @=“0”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
        @=“ShockwaveFlash.ShockwaveFlash.16”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_235.ocx, 1”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
        @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
        @=“1.0”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @=“ShockwaveFlash.ShockwaveFlash”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
        @Denied: (A 2) (Everyone)
        @=“Macromedia Flash Factory Object”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
        @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_235.ocx”
        “ThreadingModel”=“Apartment”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
        @=“FlashFactory.FlashFactory.1”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
        @=“c:\Windows\SysWOW64\Macromed\Flash\Flash32_16_0_0_235.ocx, 1”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
        @=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
        @=“1.0”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
        @=“FlashFactory.FlashFactory”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface{299817DA-1FAC-4CE2-8F48-A108237013BD}]
        @Denied: (A 2) (Everyone)
        @=“IFlashBroker6”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
        @=“{00020424-0000-0000-C000-000000000046}”
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
        @=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
        “Version”=“1.0”
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
        @Denied: (A) (Users)
        @Denied: (A) (Everyone)
        @Allowed: (B 1 2 3 4 5) (S-1-5-20)
        “BlindDial”=dword:00000000
        .
        [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
        @Denied: (Full) (Everyone)
        .
        Completion time: 2015-01-09 16:36:12
        ComboFix-quarantined-files.txt 2015-01-09 21:36
        .
        Pre-Run: 569,402,167,296 bytes free
        Post-Run: 569,339,355,136 bytes free
        .
• • End Of File - - B33FC289D32EC7E1AACCD9F557A9C331
    A36C5E4F47E84449FF07ED3517B43A31

Are you still getting multiple pages opening ? If so is it all browsers or just one

Yes…I am still getting them…I use mostly CHROME because IE is so very slow for me…what do you suggest I do next ? Did that last scan we did disclose anything new that is causing my slowness problem ? thanks, Sue

Could I have a fresh FRST scan please

Here are two logs that appered on my screen: I also note that I have to hit my MOUSE BUTTON TWO TIMES on the left side to DO SOMETHING and THIS is unusual. Thanks for your help. Sue

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-01-2015
Ran by NewDesktop_3_2010 (administrator) on NEWDESKTOP_3_10 on 10-01-2015 11:36:47
Running from C:\Users\NewDesktop_3_2010\Downloads
Loaded Profile: NewDesktop_3_2010 (Available profiles: NewDesktop_3_2010 & Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
( ) C:\Windows\System32\lxcycoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
() C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Logitech, Inc.) C:\Windows\LockStatusTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\NewDesktop_3_2010\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM.…\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-21] (Realtek Semiconductor)
HKLM-x32.…\Run: [LockStatusTray] => C:\Windows\LockStatusTray.exe [192512 2008-02-19] (Logitech, Inc.)
HKLM-x32.…\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2010-07-26] (Memeo Inc.)
HKLM-x32.…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-08] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002.…\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [5915480 2010-10-29] (Logitech Inc.)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002.…\Run: [Amazon Cloud Player] => C:\Users\NewDesktop_3_2010\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002.…\Run: [GoogleChromeAutoLaunch_F17525095B4A5E72D4143C3FEC0A25AA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002.…\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002.…\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe [11012608 2014-12-18] (Sand Studio)
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002.…\Run: [DellSystemDetect] => C:\Users\NewDesktop_3_2010\AppData\Local\Apps\2.0\T8MZ2MDX.M6Y\TCMN94HH.7XT\dell…tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-30] (Dell)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk → C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4200233565-3368421019-1326646657-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM → {4FA2740A-3248-40EF-91AD-C4115EBE0A3C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 → {5B6DF038-D9DD-484B-B484-F20DAD050321} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 → {E86B926B-C848-46AC-B13C-C8558AA4287A} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130937,20028,0,18,0
BHO: Norton Identity Protection → {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} → C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Identity Protection → {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} → C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection → {6D53EC84-6AAE-4787-AEEE-F4628F01010C} → C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper → {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} → C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper → {9030D464-4C02-4ABF-8ECC-5164760863C6} → C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-4200233565-3368421019-1326646657-1002 → Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: HKLM-x32 {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/d/d1/cab/awswaxd.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: HKLM-x32 {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: HKLM-x32 {413D6754-BFD4-47FE-9346-319559290BFA} https://www.webpcfos.com/webpcfos/websabre/HTEweb_v.cab
DPF: HKLM-x32 {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} http://www.psapoll.com/CopyGuardIE.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254