Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Execution Services Stopped, constant high usage of CPU, and audio issues


  • Please log in to reply
31 replies to this topic

#1 DBBBleeping

DBBBleeping

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 06 October 2016 - 03:11 PM

Thank you for helping me!

 

I have three issues that may or may not be related.  They have appeared in the past week although prior to that, the computer was on but not being used (except to monitor an ISP cam) for 6 weeks.

 

1.  "Execution Service stopped working and was closed"  This appears multiple times in a day.  I do not necessarily see any effect of it but it is definitely new and constant.  I do not know what triggers it - it just appears without any consistency.  I have searched the web, but there is nothing that references  Execution Services which is weird since it must be a Windows service that people would talk about - or is it a virus?  So I have not been able to troubleshoot it without any guidance.

 

2.  Constant High Usage of CPU.  According to Windows Task Manager and Windows Resource Monitor, the CPU is always showing usage of about 55 to 60% as a minimum - never goes lower.  The "Image" list in Resource Manager for the CPU never shows what service is using it.  Up to this point, I could always add up the CPU amount shown and they would equal the total number shown.  Now, frequently there is little to no CPU usage while at the same time the total shows 55-60.  I have discussed this with the Microsoft Community.  It seems there is an issue with Windows Update service hogging 50% of the CPU while updating.  It seems this is not my problem since I have gotten updates successfully and I have turned off the updating process, yet the CPU values do not change.

 

3.  Audio Issues.  At the same time I noticed the above, my audio has also been misbehaving.  When there is any sound, system or youtube, for example, the sound is erratic and stutters.  So much so that I cannot look at videos or use Skype.  I do not know how to troubleshoot it and am wondering if it is part of the above issues?

 

I have run a scan with AVG, Malwarebytes and Spybot and have restarted the computer many times.  I have looked at Process Explorer, but I don't see anything significant but that is a bit above my pay scale.

 

Please sugget other things I can do.

 

Thank you 

 

Doug

 

Here is the FRST report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-10-2016

Ran by Doug (administrator) on DELL (04-10-2016 22:10:39)

Running from C:\Users\Doug\AppData\Local\Temp\scoped_dir8372_8824

Loaded Profiles: Doug (Available Profiles: Doug & Doug's admin)

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: Opera)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe

(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe

(Microsoft Corporation) C:\Windows\System32\CISVC.EXE

(Windows ® Win 7 DDK provider) C:\Windows\System32\DbxSvc.exe

( ) C:\Windows\System32\dlcxcoms.exe

(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(LastPass) C:\Program Files\LastPass\lastapp.exe

(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe

() C:\Program Files\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(DonationCoder) C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe

(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe

(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe

(Microsoft Corporation) C:\Windows\System32\perfmon.exe

(Coupons.com Inc.) C:\Program Files\Coupons\CouponPrinterService.exe

(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera_crashreporter.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Nitro PDF) C:\Program Files\Nitro\Reader 3\NitroPDFReader.exe

(Nitro PDF) C:\Program Files\Nitro\Reader 3\Nitro_PIPAssistant.exe

(Node.js) C:\Windows\Prey\versions\1.6.2\bin\node.exe

(Node.js) C:\Windows\Prey\versions\1.6.2\bin\node.exe

(Node.js) C:\Windows\Prey\versions\1.6.2\bin\node.exe

(Node.js) C:\Windows\Prey\versions\1.6.2\bin\node.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

(Sysinternals - www.sysinternals.com) C:\Program Files\Process Explorer\procexp.exe

(Sysinternals - www.sysinternals.com) C:\Program Files\Process Explorer\procexp.exe

(Node.js) C:\Windows\Prey\versions\1.6.2\bin\node.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Node.js) C:\Windows\Prey\versions\1.6.2\bin\node.exe

(Opera Software) C:\Users\Doug\AppData\Local\Programs\Opera\36.0.2130.80\opera.exe

(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe

 

 

==================== Registry (Whitelisted) ====================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7866912 2009-11-03] (Realtek Semiconductor)

HKLM\...\Run: [LastApp] => C:\Program Files\LastPass\lastapp.exe [27811896 2014-06-27] (LastPass)

HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2631120 2016-07-28] (Malwarebytes Corporation)

HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [187152 2016-09-13] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM\...\Run: [Http Listener] => C:\Program Files\PrintMyCouponAnywhere\PrintMyCouponAnywhere.exe [90760 2015-04-30] ()

HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25242560 2016-09-30] (Dropbox, Inc.)

HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [5308688 2016-08-26] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)

Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Corporation)

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6868696 2016-08-26] (Piriform Ltd)

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Run: [] => [X]

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Run: [Screenshot Captor] => C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe [9385648 2016-01-04] (DonationCoder)

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\MountPoints2: {8ad1b28d-00d3-11e0-8d6c-b2dd83d586a5} - H:\InstallTomTomHOME.exe

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION

ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.65536.dll [2016-09-30] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-05-19] (Carbonite, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-11-06]

ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files\Common Files\lpuninstall.exe (LastPass)

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyServer: [S-1-5-21-1594974418-99518713-3433766237-1000] => localhost:8080

AutoConfigURL: [S-1-5-21-1594974418-99518713-3433766237-1000] => localhost:8080

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{A07981E3-3A87-43F5-970A-BE5DBA13331F}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-25 16:20:15&v=4.3.1.831&pid=wtu&sg=&sap=hp

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/

HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-25 16:20:15&v=4.2.9.726&pid=wtu&sg=&sap=hp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1594974418-99518713-3433766237-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-01-25 16:20:15&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}

SearchScopes: HKU\S-1-5-21-1594974418-99518713-3433766237-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-01-25 16:20:15&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-01] (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)

BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files\LastPass\LPToolbar.dll [2015-11-06] (LastPass)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-01] (Oracle Corporation)

Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll [2015-11-06] (LastPass)

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} hxxp://ag2941.myfoscam.org:8091/codebase/DVM_IPCam2.ocx

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: AutorunsDisabled\wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll [2012-03-08] (Microsoft Corporation)

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2009-06-22] (Microsoft Corporation)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)

 

FireFox:

========

FF DefaultProfile: 64ps7eeu.default-1420517562803

FF ProfilePath: C:\Users\Doug\AppData\Roaming\TomTom\HOME\Profiles\vasyxuaq.default [2016-06-13]

FF Extension: (Emulator) - C:\Users\Doug\AppData\Roaming\TomTom\HOME\Profiles\vasyxuaq.default\Extensions\Navcore.8.415.1240@tomtom.com [2011-10-02] [not signed]

FF Extension: (Emulator) - C:\Users\Doug\AppData\Roaming\TomTom\HOME\Profiles\vasyxuaq.default\Extensions\Navcore.9.022.457667@tomtom.com [2011-10-02] [not signed]

FF Extension: (Emulator) - C:\Users\Doug\AppData\Roaming\TomTom\HOME\Profiles\vasyxuaq.default\Extensions\Navcore.9.026.483454@tomtom.com [2011-10-02] [not signed]

FF Extension: (Emulator) - C:\Users\Doug\AppData\Roaming\TomTom\HOME\Profiles\vasyxuaq.default\Extensions\Navcore.9.056.542741@tomtom.com [2011-10-02] [not signed]

FF Extension: (Emulator) - C:\Users\Doug\AppData\Roaming\TomTom\HOME\Profiles\vasyxuaq.default\Extensions\Navcore.9.061.576030@tomtom.com [2012-01-27] [not signed]

FF Extension: (Emulator) - C:\Users\Doug\AppData\Roaming\TomTom\HOME\Profiles\vasyxuaq.default\Extensions\Navcore.9.510.1234792@tomtom.com [2016-06-02] [not signed]

FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-05-25] [not signed]

FF ProfilePath: C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default [2016-08-09]

FF Extension: (ACM MP3 Decoder plugin) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\acmmp3dec@songbirdnest.com [2009-11-29] [not signed]

FF Extension: (Last.fm) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\audioscrobbler@songbirdnest.com [2010-10-20] [not signed]

FF Extension: (Concerts) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\concerts@songbirdnest.com [2010-10-20] [not signed]

FF Extension: (iPod Device Support) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\ipod@songbirdnest.com [2010-10-20] [not signed]

FF Extension: (mashTape) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\mashTape@songbirdnest.com [2009-11-29] [not signed]

FF Extension: (MTP Device Support) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\mtp@songbirdnest.com [2010-10-20] [not signed]

FF Extension: (QuickTime Playback) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\quicktime@songbirdnest.com [2010-10-20] [not signed]

FF Extension: (SHOUTcast Radio) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\shoutcast-radio@songbirdnest.com [2010-10-20] [not signed]

FF Extension: (Windows Media Playback) - C:\Users\Doug\AppData\Roaming\Songbird2\Profiles\mtdb4xqw.default\Extensions\windowsmedia@songbirdnest.com [2010-10-20] [not signed]

FF Extension: (Album Art Extras) - C:\Program Files\Songbird\extensions\albumart@songbirdnest.com [2012-04-03] [not signed]

FF Extension: (gonzo) - C:\Program Files\Songbird\extensions\gonzo@songbirdnest.com [2012-04-03] [not signed]

FF Extension: (Rubberducky Dependencies) - C:\Program Files\Songbird\extensions\rubberducky-dependencies@songbirdnest.com [2012-04-03] [not signed]

FF Extension: (DOM Inspector) - C:\Program Files\Songbird\xulrunner\extensions\inspector@mozilla.org [2009-11-29] [not signed]

FF ProfilePath: C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default [2016-09-29]

FF Homepage: Mozilla\Firefox\Profiles\1v3zhkf7.default -> hxxp://my.yahoo.com

FF Keyword.URL: Mozilla\Firefox\Profiles\1v3zhkf7.default ->

FF Extension: (InvisibleHand) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\Extensions\canitbecheaper@trafficbroker.co.uk.xpi [2012-07-13] [not signed]

FF Extension: (LastPass) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\Extensions\support@lastpass.com [2016-05-11]

FF Extension: (Vlc context menu) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\Extensions\vlcplaylist@helgatauscher.de.xpi [2012-02-24] [not signed]

FF Extension: (Google Toolbar for Firefox) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-06-01] [not signed]

FF Extension: (User Agent Switcher) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-07-25] [not signed]

FF Extension: (No Name) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\extensions\multipletab@piro.sakura.ne.jp.xpi [not found]

FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-01] [not signed]

FF Extension: (No Name) - C:\ProgramData\AVG Secure Search\12.2.5.34\ [not found]

FF SearchPlugin: C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\searchplugins\spellingsearch.xml [2012-07-28]

FF ProfilePath: C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803 [2016-10-04]

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803 -> Google

FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803 -> Google

FF Homepage: Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803 -> hxxp://my.yahoo.com/

FF Session Restore: Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803 -> is enabled.

FF Extension: (Duplicate This Tab) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803\Extensions\duplicate-this-tab@mozilla.org.xpi [2016-05-13]

FF Extension: (Fastest Search) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803\Extensions\fastestsearch@mingyi.org.xpi [2016-09-28]

FF Extension: (QuickMark) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803\Extensions\jid0-QT2VXewB9xzbRlyapSJjA4ebwoU@jetpack.xpi [2016-08-18]

FF Extension: (Select-and-Define Google Dictionary) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803\Extensions\jid1-ASMu9YBkP688TA@jetpack.xpi [2016-05-13]

FF Extension: (LastPass) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803\Extensions\support@lastpass.com [2016-05-13]

FF Extension: (Telify) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803\Extensions\{6c5f349a-ddda-49ad-bdf0-326d3fe1f938} [2016-05-13]

FF Extension: (Adblock Plus) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\64ps7eeu.default-1420517562803\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-05-13]

FF HKLM\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF Extension: (Google Toolbar for Firefox) - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009-11-28] [not signed]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

FF HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll [No File]

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2009-11-12] ()

FF Plugin: @FOSCAM Web Components -> C:\Program Files\Foscam Web Components\npIPcamCloud.dll [2015-08-14] ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2016-08-25] (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-01] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-01] (Oracle Corporation)

FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files\LastPass\nplastpass64.dll [2015-11-06] (LastPass)

FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 -> C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll [2012-09-28] (Logitech Inc.)

FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)

FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin HKU\S-1-5-21-1594974418-99518713-3433766237-1000: @hulu.com/Hulu Desktop -> C:\Users\Doug\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll [No File]

FF Plugin HKU\S-1-5-21-1594974418-99518713-3433766237-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Doug\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-07-18] (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-1594974418-99518713-3433766237-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Doug\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]

FF Plugin HKU\S-1-5-21-1594974418-99518713-3433766237-1000: hopster.com/CouponPrinterPlugin -> C:\Users\Doug\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)

FF Plugin HKU\S-1-5-21-1594974418-99518713-3433766237-1000: navionics.com/NavConnect -> C:\Program Files\Chart Installer\npNavConnect.dll [No File]

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-02-19] (Catalina Marketing Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-10-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-10-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-10-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-10-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-10-25] (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-09-18] (Coupons, Inc.)

FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2009-11-12]

 

Chrome:

=======

CHR HomePage: Default -> hxxp://my.yahoo.com/

CHR StartupUrls: Default -> "hxxp://my.yahoo.com/?_bc=1","hxxps://news.google.com/news?hl=en&pz=1&ftcl=true&zx=l13fz07auj90&pog=false"

CHR DefaultSearchKeyword: Default -> lp

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default [2015-03-01] <==== ATTENTION

CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-01-25]

CHR Extension: (Google Docs) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-05]

CHR Extension: (Adblock Plus) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-27]

CHR Extension: (PoachIt: Your Shopping Sidekick) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\ddnglgpgcjnhehalhgjaapipjkpmhimh [2015-01-18]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-02-12]

CHR Extension: (Speed Dial 2) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2015-01-24]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-01-18]

CHR Extension: (Pocket) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2015-01-07]

CHR Extension: (LastPass Vault) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2014-02-09]

CHR Extension: (Google Wallet) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]

CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf [2014-04-15]

CHR Profile: C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default [2016-08-09]

CHR Extension: (Google Slides) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-01]

CHR Extension: (Google Drive) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]

CHR Extension: (Navionics Chart Installer) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blibmdccempkbhdbkbjlhipofigmdiif [2015-11-06]

CHR Extension: (YouTube) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]

CHR Extension: (Adblock Plus) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-07-08]

CHR Extension: (Google Search) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Sheets) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-01]

CHR Extension: (Google Docs Offline) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-05]

CHR Extension: (The Camelizer) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2016-05-05]

CHR Extension: (LastPass: Free Password Manager) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-06-25]

CHR Extension: (SuperSorter) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2015-09-04]

CHR Extension: (Speed Dial 2) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpfpebmajhhopeonhlcgidhclcccjcik [2016-06-01]

CHR Extension: (The Great Suspender) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2015-08-14]

CHR Extension: (Google Dictionary (by Google)) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-05-05]

CHR Extension: (LastPass Vault) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncliohomlfopnmlfkepkcbnhmeijkhhf [2015-08-14]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-05]

CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [omaonpoimgkmbllpdihbnmgphjoipdhf] - C:\Program Files\Logitech\Harmony Remote Driver\harmony_chrome.crx [2012-05-01]

StartMenuInternet: Google Chrome.3G2R76QIXEF5V4O3L6IDNCYSKY - C:\Users\Doug\AppData\Local\Google\Chrome\Application\chrome.exe

 

Opera:

=======

OPR Extension: (Bookmarks) - C:\Users\Doug\AppData\Roaming\Opera Software\Opera Stable\Extensions\fnlanmpednndkaaaleibncenahckbmhc [2016-05-14]

OPR Extension: (LastPass: Free Password Manager) - C:\Users\Doug\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2016-09-28]

OPR Extension: (Disable HTML5 Autoplay) - C:\Users\Doug\AppData\Roaming\Opera Software\Opera Stable\Extensions\jbinbhipioellbajhbkjlpioadehpfdj [2016-08-04]

OPR Extension: (Download Chrome Extension) - C:\Users\Doug\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2016-05-15]

OPR Extension: (Google Translate) - C:\Users\Doug\AppData\Roaming\Opera Software\Opera Stable\Extensions\mchdgimobfnilobnllpdnompfjkkfdmi [2016-09-28]

OPR Extension: (Easy Screenshot) - C:\Users\Doug\AppData\Roaming\Opera Software\Opera Stable\Extensions\nlhabdnjcoggnpnnaamopkaolcggpdmi [2016-08-09]

OPR Extension: (Adblock Plus) - C:\Users\Doug\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-09-28]

StartMenuInternet: (HKLM) OperaStable - C:\Users\Doug\AppData\Local\Programs\Opera\Launcher.exe

 

==================== Services (Whitelisted) ====================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [4109856 2016-08-26] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [945936 2016-09-13] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [632632 2016-08-26] (AVG Technologies CZ, s.r.o.)

R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6370488 2016-05-19] (Carbonite, Inc. (www.carbonite.com))

R2 CouponPrinterService; C:\Program Files\Coupons\CouponPrinterService.exe [1051240 2015-09-18] (Coupons.com Inc.)

R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2014-12-18] (Fork, Ltd.) [File not signed]

S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)

S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-11] (Dropbox, Inc.)

R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [36648 2016-09-30] (Windows ® Win 7 DDK provider)

R2 dlcx_device; C:\Windows\system32\dlcxcoms.exe [537480 2006-11-03] ( )

S2 gupdate1ca70623907064a; C:\Program Files\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)

S4 Jeppesen Maps Manager; C:\Program Files\Jeppesen\MapsManager\CMApp.exe [380416 2013-07-10] () [File not signed]

R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [750032 2016-07-28] (Malwarebytes Corporation)

R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-07-26] (Nitro PDF Software)

R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

S2 RHDCStarter; Ú\Dummy.exe [X]

 

===================== Drivers (Whitelisted) ======================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-18] (Microsoft Corporation)

R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [134912 2016-05-13] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [256256 2016-08-23] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [210176 2016-07-27] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [212736 2016-06-01] (AVG Technologies CZ, s.r.o.)

R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [287008 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [201984 2016-08-02] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [47360 2016-06-01] (AVG Technologies CZ, s.r.o.)

R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231680 2016-07-27] (AVG Technologies CZ, s.r.o.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-18] (AVG Technologies)

R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [65280 2016-06-20] (AVG Technologies CZ, s.r.o.)

R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [58920 2016-07-28] ()

R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()

S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79816 2009-11-04] (McAfee, Inc.)

S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35272 2009-11-04] (McAfee, Inc.)

R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-11-04] (McAfee, Inc.)

S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34248 2009-11-04] (McAfee, Inc.)

S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40552 2009-11-04] (McAfee, Inc.)

R2 mrtRate; C:\Windows\system32\Drivers\mrtRate.sys [34916 1999-08-10] (Marimba, Inc.) [File not signed]

S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13976 2009-04-30] (Logitech Inc.)

S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)

R3 RemotePCHelpDesk; C:\Windows\System32\DRIVERS\RemotePCHelpDesk.sys [13120 2013-02-28] (Pro Softnet Crop provider)

R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [40344 2012-10-04] ()

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 dbx; system32\DRIVERS\dbx.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S4 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]

S3 StarOpen; no ImagePath

S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]

S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-10-04 20:50 - 2016-10-04 22:10 - 00000000 ____D C:\FRST

2016-10-04 20:47 - 2016-10-04 20:48 - 01755136 _____ (Farbar) C:\Users\Doug\Downloads\FRST.exe

2016-10-04 09:39 - 2016-10-04 09:39 - 01270466 _____ C:\Users\Doug\Downloads\ProcessExplorer (1).zip

2016-09-30 21:25 - 2016-10-04 17:55 - 00036511 _____ C:\Users\Doug\Desktop\Working Still Crazy maintenance log.xlsx

2016-09-30 21:24 - 2016-10-01 18:36 - 00000000 ____D C:\Users\Doug\Desktop\For Trip

2016-09-30 17:44 - 2016-09-30 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

2016-09-30 11:44 - 2016-09-30 11:44 - 00036648 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DbxSvc.exe

2016-09-30 11:38 - 2016-09-30 11:38 - 00062064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-stable.sys

2016-09-30 11:38 - 2016-09-30 11:38 - 00062064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-dev.sys

2016-09-30 11:38 - 2016-09-30 11:38 - 00062064 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\dbx-canary.sys

2016-09-28 21:09 - 2016-09-28 21:10 - 08244656 _____ (Piriform Ltd) C:\Users\Doug\Downloads\ccsetup522(1).exe

2016-09-28 21:07 - 2016-09-28 21:07 - 08244656 _____ (Piriform Ltd) C:\Users\Doug\Downloads\ccsetup522.exe

2016-09-28 17:43 - 2016-09-28 17:43 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-09-28 17:33 - 2016-09-28 17:33 - 00000000 ____D C:\Users\Doug\AppData\Local\Victron_Energy_B.V

2016-09-28 17:11 - 2016-09-28 17:11 - 02432233 _____ C:\Users\Doug\Downloads\BMV release 1.4.2.zip

2016-09-28 17:09 - 2016-09-28 17:09 - 00347648 _____ C:\Users\Doug\Downloads\PeukertCalculator (1).exe

2016-09-28 15:16 - 2016-09-28 15:16 - 00000000 ____D C:\Users\Doug\Tracing

2016-09-28 15:15 - 2016-09-28 15:15 - 00000000 ____D C:\Program Files\Common Files\Skype

2016-09-28 13:09 - 2016-09-28 13:09 - 00000840 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk

2016-09-28 13:09 - 2016-09-28 13:09 - 00000828 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk

2016-09-28 10:41 - 2016-09-30 03:19 - 00000000 ____D C:\Program Files\Mozilla Firefox

2016-09-26 18:54 - 2016-09-26 18:54 - 00002005 _____ C:\Users\Public\Desktop\Google Earth.lnk

2016-09-26 18:54 - 2016-09-26 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

2016-09-22 03:01 - 2016-08-06 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2016-09-17 05:52 - 2016-09-17 05:52 - 00000680 _____ C:\Users\Doug\AppData\Local\d3d9caps.dat

2016-09-17 03:46 - 2016-08-10 09:44 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-09-17 03:46 - 2016-08-10 09:43 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-09-17 03:46 - 2016-08-10 07:13 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2016-09-17 03:34 - 2016-08-12 12:56 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2016-09-17 03:31 - 2016-08-03 09:45 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll

2016-09-17 03:31 - 2016-08-03 08:21 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2016-09-17 03:31 - 2016-08-03 08:20 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2016-09-17 03:31 - 2016-08-03 08:20 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2016-09-17 03:15 - 2016-08-14 09:48 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2016-09-17 03:15 - 2016-08-14 08:21 - 02072064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-09-17 03:11 - 2016-08-12 13:03 - 03610344 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2016-09-17 03:11 - 2016-08-12 12:55 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2016-09-17 03:10 - 2016-08-12 13:03 - 03558120 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2016-09-17 01:32 - 2016-09-07 10:54 - 12859392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-09-17 01:32 - 2016-09-07 10:53 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-09-17 01:32 - 2016-09-07 10:52 - 09731584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-09-17 01:32 - 2016-09-07 10:51 - 01831424 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-09-17 01:32 - 2016-09-07 10:51 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-09-17 01:32 - 2016-09-07 10:51 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-09-17 01:32 - 2016-09-07 10:51 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-09-17 01:32 - 2016-09-07 10:51 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-09-17 01:32 - 2016-09-07 10:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-09-17 01:32 - 2016-09-07 10:50 - 01789952 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00420352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00217088 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2016-09-17 01:32 - 2016-09-07 10:50 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2016-09-17 01:32 - 2016-09-07 10:50 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-10-04 21:52 - 2016-07-16 08:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-10-04 21:50 - 2009-11-28 13:44 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-10-04 21:34 - 2016-05-11 11:29 - 00000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job

2016-10-04 21:10 - 2010-10-17 20:28 - 00000000 ____D C:\ProgramData\MFAData

2016-10-04 20:33 - 2014-06-13 08:05 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2016-10-04 20:13 - 2006-11-02 06:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2016-10-04 20:13 - 2006-11-02 06:47 - 00003664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2016-10-04 18:14 - 2014-01-29 10:50 - 00000000 ____D C:\Users\Doug\AppData\Roaming\WinPatrol

2016-10-04 17:50 - 2012-03-24 08:56 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-10-04 17:39 - 2009-11-28 13:14 - 00000000 ____D C:\Users\Doug\Documents\Sandy

2016-10-04 13:06 - 2013-04-02 10:47 - 00000000 ____D C:\Users\Doug\Documents\Ranger

2016-10-04 11:34 - 2016-05-11 11:29 - 00000888 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job

2016-10-04 10:15 - 2016-06-05 16:36 - 00000000 ____D C:\Users\Doug\Documents\DonationCoder

2016-10-04 10:15 - 2015-11-12 09:50 - 00000644 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job

2016-10-04 10:15 - 2011-03-15 09:00 - 00000000 _____ C:\Users\Doug\AppData\LocalLow\prvlcl.dat

2016-10-04 10:12 - 2016-05-05 15:55 - 00000320 _____ C:\Windows\Tasks\AvgSetup.job

2016-10-04 10:12 - 2006-11-02 07:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2016-10-04 10:09 - 2006-11-02 07:01 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2016-10-04 09:45 - 2013-11-05 10:06 - 00000000 ____D C:\Users\Doug\Desktop\Zip files

2016-10-04 09:45 - 2011-12-07 15:23 - 00000000 ____D C:\Program Files\Process Explorer

2016-10-04 09:12 - 2013-07-05 21:10 - 00000000 ____D C:\Users\Doug\Documents\Scanned Documents

2016-10-01 17:54 - 2012-05-08 09:47 - 00000000 ___RD C:\Users\Doug\Dropbox

2016-10-01 17:47 - 2016-05-15 21:45 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job

2016-10-01 17:42 - 2010-09-16 08:36 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Nitro PDF

2016-10-01 17:22 - 2009-11-28 13:13 - 00000000 ____D C:\Users\Doug\Documents\Misc

2016-10-01 13:21 - 2015-12-20 14:54 - 00000000 ____D C:\Users\Doug\Desktop\Camera

2016-10-01 07:45 - 2013-11-08 22:33 - 00000000 ____D C:\Users\Doug\AppData\LocalLow\LastPass

2016-09-30 21:23 - 2015-07-31 09:19 - 00000000 ____D C:\Users\Doug\AppData\Local\Dropbox

2016-09-30 17:45 - 2014-08-21 09:36 - 00000000 ____D C:\Program Files\Dropbox

2016-09-30 03:19 - 2014-02-13 11:31 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2016-09-30 03:04 - 2013-01-19 14:42 - 00000000 ____D C:\Users\Doug\AppData\Roaming\Skype

2016-09-29 22:03 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\inf

2016-09-29 22:03 - 2006-11-02 04:33 - 00757484 _____ C:\Windows\system32\PerfStringBackup.INI

2016-09-28 21:13 - 2015-06-01 13:15 - 00000804 _____ C:\Users\Public\Desktop\CCleaner.lnk

2016-09-28 17:48 - 2014-10-29 15:50 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-09-28 17:43 - 2014-10-29 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-09-28 17:43 - 2014-10-29 15:49 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2016-09-28 15:16 - 2009-11-28 12:38 - 00000000 ____D C:\Users\Doug

2016-09-28 15:15 - 2013-01-19 14:42 - 00000000 ___RD C:\Program Files\Skype

2016-09-28 15:15 - 2013-01-19 14:41 - 00000000 ____D C:\ProgramData\Skype

2016-09-28 13:10 - 2015-12-22 10:57 - 00000000 ____D C:\Program Files\TeamViewer

2016-09-28 08:38 - 2006-11-02 05:18 - 00000000 ____D C:\Windows\rescache

2016-09-28 08:01 - 2015-11-12 09:50 - 00000616 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

2016-09-17 05:49 - 2006-11-02 06:47 - 00287952 _____ C:\Windows\system32\FNTCACHE.DAT

2016-09-17 05:48 - 2009-11-29 17:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2016-09-17 05:26 - 2013-08-12 03:01 - 00000000 ____D C:\Windows\system32\MRT

2016-09-17 03:52 - 2006-11-02 04:24 - 141747376 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe

2016-09-17 03:24 - 2010-06-18 03:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2016-09-17 03:08 - 2006-11-02 06:37 - 00000000 ____D C:\Program Files\Windows Journal

2016-09-14 08:18 - 2012-04-04 17:34 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2016-09-14 08:18 - 2011-05-20 22:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2016-09-14 07:53 - 2009-11-28 13:32 - 00000000 ____D C:\Windows\system32\Macromed

2016-09-14 07:35 - 2015-10-27 22:33 - 00000813 _____ C:\Users\Public\Desktop\AVG Protection.lnk

2016-09-14 07:35 - 2013-11-26 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

 

==================== Files in the root of some directories =======

 

2011-10-14 11:37 - 1999-05-07 14:05 - 0198354 _____ () C:\Program Files\BUDGET.RPT

2011-10-14 11:37 - 1999-05-07 15:52 - 0027933 _____ () C:\Program Files\COMP_US.RPT

2011-10-14 11:37 - 1997-06-26 05:36 - 0098304 _____ () C:\Program Files\CUSTOMER.MDB

2011-10-14 11:37 - 1997-06-25 05:40 - 0027385 _____ () C:\Program Files\CUSTOMER.RPT

2011-10-14 11:37 - 1997-06-25 05:40 - 0187158 _____ () C:\Program Files\FOLLOWUP.RPT

2001-09-19 05:10 - 2001-09-19 05:10 - 3808256 ____R () C:\Program Files\HEATLOSS.EXE

2011-10-14 11:37 - 1999-03-22 14:22 - 0233939 _____ () C:\Program Files\HEATLOSS.RPT

2011-10-14 17:29 - 2001-09-14 03:11 - 1016535 ____R () C:\Program Files\Hydronic Explorer Manual.pdf

2011-10-14 11:37 - 1999-05-03 15:56 - 0220875 _____ () C:\Program Files\MECH.RPT

2011-10-14 11:37 - 1999-05-03 16:15 - 0214536 _____ () C:\Program Files\MECHSUMM.RPT

2013-09-14 08:59 - 2013-12-09 10:12 - 0003744 _____ () C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml

2011-10-14 11:37 - 2000-04-28 16:59 - 0425984 _____ () C:\Program Files\PRJEMPTY.MDB

2011-10-14 11:37 - 2000-04-26 10:18 - 0229376 _____ () C:\Program Files\PROD_US.MDB

2011-10-14 11:37 - 2000-04-26 10:30 - 0425984 _____ () C:\Program Files\PROJECT.MDB

2011-10-14 11:37 - 1997-06-25 05:41 - 0187261 _____ () C:\Program Files\QOTECUST.RPT

2011-10-14 11:37 - 1997-06-25 05:41 - 0183689 _____ () C:\Program Files\QOTESUMM.RPT

2011-10-14 11:37 - 1999-03-23 10:09 - 0040591 _____ () C:\Program Files\QUIKTRAK.RPT

2011-10-14 11:37 - 1999-05-05 11:45 - 0204997 _____ () C:\Program Files\QUOTE.RPT

2011-10-14 11:37 - 1999-05-05 11:45 - 0203718 _____ () C:\Program Files\QUOTEMIN.RPT

2011-10-14 11:37 - 1996-07-08 14:19 - 0015985 _____ () C:\Program Files\REPAIR.EXE

2011-10-14 17:29 - 2001-09-14 03:11 - 0001078 ____R () C:\Program Files\SF.ICO

2011-10-14 11:37 - 2000-04-28 16:42 - 1192744 _____ () C:\Program Files\WRE.EXE

2011-10-14 11:37 - 1999-03-25 12:38 - 0646563 _____ () C:\Program Files\WRE.HLP

2013-11-08 22:35 - 2015-11-06 13:11 - 20320792 _____ (LastPass) C:\Program Files\Common Files\lpuninstall.exe

2012-08-18 22:05 - 2012-10-24 20:58 - 0003992 _____ () C:\Users\Doug\AppData\Roaming\LTspiceIV.ini

2015-02-14 09:59 - 2015-02-14 10:06 - 0000791 _____ () C:\Users\Doug\AppData\Roaming\Network Meter_Settings.ini

2014-10-08 17:34 - 2014-10-08 17:34 - 0893239 _____ () C:\Users\Doug\AppData\Local\a.zip

2014-10-08 17:34 - 2014-10-08 17:34 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Doug\AppData\Local\BcsKtYcHW.dll

2016-09-17 05:52 - 2016-09-17 05:52 - 0000680 _____ () C:\Users\Doug\AppData\Local\d3d9caps.dat

2014-02-14 22:57 - 2016-06-14 10:50 - 0007168 _____ () C:\Users\Doug\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2016-06-05 16:36 - 2016-06-05 16:36 - 0000058 _____ () C:\Users\Doug\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat

2014-02-17 21:26 - 2014-02-17 21:26 - 0000173 _____ () C:\Users\Doug\AppData\Local\msmathematics.qat.Doug

2013-05-14 18:07 - 2013-05-14 18:07 - 0047559 _____ () C:\ProgramData\1368574556.bdinstall.bin

2013-07-29 11:11 - 2013-07-29 11:11 - 0053896 _____ () C:\ProgramData\1375117804.bdinstall.bin

2013-07-29 11:41 - 2013-07-29 11:41 - 0053895 _____ () C:\ProgramData\1375119658.bdinstall.bin

2013-07-29 12:12 - 2013-07-29 12:12 - 0053895 _____ () C:\ProgramData\1375121494.bdinstall.bin

2013-07-29 12:43 - 2013-07-29 12:43 - 0053894 _____ () C:\ProgramData\1375123350.bdinstall.bin

2013-07-29 13:13 - 2013-07-29 13:13 - 0053895 _____ () C:\ProgramData\1375125176.bdinstall.bin

2013-07-29 13:44 - 2013-07-29 13:44 - 0053895 _____ () C:\ProgramData\1375127006.bdinstall.bin

2013-07-29 14:14 - 2013-07-29 14:14 - 0053897 _____ () C:\ProgramData\1375128832.bdinstall.bin

2013-07-29 14:45 - 2013-07-29 14:45 - 0053895 _____ () C:\ProgramData\1375130663.bdinstall.bin

2013-07-29 15:15 - 2013-07-29 15:15 - 0053895 _____ () C:\ProgramData\1375132492.bdinstall.bin

2013-07-29 15:45 - 2013-07-29 15:45 - 0053895 _____ () C:\ProgramData\1375134322.bdinstall.bin

2013-07-29 16:16 - 2013-07-29 16:16 - 0053894 _____ () C:\ProgramData\1375136150.bdinstall.bin

2013-07-29 16:46 - 2013-07-29 16:46 - 0053896 _____ () C:\ProgramData\1375137979.bdinstall.bin

2013-07-29 17:17 - 2013-07-29 17:17 - 0053896 _____ () C:\ProgramData\1375139812.bdinstall.bin

2013-07-29 17:47 - 2013-07-29 17:47 - 0053895 _____ () C:\ProgramData\1375141644.bdinstall.bin

2013-07-29 18:18 - 2013-07-29 18:18 - 0053897 _____ () C:\ProgramData\1375143471.bdinstall.bin

2013-07-29 18:49 - 2013-07-29 18:49 - 0053894 _____ () C:\ProgramData\1375145303.bdinstall.bin

2013-07-29 19:19 - 2013-07-29 19:19 - 0053895 _____ () C:\ProgramData\1375147134.bdinstall.bin

2013-07-29 19:50 - 2013-07-29 19:50 - 0053897 _____ () C:\ProgramData\1375148966.bdinstall.bin

2013-07-29 20:20 - 2013-07-29 20:20 - 0053895 _____ () C:\ProgramData\1375150795.bdinstall.bin

2013-07-29 20:51 - 2013-07-29 20:51 - 0053892 _____ () C:\ProgramData\1375152626.bdinstall.bin

2013-07-29 21:21 - 2013-07-29 21:21 - 0053896 _____ () C:\ProgramData\1375154455.bdinstall.bin

2013-07-29 21:52 - 2013-07-29 21:52 - 0053895 _____ () C:\ProgramData\1375156289.bdinstall.bin

2013-07-29 22:22 - 2013-07-29 22:22 - 0053896 _____ () C:\ProgramData\1375158117.bdinstall.bin

2013-07-29 22:53 - 2013-07-29 22:53 - 0053895 _____ () C:\ProgramData\1375159946.bdinstall.bin

2013-07-29 23:23 - 2013-07-29 23:23 - 0053895 _____ () C:\ProgramData\1375161771.bdinstall.bin

2013-07-30 08:57 - 2013-07-30 08:57 - 0053894 _____ () C:\ProgramData\1375196216.bdinstall.bin

2013-07-30 09:28 - 2013-07-30 09:28 - 0053894 _____ () C:\ProgramData\1375198056.bdinstall.bin

2013-07-30 09:58 - 2013-07-30 09:58 - 0053894 _____ () C:\ProgramData\1375199897.bdinstall.bin

2013-07-30 10:29 - 2013-07-30 10:29 - 0053894 _____ () C:\ProgramData\1375201722.bdinstall.bin

2013-07-30 10:59 - 2013-07-30 10:59 - 0053894 _____ () C:\ProgramData\1375203544.bdinstall.bin

2013-07-30 11:29 - 2013-07-30 11:29 - 0053894 _____ () C:\ProgramData\1375205368.bdinstall.bin

2013-07-30 12:00 - 2013-07-30 12:00 - 0053894 _____ () C:\ProgramData\1375207190.bdinstall.bin

2013-07-30 12:31 - 2013-07-30 12:31 - 0053894 _____ () C:\ProgramData\1375209018.bdinstall.bin

2013-07-30 13:01 - 2013-07-30 13:01 - 0053894 _____ () C:\ProgramData\1375210851.bdinstall.bin

2013-07-30 13:32 - 2013-07-30 13:32 - 0053893 _____ () C:\ProgramData\1375212690.bdinstall.bin

2013-07-30 14:02 - 2013-07-30 14:02 - 0053893 _____ () C:\ProgramData\1375214520.bdinstall.bin

2013-07-30 18:07 - 2013-07-30 18:07 - 0053893 _____ () C:\ProgramData\1375229182.bdinstall.bin

2013-07-30 18:57 - 2013-07-30 18:57 - 0053894 _____ () C:\ProgramData\1375232194.bdinstall.bin

2013-07-30 19:27 - 2013-07-30 19:27 - 0053893 _____ () C:\ProgramData\1375234026.bdinstall.bin

2013-07-30 21:33 - 2013-07-30 21:33 - 0053893 _____ () C:\ProgramData\1375241553.bdinstall.bin

2013-07-30 22:03 - 2013-07-30 22:03 - 0053893 _____ () C:\ProgramData\1375243379.bdinstall.bin

2013-07-30 22:34 - 2013-07-30 22:34 - 0053894 _____ () C:\ProgramData\1375245216.bdinstall.bin

2013-07-30 23:05 - 2013-07-30 23:05 - 0053894 _____ () C:\ProgramData\1375247046.bdinstall.bin

2013-07-31 00:59 - 2013-07-31 00:59 - 0053894 _____ () C:\ProgramData\1375253930.bdinstall.bin

2013-07-31 03:01 - 2013-07-31 03:01 - 0053894 _____ () C:\ProgramData\1375261238.bdinstall.bin

2013-07-31 03:32 - 2013-07-31 03:32 - 0053895 _____ () C:\ProgramData\1375263081.bdinstall.bin

2013-08-01 11:53 - 2013-08-01 11:53 - 0053894 _____ () C:\ProgramData\1375379557.bdinstall.bin

2013-08-25 20:55 - 2013-08-25 20:55 - 0032333 _____ () C:\ProgramData\1377485656.bdinstall.bin

2013-06-28 09:11 - 2013-06-28 09:11 - 0000057 _____ () C:\ProgramData\Ament.ini

2009-11-29 15:09 - 2009-11-29 15:09 - 0000127 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

2012-01-11 16:13 - 2014-01-20 16:14 - 0000899 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

2013-06-12 21:14 - 2012-02-21 07:44 - 0120831 _____ () C:\ProgramData\MyNetDashboard.ico

2013-04-18 11:10 - 2013-04-18 11:10 - 1982269 _____ () C:\ProgramData\SPL1534.tmp

2013-06-17 19:13 - 2013-06-17 19:13 - 1114728 _____ () C:\ProgramData\SPL1DCC.tmp

2013-04-13 09:11 - 2013-04-13 09:11 - 10047392 _____ () C:\ProgramData\SPL1F9B.tmp

2013-06-16 12:56 - 2013-06-16 12:56 - 0340914 _____ () C:\ProgramData\SPL28BA.tmp

2013-04-18 11:03 - 2013-04-18 11:03 - 1450798 _____ () C:\ProgramData\SPL33DD.tmp

2013-04-19 16:24 - 2013-04-19 16:24 - 1501991 _____ () C:\ProgramData\SPL376B.tmp

2013-06-17 17:55 - 2013-06-17 17:55 - 1114728 _____ () C:\ProgramData\SPL3B5D.tmp

2013-06-18 13:20 - 2013-06-18 13:21 - 14834460 _____ () C:\ProgramData\SPL45D9.tmp

2013-06-14 23:14 - 2013-06-14 23:14 - 1899972 _____ () C:\ProgramData\SPL49BE.tmp

2012-01-17 21:20 - 2012-01-17 21:20 - 1448132 _____ () C:\ProgramData\SPL4CE9.tmp

2013-05-03 10:25 - 2013-05-03 10:25 - 2223497 _____ () C:\ProgramData\SPL5A24.tmp

2013-04-01 18:17 - 2013-04-01 18:17 - 0616266 _____ () C:\ProgramData\SPL5B68.tmp

2013-08-07 15:01 - 2013-08-07 15:01 - 1110215 _____ () C:\ProgramData\SPL6A00.tmp

2013-06-07 10:29 - 2013-06-07 10:29 - 5873674 _____ () C:\ProgramData\SPL7015.tmp

2013-06-14 22:46 - 2013-06-14 22:46 - 1641191 _____ () C:\ProgramData\SPL70AC.tmp

2013-01-16 13:20 - 2013-01-16 13:20 - 2072024 _____ () C:\ProgramData\SPL750D.tmp

2013-07-02 13:34 - 2013-07-02 13:34 - 1656488 _____ () C:\ProgramData\SPL7572.tmp

2013-05-10 10:01 - 2013-05-10 10:01 - 0744145 _____ () C:\ProgramData\SPL7D4C.tmp

2013-04-27 06:20 - 2013-04-27 06:20 - 0476604 _____ () C:\ProgramData\SPL8FA9.tmp

2013-05-03 12:04 - 2013-05-03 12:04 - 0801328 _____ () C:\ProgramData\SPL9A57.tmp

2013-10-30 14:43 - 2013-10-30 14:43 - 0492150 _____ () C:\ProgramData\SPLA15A.tmp

2013-06-14 22:23 - 2013-06-14 22:23 - 1343403 _____ () C:\ProgramData\SPLAC2A.tmp

2013-07-03 02:50 - 2013-07-03 02:50 - 0302057 _____ () C:\ProgramData\SPLB88D.tmp

2013-05-01 17:56 - 2013-05-01 17:56 - 0203928 _____ () C:\ProgramData\SPLBE.tmp

2013-06-14 23:04 - 2013-06-14 23:04 - 1050299 _____ () C:\ProgramData\SPLC1C.tmp

2013-04-13 17:06 - 2013-04-13 17:06 - 2050924 _____ () C:\ProgramData\SPLC46D.tmp

2013-06-14 22:53 - 2013-06-14 22:53 - 1641191 _____ () C:\ProgramData\SPLCADC.tmp

2013-10-09 17:11 - 2013-10-09 17:11 - 1263888 _____ () C:\ProgramData\SPLCCE5.tmp

2013-04-19 09:15 - 2013-04-19 09:15 - 0554208 _____ () C:\ProgramData\SPLCE2C.tmp

2012-02-01 10:08 - 2012-02-01 10:12 - 0524288 _____ () C:\ProgramData\SPLCE95.tmp

2013-08-13 12:34 - 2013-08-13 12:34 - 0497348 _____ () C:\ProgramData\SPLD102.tmp

2013-04-22 18:06 - 2013-04-22 18:06 - 1574540 _____ () C:\ProgramData\SPLD315.tmp

2013-04-24 13:32 - 2013-04-24 13:32 - 0529644 _____ () C:\ProgramData\SPLD755.tmp

2013-05-03 12:07 - 2013-05-03 12:07 - 0801328 _____ () C:\ProgramData\SPLD93E.tmp

2013-04-18 10:31 - 2013-04-18 10:31 - 2207467 _____ () C:\ProgramData\SPLDE1F.tmp

2013-06-16 12:51 - 2013-06-16 12:51 - 0340914 _____ () C:\ProgramData\SPLE44B.tmp

2013-04-24 13:58 - 2013-04-24 13:58 - 1613311 _____ () C:\ProgramData\SPLE5E7.tmp

2013-04-01 18:05 - 2013-04-01 18:05 - 0616266 _____ () C:\ProgramData\SPLEAF9.tmp

2013-06-14 22:30 - 2013-06-14 22:30 - 1343403 _____ () C:\ProgramData\SPLF601.tmp

2013-04-01 17:53 - 2013-04-01 17:53 - 0616266 _____ () C:\ProgramData\SPLFB17.tmp

2013-04-18 11:09 - 2013-04-18 11:09 - 1450798 _____ () C:\ProgramData\SPLFC96.tmp

2013-06-24 13:24 - 2013-06-24 13:24 - 0556697 _____ () C:\ProgramData\SPLFD9B.tmp

2014-02-08 16:07 - 2012-02-21 07:45 - 0122493 _____ () C:\ProgramData\WDInternetSecurityAndParentalControl.ico

 

Some files in TEMP:

====================

C:\Users\Doug\AppData\Local\Temp\avguirn_081010210452.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_081228933307.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_08132060503.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_081446301072.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_081679347061.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_082074827425.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_08318814644.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_08570510816.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_08799318210.exe

C:\Users\Doug\AppData\Local\Temp\avguirn_08937675877.exe

C:\Users\Doug\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqvjf3m.dll

C:\Users\Doug\AppData\Local\Temp\jre-8u66-windows-au.exe

C:\Users\Doug\AppData\Local\Temp\jre-8u73-windows-au.exe

C:\Users\Doug\AppData\Local\Temp\jre-8u77-windows-au.exe

C:\Users\Doug\AppData\Local\Temp\jre-8u91-windows-au.exe

C:\Users\Doug\AppData\Local\Temp\msvcp120.dll

C:\Users\Doug\AppData\Local\Temp\msvcr120.dll

C:\Users\Doug\AppData\Local\Temp\OperaSetup (4) xp.exe

C:\Users\Doug\AppData\Local\Temp\pc-decrapifier.exe

C:\Users\Doug\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Doug's admin\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap ======================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2016-10-04 10:27

 

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 08 October 2016 - 10:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:


Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Run: [] => [X]
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-25 16:20:15&v=4.3.1.831&pid=wtu&sg=&sap=hp
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-25 16:20:15&v=4.2.9.726&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-1594974418-99518713-3433766237-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-01-25 16:20:15&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1594974418-99518713-3433766237-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={97C30F0D-24EE-4564-B810-A8EC77CEB479}&mid=71cacfc23f4ace72c5c292b72e0dfb56-a622ab52f70c7bb7abb5b9a944557d2b45ed771c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-01-25 16:20:15&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
FF Extension: (No Name) - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\1v3zhkf7.default\extensions\multipletab@piro.sakura.ne.jp.xpi [not found]
FF Extension: (No Name) - C:\ProgramData\AVG Secure Search\12.2.5.34\ [not found]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF HKU\S-1-5-21-1594974418-99518713-3433766237-1000\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\WordWeb\WCaptureMoz => not found
FF Plugin: @mcafee.com/MVT -> C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1594974418-99518713-3433766237-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Doug\AppData\Roaming\CATALI~2\NPBCSK~1.DLL [No File]
FF Plugin HKU\S-1-5-21-1594974418-99518713-3433766237-1000: navionics.com/NavConnect -> C:\Program Files\Chart Installer\npNavConnect.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPcol400.dll [2012-02-19] (Catalina Marketing Corporation)
CHR Extension: (Google Wallet) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\5 backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-05]
S2 RHDCStarter; Ú\Dummy.exe [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]
S3 StarOpen; no ImagePath
S3 usbbus; system32\DRIVERS\lgusbbus.sys [X]
S3 USBModem; system32\DRIVERS\lgusbmodem.sys [X]
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{00EEBF57-477D-4084-9921-7AB3C2C9459D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{03022430-ABC4-11D0-BDE2-00AA001A1953}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{06EEE834-461C-42C2-8DCF-1502B527B1F9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{078759D3-423B-48AD-AB6A-5638C2884DBE}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{0B91A74B-AD7C-4A9D-B563-29EEF9167172}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{0C15D503-D017-47CE-9016-7B3F978721CC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{2BC0DA0E-F1BC-43AB-B4B5-738EB6B51E7E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{35786D3C-B075-49B9-88DD-029876E11C01}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{3AD05575-8857-4850-9277-11B85BDB8E09}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4662DAA6-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4662DAA7-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4662DAA9-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4662DAAA-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4662DAAD-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4662DAAF-D393-11D0-9A56-00C04FB68BF7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4662DAB0-D393-11D0-9A56-00C04FB68B66}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{50EF4544-AC9F-4A8E-B21B-8A26180DB13F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{5D02926A-212E-11D0-9DF9-00A0C922E6EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{5E529433-B50E-4BEF-A63B-16A6B71B071A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{603D3800-BD81-11D0-A3A5-00C04FD706EC}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{6311429E-2F1A-4777-880F-C7289FD10169}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{640167B4-59B0-47A6-B335-A6B3C0695AEA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{77F419AA-771A-45FF-AC66-7567FA3243D3}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{8FA0D5A8-DEDF-11D0-9A61-00C04FB68BF7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{942BC614-676C-464E-B384-D3202AAA02DA}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{9CFC2DF3-6BA3-46EF-A836-E519E81F0EC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{B056521A-9B10-425E-B616-1FCD828DB3B1}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{CACAF262-9370-4615-A13B-9F5539DA4C0A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{CD773740-B187-4974-A1D5-E0FF91372277}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{D969A300-E7FF-11D0-A93B-00A0C90F2719}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{F3364BA0-65B9-11CE-A9BA-00AA004AE837}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{FBF23B40-E3F0-101B-8488-00AA003E56F8}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1594974418-99518713-3433766237-1000_Classes\CLSID\{FE841493-835C-4FA3-B6CC-B4B2D4719848}\InprocServer32 -> no filepath
Task: {4F11F7C3-F9C2-44FA-9936-3D84005C4191} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
Task: {95570607-C790-41F8-84AB-4F27DCA641EF} - System32\Tasks\1215avUpdateInfo => C:\ProgramData\Avg_Update_1215av\1215av_AVG-Secure-Search-Update.exe [2015-11-22] ()
Task: C:\Windows\Tasks\1215avUpdateInfo.job => C:\ProgramData\Avg_Update_1215av\1215av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [119]
AlternateDataStreams: C:\Users\Doug\Desktop\Florida Cruising Guide:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Doug\Desktop\For Trip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Doug\Desktop\Working Specifications and Operating Instructions.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Doug\Desktop\Working Still Crazy maintenance log.xlsx:com.dropbox.attributes [168]
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-1594974418-99518713-3433766237-1000\Software\Classes\.reg:  =>  <===== ATTENTION


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 DBBBleeping

DBBBleeping
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 09 October 2016 - 10:41 PM

Thanks again for your help.

 

Unfortunately, none of the issues were fixed.

 

1  Execution Services Stopped Issue;  The messages are still occurring.  However, I just found out that the message is associated with The Prey Project software (an app that helps deal with stolen devices) and comes from the file wpxsvc.exe.  I have emailed Prey to see if they will help.

 

2. Constant high usage of CPU issue:  No change in condition.  As per the Resource Manager, there is a constant 55-60% CPU usage that is not accounted for in the CPU list.  Notably, Process Explorer does not show the same values and does not show the constant usage.  However, when the computer is used, it quickly gets slow and causes a familiar major slow down in operation including the sound of the hard drive working at full load.

 

3.  Audio Issues:  No change.

 

 

Please note I did not remove Coupons.com files because I use it.  I have noted that sometimes there are PUP's associated with it.  The certificate for the file is good.  Please let me know if you disagree with my conclusion.

 

What now???

 

Doug

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 10 October 2016 - 10:44 AM

Please note I did not remove Coupons.com files because I use it. I have noted that sometimes there are PUP's associated with it.


It is known to give you popups. Your call.

===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

---

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

===
p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Add/Remove programs applet.

#5 DBBBleeping

DBBBleeping
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 11 October 2016 - 09:54 AM

I have started Zoek, however, it is in it's 19th hour since it started!

Is that to be expected? It shows information that it is working and is currently on msconfig check, deleting registry keys and empty IE cache. Should I let it continue?

#6 DBBBleeping

DBBBleeping
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 11 October 2016 - 03:09 PM

I have attached the Zoek file.  It took almost 21 hours to complete.  What's up with that?

 

No different operation of the computer.

 

Secunia website must be done at the moment.  Will run it when I can.

Attached Files


Edited by DBBBleeping, 11 October 2016 - 03:17 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 12 October 2016 - 08:31 AM

Let me know how things are after you have updated all your drivers.

#8 DBBBleeping

DBBBleeping
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 12 October 2016 - 09:44 AM

I have downloaded Secunia and installed it, but when I try to run it I get a message:

 

Unable to retrieve PSI user data from Segunia

Please verify you are able to connect to https://psi3.segunia.com and then restart PSI

Note: Proxy support is currently unavailable.  If your system requires.............

 

Although previously I was able to go to the site referenced, today I cannot.  I get a message : psi3.segunia.com’s DNS address could not be found.

I do not believe I am using a proxy, but not sure.

 

Per the Segunia sit (http://www.flexerasoftware.com/enterprise/products/software-vulnerability-management/personal-software-inspector/tab/faq), I have made sure active scripting is selected and Segunia is a trusted site.  When I try to verify that PSI is listed in the services tool and set to automatic, I do not find a PSI service listed.  Segunia does not say what to do if it is not listed.  Can you help?

 

There has been no change in the operation of my computer.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 13 October 2016 - 09:03 AM


Is your Microsoft Internet Explorer set Offline?
Check this topic.
http://secunia.com/community/forum/thread/show/12951/psi_2_to_psi_3_update_fail
---

#10 DBBBleeping

DBBBleeping
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 13 October 2016 - 11:02 PM

Still no progress on Secunia - I have asked the forum for help.  Your suggestion did not work.

 

However, I have just solved all the issues.  Since the Execution Services message was bugging me and I knew where it was coming from, I uninstalled Prey.  When I did that, the 55-60% CPU usage went away immediately AND the audio issue cleared up immediately.  I don't understand it, but it's fixed!

 

Thanks for your help - I certainly appreciate the time you spent.

 

Doug



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 14 October 2016 - 09:22 AM

Good work.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 DBBBleeping

DBBBleeping
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 20 October 2016 - 10:59 AM

Thanks for your help with this, nasdaq.

 

Can you please comment on the post by Imacri as seen here: https://secunia.com/community/forum/thread/show/15751

 

Do you have any suggestions for me?

 

Thanks again



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 20 October 2016 - 12:31 PM


Only learned this morning that Secunia is NOW OWNED BY Flexera Software

Navigate to this page.
http://learn.flexerasoftware.com/SVM-EVAL-Personal-Software-Inspector

Download and run the Flexera Software Personal Software Inspector.


Hope that helps.

#14 DBBBleeping

DBBBleeping
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:59 AM

Posted 20 October 2016 - 02:26 PM

Download and run the Flexera Software Personal Software Inspector.

 

You had already recommended I do that but I was having trouble getting it to work so I posted on Secunia's website for help with that (still haven't gotten it to work).  But a contributor there (Imacri) made this comment and suggested I ask you about it:

 

I'm not a malware removal specialist, but the Additions.txt file you attached with your original post indicated that you have over 15,000 entries in your Hosts file (C:\Windows\system32\Drivers\etc\hosts). I suspect you used the Immunize feature of your Spybot Search & Destroy v2.4 to add most of these IP addresses for known malicious websites, but having this many entries in your Hosts file can seriously degrade your system performance 

 

Do you think there are issues here that I should address?

 

Thanks



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:59 AM

Posted 21 October 2016 - 09:22 AM


He may be correct. The Hosts file is large and may be corrupted.

I suggest your remove Spybot and destroy and all the folders.
Instructions on this page.
https://www.safer-networking.org/faq/how-to-uninstall-2/

Restart the computer normally.

If all is well after the restart you decide if you want to re-install the application and start with a clean host file.

Before you re-install Spybot run this fix to reset the default hosts file.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

Hosts:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users