Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox not responding during startup and high memory usage


  • This topic is locked This topic is locked
3 replies to this topic

#1 phased1

phased1

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 22 February 2017 - 04:43 AM

Hello, when I start Firefox it freezes for a couple of minutes causing my chrome browser to also stop working.  Firefox then unfreezes itself but periodically freezes during usage.  Happens often when viewing flash videos.  I also noticed when Firefox is not responding I see the memory usage in my Windows Task Manager to be very high.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-02-2017
Ran by Eric (administrator) on ERIC-PC (22-02-2017 01:29:02)
Running from C:\Users\Eric\Downloads
Loaded Profiles: Eric & postgres (Available Profiles: Eric & postgres)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
() C:\Program Files\Razer\DeathAdder\razerhid.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(Razer USA Ltd) C:\Program Files\Razer\BlackWidow\BlackWidowTray.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(BitTorrent, Inc.) C:\Program Files\DNA\btdna.exe
(Hyperdesktop) C:\Users\Eric\AppData\Roaming\Hyperdesktop\hyperdesktop.exe
() C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DeathAdder] => C:\Program Files\Razer\DeathAdder\razerhid.exe [159744 2007-09-07] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [8900328 2016-08-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [Razer Blackwidow Driver] => C:\Program Files\Razer\BlackWidow\BlackwidowTray.exe [887696 2012-05-09] (Razer USA Ltd)
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\...\Run: [BitTorrent DNA] => C:\Program Files\DNA\btdna.exe [323392 2010-01-14] (BitTorrent, Inc.)
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\...\Run: [Google Update] => C:\Users\Eric\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-16] (Google Inc.)
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\...\Run: [PhotoJoy] => C:\Program Files\PhotoJoy\bin\PhotoJoy.exe /c
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\...\Run: [Hyperdesktop] => C:\Users\Eric\AppData\Roaming\Hyperdesktop\hyperdesktop.exe [316000 2013-02-22] (Hyperdesktop)
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\...\Run: [Viber] => "C:\Users\Eric\AppData\Local\Viber\Viber.exe" <===== ATTENTION
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PHOTOJ~1.SCR
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll [2016-07-11] (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 64.59.144.100 64.59.150.143
Tcpip\..\Interfaces\{DF3F8EF1-3A4E-4B56-A9ED-416B512148A6}: [DhcpNameServer] 64.59.144.100 64.59.150.143
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2016-07-11] (AVAST Software)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\9yi75flc.default-1441530683767 [2017-02-22]
FF Homepage: Mozilla\Firefox\Profiles\9yi75flc.default-1441530683767 -> hxxps://thepiratebay.se/top/201
about:preferences
FF Extension: (uBlock Origin) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\9yi75flc.default-1441530683767\Extensions\uBlock0@raymondhill.net.xpi [2017-02-21]
FF Extension: (Adblock Plus) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\9yi75flc.default-1441530683767\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Greasemonkey) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\9yi75flc.default-1441530683767\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\9yi75flc.default-1441530683767\features\{981df50f-1c26-4d40-97ac-2f45b7bf02bf}\disableSHA1rollout@mozilla.org.xpi [2017-02-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2016-07-11]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\Alwil Software\Avast5\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\Alwil Software\Avast5\SafePrice\FF [2016-07-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-06] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2013-04-08] ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-10] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin: @veetle.com/veetleCorePlugin,version=0.9.18 -> C:\Program Files\Veetle\plugins\npVeetle.dll [2010-10-15] (Veetle Inc)
FF Plugin: @veetle.com/veetlePlayerPlugin,version=0.9.18 -> C:\Program Files\Veetle\Player\npvlc.dll [2010-09-21] (Veetle Inc)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2840043134-1694784246-1973955215-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Eric\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll [2010-10-12] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2840043134-1694784246-1973955215-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2840043134-1694784246-1973955215-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\libdivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-04-12] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2009-05-12] (DivX,Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2011-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2011-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2011-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2011-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2011-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2011-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2011-06-04] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ssldivx.dll [2009-05-01] (The OpenSSL Project, http://www.openssl.org/)
FF Plugin ProgramFiles/Appdata: C:\Users\Eric\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2010-10-15] (Octoshape ApS)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2013-08-07]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.reddit.com/"
CHR Plugin: (Native Client) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX Web Player) - C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll (DivX,Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Octoshape Streaming Services) - C:\Users\Eric\AppData\Roaming\Mozilla\plugins\npoctoshape.dll (Octoshape ApS)
CHR Plugin: (Octoshape Streaming Services) - C:\Users\Eric\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default [2017-02-22]
CHR Extension: (Tampermonkey) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-06]
CHR Extension: (Adobe Acrobat) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Stylish - Custom themes for any website) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2017-02-19]
CHR Extension: (AdBlock) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-17]
CHR Extension: (Imagus) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2017-02-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-02-15]
CHR Extension: (Flamite - Tinder on your browser) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2017-01-22]
CHR Extension: (ICE Quick Stream) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp [2012-04-28]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]
StartMenuInternet: Google Chrome - C:\Users\Eric\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [197128 2016-07-11] (AVAST Software)
R2 pgsql-8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [65536 2008-09-19] (PostgreSQL Global Development Group) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2011-08-19] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-07-11] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-07-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-07-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-07-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-07-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-07-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-07-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-07-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224616 2016-08-05] (AVAST Software)
R3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2011-08-19] (Logitech Inc.)
R3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [22784 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-11-23] (DT Soft Ltd)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-09-23] (LogMeIn, Inc.)
S3 LycoFltr; C:\Windows\System32\Drivers\Lycosa.sys [16640 2009-09-30] (Razer USA Ltd.) [File not signed]
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [124672 2011-05-12] (Razer USA Ltd)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [721904 2009-11-20] (Duplex Secure Ltd.)
S3 vHidDev; C:\Windows\System32\DRIVERS\vHidDev.sys [5760 2009-12-21] (Windows ® Win 7 DDK provider)
S3 ESEADriver2; \??\C:\Users\Eric\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-22 01:29 - 2017-02-22 01:29 - 00022306 _____ C:\Users\Eric\Downloads\FRST.txt
2017-02-22 01:28 - 2017-02-22 01:28 - 01764864 _____ (Farbar) C:\Users\Eric\Downloads\FRST.exe
2017-01-31 00:26 - 2017-02-03 10:38 - 00000000 ____D C:\Program Files\PokerTracker 4
2017-01-31 00:26 - 2017-01-31 00:26 - 00000996 _____ C:\Users\postgres\Desktop\PokerTracker 4.lnk
2017-01-31 00:26 - 2017-01-31 00:26 - 00000996 _____ C:\Users\Eric\Desktop\PokerTracker 4.lnk
2017-01-31 00:26 - 2017-01-31 00:26 - 00000016 _____ C:\ProgramData\mntemp
2017-01-31 00:26 - 2017-01-31 00:26 - 00000000 ____D C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2017-01-31 00:26 - 2017-01-31 00:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerTracker 4
2017-01-30 19:30 - 2017-02-01 16:32 - 00001907 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk
2017-01-30 19:30 - 2017-02-01 16:32 - 00001883 _____ C:\Users\Eric\Desktop\888poker.lnk
2017-01-30 19:30 - 2017-02-01 16:32 - 00000000 ____D C:\Users\Eric\AppData\Roaming\InstallShield Installation Information
2017-01-30 19:29 - 2017-01-30 19:29 - 00645368 _____ (TODO: <Company name>) C:\Users\Eric\Downloads\888poker_installer.exe
2017-01-30 17:51 - 2017-01-30 17:52 - 00143800 _____ C:\Windows\Minidump\013017-25359-01.dmp
2017-01-30 16:46 - 2017-01-30 16:54 - 00000000 ____D C:\Program Files\PokerStars
2017-01-23 23:19 - 2017-02-02 00:00 - 00000000 ____D C:\Users\Eric\Documents\888poker
2017-01-23 23:18 - 2017-02-01 16:32 - 00000000 ____D C:\Users\Eric\AppData\Roaming\PacificPoker
2017-01-23 23:18 - 2017-01-30 19:30 - 00000000 ____D C:\Program Files\PacificPoker
2017-01-23 23:16 - 2017-01-23 23:18 - 00000000 ____D C:\Users\Eric\Documents\PokerInstallerLogs
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-22 01:29 - 2014-09-08 17:15 - 00000000 ____D C:\FRST
2017-02-22 01:27 - 2010-01-14 14:11 - 00000000 ____D C:\Users\Eric\AppData\Roaming\DNA
2017-02-22 01:08 - 2016-11-16 15:20 - 00000000 ____D C:\Users\Eric\AppData\LocalLow\Mozilla
2017-02-21 20:13 - 2009-07-13 20:34 - 00019248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-21 20:13 - 2009-07-13 20:34 - 00019248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-21 20:07 - 2010-01-14 14:11 - 00000000 ____D C:\Program Files\DNA
2017-02-21 20:06 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-12 09:41 - 2010-01-09 23:27 - 10524672 ___SH C:\Users\Eric\Downloads\Thumbs.db
2017-02-06 21:16 - 2015-02-26 19:28 - 533556858 _____ C:\Windows\MEMORY.DMP
2017-02-06 21:16 - 2010-09-18 19:38 - 00000000 ____D C:\Windows\Minidump
2017-02-06 20:38 - 2011-04-09 20:52 - 00002370 _____ C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 00:58 - 2009-07-13 20:53 - 00032570 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-02-03 16:36 - 2009-12-24 13:28 - 02313216 ___SH C:\Users\Eric\Desktop\Thumbs.db
2017-02-03 16:26 - 2015-02-19 17:22 - 00000000 ____D C:\Users\Eric\AppData\Local\Steam
2017-02-02 21:10 - 2014-03-20 17:27 - 00002299 _____ C:\Users\Eric\Documents\anion plumbing stuff.txt
2017-02-01 16:32 - 2009-12-23 19:08 - 00000000 ____D C:\Users\Eric\AppData\Local\Downloaded Installations
2017-01-31 10:23 - 2014-11-09 19:35 - 00000000 ____D C:\Users\Eric\AppData\Local\PokerTracker 4
2017-01-30 16:54 - 2012-06-23 20:58 - 00000000 ____D C:\Users\Eric\AppData\Local\PokerStars
2017-01-29 23:52 - 2010-01-26 13:20 - 00000000 ____D C:\Users\Eric\AppData\Roaming\vlc
2017-01-29 21:05 - 2009-10-24 13:59 - 00000000 ____D C:\Users\Eric\AppData\Roaming\BitTorrent
2017-01-28 10:37 - 2012-04-25 22:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-01-27 16:42 - 2016-11-16 15:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-01-24 19:08 - 2016-04-25 20:00 - 00000000 ____D C:\Users\Eric\AppData\Local\Bodog.eu
 
==================== Files in the root of some directories =======
 
2010-02-04 01:08 - 2010-02-04 01:08 - 0138056 _____ () C:\Users\Eric\AppData\Roaming\PnkBstrK.sys
2011-05-23 23:31 - 2011-05-23 23:31 - 0005078 _____ () C:\ProgramData\bltofzsb.qlf
2010-01-09 19:53 - 2008-04-30 18:28 - 1654869 _____ (Dynu Systems Inc.) C:\ProgramData\DynuEncrypt.dll
2014-11-09 19:35 - 2014-11-09 19:35 - 0004913 _____ () C:\ProgramData\flwjycbm.bab
2011-04-11 15:37 - 2011-02-10 15:37 - 0000032 ____R () C:\ProgramData\hash.dat
2017-01-31 00:26 - 2017-01-31 00:26 - 0000016 _____ () C:\ProgramData\mntemp
2009-11-24 22:20 - 2009-11-24 22:20 - 0004985 _____ () C:\ProgramData\ojvzdisj.xda
 
Files to move or delete:
====================
C:\ProgramData\DynuEncrypt.dll
C:\ProgramData\hash.dat
 
 
Some files in TEMP:
====================
2017-01-23 23:17 - 2017-01-30 19:30 - 130364078 _____ ([Publisher]) C:\Users\Eric\AppData\Local\temp\888pokersetup.exe
2017-01-20 15:32 - 2017-01-20 15:32 - 0635556 _____ (Random-Logic) C:\Users\Eric\AppData\Local\temp\installer.exe
2017-01-20 15:31 - 2017-01-20 15:31 - 130368293 _____ ([Publisher]) C:\Users\Eric\AppData\Local\temp\setup.exe
2017-01-23 23:57 - 2017-01-30 16:26 - 0645368 _____ (TODO: <Company name>) C:\Users\Eric\AppData\Local\temp\WebInstallerSD.exe
2017-01-30 16:54 - 2017-01-30 16:46 - 0381440 _____ (Rational Intellectual Holdings Ltd.) C:\Users\Eric\AppData\Local\temp\_unps.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-02 18:58
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 23 February 2017 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn your System Restore ON - Windows Help
https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Plugin: (Native Client) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Google Update) - C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Extension: (Flamite - Tinder on your browser) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2017-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]
S3 ESEADriver2; \??\C:\Users\Eric\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\psuser.dll => No File
C:\Windows\MEMORY.DMP

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.iu.edu/d/ahic#firefox
<<<>>>

The tool will create a log (Fixlog.txt) please post it to your reply.

ADOBE FLASH PLAYER

Go to this page with Firefox or Opera to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!

If Firefox is still crashing just remove the old versions as suggested below.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old versions of Java via the Control Panel > Programs > Programs and Features.
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java™ 6 Update 20 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216016FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)


Please let me know what problem persists with this computer.

#3 phased1

phased1
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:12 PM

Posted 23 February 2017 - 09:25 PM

Here is my fixlog.  Problem looks like its fixed so far.

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 19-02-2017
Ran by Eric (23-02-2017 17:34:41) Run:2
Running from C:\Users\Eric\Desktop
Loaded Profiles: Eric & postgres (Available Profiles: Eric & postgres)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll => No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll => No File
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [No File]
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR Plugin: (Native Client) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (DNA Plug-in) - C:\Program Files\DNA\plugins\npbtdna.dll => No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => No File
CHR Plugin: (Google Update) - C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Extension: (Flamite - Tinder on your browser) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk [2017-01-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Chrome Media Router) - C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2015-07-20]
S3 ESEADriver2; \??\C:\Users\Eric\AppData\Local\Temp\ESEADriver2.sys [X] <==== ATTENTION
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.31.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Eric\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Eric\AppData\Local\Google\Update\1.3.21.53\GoogleUpdateOnDemand.exe" => No File
CustomCLSID: HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\postgres\AppData\Local\Google\Update\1.3.21.53\psuser.dll => No File
C:\Windows\MEMORY.DMP
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully.
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key removed successfully.
HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key removed successfully.
HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} => key not found. 
HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0 => key removed successfully.
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully.
C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\pdf.dll => not found.
C:\Users\Eric\AppData\Local\Google\Chrome\Application\56.0.2924.87\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32.dll => not found.
C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => moved successfully
C:\Program Files\DNA\plugins\npbtdna.dll => not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll => not found.
C:\Users\Eric\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgobopgcnapcnblkpelgjjblnjjpgejk => moved successfully
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki => key removed successfully.
Could not move "C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx" => Scheduled to move on reboot.
HKLM\System\CurrentControlSet\Services\ESEADriver2 => key removed successfully.
ESEADriver2 => service removed successfully.
HKLM\System\CurrentControlSet\Services\taphss6 => key removed successfully.
taphss6 => service removed successfully.
HKLM\System\CurrentControlSet\Services\VBoxNetFlt => key removed successfully.
VBoxNetFlt => service removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key removed successfully.
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750} => key not found. 
HKU\S-1-5-21-2840043134-1694784246-1973955215-1003_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => key not found. 
C:\Windows\MEMORY.DMP => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 109852308 B
Java, Flash, Steam htmlcache => 163795464 B
Windows/system/drivers => 108691 B
Edge => 0 B
Chrome => 952539920 B
Firefox => 35285815 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 48655213 B
LocalService => 66708 B
NetworkService => 92026 B
Eric => 351797897 B
postgres => 0 B
 
RecycleBin => 229920 B
EmptyTemp: => 1.6 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 23-02-2017 17:38:25)
 
"C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx" => Could not move
 
==== End of Fixlog 17:38:25 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,587 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:12 PM

Posted 24 February 2017 - 08:37 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users