Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple gmail pages opening by themself: firefox


  • This topic is locked This topic is locked
32 replies to this topic

#1 Alyab123

Alyab123

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 28 December 2014 - 02:47 PM

I've been having a weird experience in the last few weeks. I leave firefox open on my pc for some time, while i go do other things. When I come back, The gmail and or google sign in page has opened in about 7 tabs. I can not say for sure if I left my browser on a google page when I walked away, but it certainly isn't likely, based on my typical activity. I have run superantispyware free edition, and it didn't find anything. My regular virus protection, isn't finding anything: Avast free. And Malwarebytes anti-malware hasn't found anything. Google searches haven't found anyone else presenting a similar problem. the default suggestion by firefox forums for problems, is usually to "reset" firefox, and lose a lot of my settings, which is a pain.

 

I'm wondering if anyone else has a suggestion of where I can look for a source to this quirk. perhaps I hit a function key by accident some time recently or something like that?

There is another quirk that started up even before this. At times, when I'm typing into a box, such as this one, or a compose gmail box, the paragraph starts to scroll up a bit without any prompt. In other words, it's not because I reached the end of a line in my typing. It's just scrolling up a bit as if it has a mind of its own. Since this is also not a consistent problem, I have no idea what I may have done to trigger this behavior!

 

Any suggestions, other than resetting firefox would be appreciated!

 

OK, here's an addendum: it just happened again while I was watching, when I gave little shake to the desk on which my monitor resides. My PC case, and keyboard, AND mouse were not even on the desk at the time... I had moved them onto the top of the case while I was cleaning my desk. (which is why it shook). Shaking the desk intentionally is not triggering the same action. Also, some other relevant information: Google is not even me home page on the browser!!

 

I'm using XP... Am almost switched over to windows 7, but haven't had TIME to do the switch. Firefox is version 34.0.5


Edited by Alyab123, 28 December 2014 - 03:05 PM.
Moved from Web Brrowsing/Email to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 31 December 2014 - 08:15 PM

Hello Alyab, and sorry for the delay in response to your topic!

We can get overwhelmed at times here at BC...but rest assured...now that I've responded, I'm going to stay with you until we get this sorted out! :)

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • Please copy and paste all logs here unless otherwise instructed!
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.
  • Please do not run any other tools without my instruction to do so!

These issues do not seem to be malware related at first glance, but we will see nonetheless! :wink:
 
==========
 

And Malwarebytes anti-malware hasn't found anything.

 
Could you please post the most recent log from Malwarebytes Antimalware (MBAM) so we can see the results (if you're not sure how to do this, please post back to let me know, and I will help you)?
 
==========
 

There is another quirk that started up even before this. At times, when I'm typing into a box, such as this one, or a compose gmail box, the paragraph starts to scroll up a bit without any prompt. In other words, it's not because I reached the end of a line in my typing. It's just scrolling up a bit as if it has a mind of its own. Since this is also not a consistent problem, I have no idea what I may have done to trigger this behavior!


Just for a quick check...while the machine is on and running, please unplug the keyboard and mouse from the PC tower...then plug them back in again, one at a time. ...See if this helps the functionality of either peripheral afterwards, and let me know. :)

====================
 
Next, I'd like you to run this tool and post the resultant log:
 
Please download Rkill by Grinler from one of the following links, and save it to your desktop.

  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete that file, then download and use the one provided in Link 2.
    • If the tool does not run from any of the links provided, please let me know.
    • When the tool has finished (will not take a long time to run), please copy and paste the log that opens into your next reply.

==============================

 

Be sure to post the requested logs in your next reply, as well as answer my questions so that I can better help you! :thumbup2:

 

bloopie



#3 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 31 December 2014 - 11:05 PM

Hello and thank you.

My PC is a Dell Dimension E521, which came with windows vista, and an option to change to XP professional, sp1a, which I did, considering the grief people were expressing about vista. I don't quite remember; it's possible that I had the option to purchase the PC with XP installed instead of Vista. If I had that option, then that is what I did.

The disk is not called a Windows XP OS installation CD.
It is a "re-installation" CD.
As I understand it, this is not the same thing, but if you know what you are doing, the OS CAN be installed clean with it. I think I even did it once. I just know the tech guy in Staples showed me what to do, and it included ignoring the instructions that appear when I would load the "re-installation" disk.
There is also a CD with utilities and drivers.
There is no back-up partition or anything on my hard drive.

Under history, in MBAM, the "view" button, is not functional. I can see the list of scans, the last being on Dec 25, but the only button that appears to be "live" is the delete button, whether or not a particular scan is ticked.
I have mbam logs exported to a folder, but they appear to be xml files. I do not know how to read them. Clicking on them opens Internet Explorer which I do not use EVER. But the information that appears is source code, not a report of any kind.

Just to be clear; I don't think this is what you want:

<?xml version="1.0" encoding="UTF-8" ?>
- <logs>
  <record severity="debug" LoggingEventType="1" datetime="2014-12-25T12:27:16.453125-05:00" source="Manual" type="Update" username="SYSTEM" systemname="BAILA" fromVersion="2014.12.14.1" last_modified_tag="bb606b08-e638-4642-a2c0-7225f2d75349" name="Rootkit Database" toVersion="2014.12.23.2" />
  <record severity="debug" LoggingEventType="1" datetime="2014-12-25T12:27:52.453125-05:00" source="Manual" type="Update" username="SYSTEM" systemname="BAILA" fromVersion="2014.12.18.6" last_modified_tag="df6371f0-b2eb-4259-b745-d4144de9072b" name="Malware Database" toVersion="2014.12.25.10" />
  <record severity="debug" scantype="threat" LoggingEventType="6" starttime="2014-12-25T12:27:54-05:00" datetime="2014-12-25T13:29:39.750000-05:00" source="Manual" type="Scan" username="SYSTEM" systemname="BAILA" last_modified_tag="413cc2a7-d3b5-401d-8ec5-37cbcaffeec6" duration="3695" malwaredetections="0" nonmalwaredetections="0" scanresult="completed" />
  </logs>

 

I did your remove and re-insert keyboard and mouse exercise. Time will tell if the phantom scrolling stops happening.
 

 

Here is the Rkill log:

 

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/31/2014 10:56:07 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

 * Reparse Point/Junctions Found (Most likely legitimate)!

     * C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a => C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 [Dir]

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 localhost

Program finished at: 12/31/2014 10:58:06 PM
Execution time: 0 hours(s), 1 minute(s), and 59 seconds(s)

 

Thank you again!


Edited by Alyab123, 31 December 2014 - 11:18 PM.


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 31 December 2014 - 11:54 PM

Hello again,

The help is my pleasure! :thumbup2:

 

Okay chances are, you purchased the system with XP (instead of Vista) installed. If the system originally came with Windows Vista, you would not be offered to "downgrade" to XP. :wink:

 

==========

Also, just to let you know, I have moved this topic to the Malware Removal Logs forum, so that we can get a complete set of logs posted.

==========
 

The disk is not called a Windows XP OS installation CD.
It is a "re-installation" CD.

If your system is a Dell, with a Dell "Re-Installation" CD...then you've got the proper disk needed for a full reinstallation if needed.

 

Dell is very good about not asking for a product key code when reinstalling your OS on a Dell system, with a Dell disk. That's why you were able to do this before even without a full Windows XP Installation CD (just FYI)...so that's good news! :)

 

This only holds true to Dell systems and disks though, so don't go trying this with any others!

==========

Here are two ways to retrieve the MBAM logs:

:step1:

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

:step2:

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd


====================

After you are done with the above (successful or not), please run FRST and post the two logs it produces in your next reply...instructions are below:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them (you should need the 32-bit version). Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

==========

Please post all requested logs in your next reply, or let me know if you had any trouble with any of the steps listed! :)

bloopie



#5 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 01 January 2015 - 12:11 AM

Here you go kind Sir:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/25/2014
Scan Time: 12:27:54 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.25.10
Rootkit Database: v2014.12.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Pessy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 553055
Time Elapsed: 1 hr, 1 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

******************

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by Pessy (administrator) on BAILA on 01-01-2015 00:04:28
Running from C:\Documents and Settings\Baila\Desktop
Loaded Profiles: Baila & Pessy (Available profiles: Baila & Pessy & esti & Admin & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files\Online Armor\oacat.exe
(Emsisoft GmbH) C:\Program Files\Online Armor\oasrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Blue Coat Systems, Inc.) C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [@OnlineArmor GUI] => C:\Program Files\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-11] (AVAST Software)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1454471165-1844237615-839522115-1003\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-1454471165-1844237615-839522115-1003\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1454471165-1844237615-839522115-1003\...\Policies\Explorer: [NoSaveSettings] 0
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1454471165-1844237615-839522115-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1454471165-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.startpage.com/
HKU\S-1-5-21-1454471165-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1454471165-1844237615-839522115-1062\Software\Microsoft\Internet Explorer\Main,Start Page = https://startpage.com/
SearchScopes: HKU\.DEFAULT -> {2D59A26F-65DA-4A5C-AFEF-96E62977B847} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/stg_drm.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245387491250
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Chessmaster%20Challenge/Images/armhelper.ocx
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
Handler: AutorunsDisabled\ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll [1033968 2013-10-11] (Emsisoft GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{075DE905-E2AF-483E-AC0D-DC1AE56EFD9A}: [NameServer] 208.67.220.220,208.67.222.222

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default
FF NewTab: https://startpage.com/do/mypage.pl?prf=22679f1cf5a58cd828e3179705e7b677
FF DefaultSearchEngine: Startpage (SSL)
FF SelectedSearchEngine: Startpage (SSL)
FF Homepage: https://startpage.com/do/mypage.pl?prf=22679f1cf5a58cd828e3179705e7b677
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\searchplugins\startpage-ssl.xml
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\donottrackplus@abine(2).com [2014-11-30]
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\https-everywhere@eff.org [2014-11-20]
FF Extension: Gmail Notifier (restartless) - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-12-15]
FF Extension: Webutation - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2014-11-19]
FF Extension: NoScript - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-19]
FF Extension: Adblock Edge - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-19]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\donottrackplus@abine(2).com [2014-11-30]
FF Extension: HTTPS-Everywhere - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\https-everywhere@eff.org [2014-11-20]
FF Extension: Gmail Notifier (restartless) - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi [2014-12-15]
FF Extension: Webutation - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2014-11-19]
FF Extension: NoScript - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-11-19]
FF Extension: Adblock Edge - C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-11-19]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-23]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]

Chrome:
=======
CHR HomePage: Default -> https://startpage.com/do/mypage.pl?prf=22679f1cf5a58cd828e3179705e7b677
CHR StartupUrls: Default -> "https://startpage.com/do/mypage.pl?prf=22679f1cf5a58cd828e3179705e7b677"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\internal-nacl-plugin No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-14]
CHR Extension: (Google Drive) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-14]
CHR Extension: (YouTube) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-14]
CHR Extension: (Google Search) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-14]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-07-31]
CHR Extension: (AdBlock) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-17]
CHR Extension: (ScriptBlock) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hcdjknjpbnhdoabbngpmfekaecnpajba [2014-11-03]
CHR Extension: (New Tab Redirect) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2014-11-17]
CHR Extension: (Webutation) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfclfmabiojpommfcalfdgjjeaahnjbj [2014-07-31]
CHR Extension: (Gmail) - C:\Documents and Settings\Pessy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-14]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-01]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-01]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 6to4; C:\WINDOWS\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-01] (AVAST Software)
R2 bckwfs; C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe [1715416 2014-01-24] (Blue Coat Systems, Inc.)
R2 OAcat; C:\Program Files\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)
S4 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S4 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
R2 SvcOnlineArmor; C:\Program Files\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-12-01] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [70384 2014-12-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55240 2014-12-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-12-01] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787800 2014-12-01] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [423784 2014-12-01] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57928 2014-12-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [206248 2014-12-01] ()
R1 bckd; C:\WINDOWS\System32\drivers\bckd.sys [90200 2014-01-24] (Blue Coat Systems, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S4 gfiark; C:\WINDOWS\System32\drivers\gfiark.sys [33616 2012-12-17] (GFI Software)
S4 gfibto; C:\WINDOWS\System32\drivers\gfibto.sys [13560 2013-06-30] (GFI Software)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R1 OADevice; C:\WINDOWS\system32\drivers\OADriver.sys [210360 2013-10-11] ()
R1 oahlpXX; C:\WINDOWS\system32\drivers\oahlp32.sys [44984 2013-10-11] ()
R1 OAmon; C:\WINDOWS\system32\drivers\OAmon.sys [34856 2013-10-11] (Emsisoft)
R1 OAnet; C:\WINDOWS\system32\drivers\OAnet.sys [31912 2013-10-11] (Emsisoft)
S4 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458752 2007-11-08] (PixArt Imaging Inc.) [File not signed]
S4 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S4 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)
R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 00:04 - 2015-01-01 00:05 - 00018613 _____ () C:\Documents and Settings\Baila\Desktop\FRST.txt
2015-01-01 00:04 - 2015-01-01 00:04 - 00000000 ____D () C:\FRST
2015-01-01 00:00 - 2015-01-01 00:00 - 01114624 _____ (Farbar) C:\Documents and Settings\Baila\Desktop\FRST.exe
2014-12-31 22:50 - 2014-12-31 22:55 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Pessy\Desktop\rkill.com
2014-12-31 22:13 - 2014-12-31 22:13 - 01940728 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Baila\Desktop\rkill.com
2014-12-30 07:18 - 2014-12-30 07:18 - 00140792 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-12-29 23:19 - 2014-12-29 23:19 - 00000000 ____D () C:\Documents and Settings\Pessy\Local Settings\Application Data\CutePDF Writer
2014-12-29 22:56 - 2014-12-30 08:48 - 00000000 ____D () C:\Documents and Settings\Baila\Local Settings\Application Data\CutePDF Writer
2014-12-29 22:52 - 2014-12-29 23:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
2014-12-29 22:52 - 2012-03-11 14:55 - 00088656 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2014-12-29 14:41 - 2014-12-30 19:48 - 00000000 ____D () C:\Documents and Settings\Baila\My Documents\Medicare and SS
2014-12-26 01:38 - 2014-12-31 23:26 - 00009261 _____ () C:\WINDOWS\setupapi.log
2014-12-16 09:56 - 2008-04-14 05:42 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2014-12-16 09:56 - 2001-08-17 22:36 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2014-12-16 03:01 - 2014-12-16 03:01 - 00000000 ____D () C:\SUPERDelete
2014-12-16 01:25 - 2014-12-16 01:39 - 00000000 ____D () C:\Documents and Settings\Baila\Start Menu\Programs\Unlocker
2014-12-14 15:33 - 2014-12-14 15:33 - 00001604 _____ () C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
2014-12-14 15:33 - 2014-12-14 15:33 - 00000000 ____D () C:\Program Files\QuickTime
2014-12-14 15:33 - 2014-12-14 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-12-08 23:31 - 2014-12-31 23:56 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 23:30 - 2014-12-08 23:30 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 23:30 - 2014-12-08 23:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 23:30 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-08 23:30 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-05 10:38 - 2014-12-05 10:38 - 00270192 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-04 13:07 - 2014-12-30 00:18 - 00001209 _____ () C:\Documents and Settings\Baila\Desktop\Impact Energy starters.txt
2014-12-04 02:39 - 2014-12-31 22:47 - 00051200 _____ () C:\Documents and Settings\Baila\My Documents\Budget.xls
2014-12-02 09:13 - 2014-12-02 09:13 - 00000000 ____D () C:\Documents and Settings\Baila\Application Data\AVAST Software

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 00:05 - 2014-05-13 05:17 - 00000000 ____D () C:\Documents and Settings\Pessy\Local Settings\Temp
2015-01-01 00:01 - 2014-05-13 04:16 - 00000178 ___SH () C:\Documents and Settings\Pessy\ntuser.ini
2015-01-01 00:00 - 2013-06-30 12:43 - 00000000 ____D () C:\Documents and Settings\Baila\Local Settings\temp
2014-12-31 23:37 - 2014-08-21 03:27 - 00037081 _____ () C:\WINDOWS\wiadebug.log
2014-12-31 23:28 - 2014-04-08 23:39 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-12-31 23:26 - 2014-08-21 03:24 - 01946427 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-31 22:48 - 2003-07-16 11:46 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-12-31 15:30 - 2013-12-12 15:31 - 00000258 _____ () C:\WINDOWS\Tasks\Synchronize.job
2014-12-31 12:40 - 2014-12-01 12:40 - 00000362 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-12-31 07:57 - 2014-08-21 03:27 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-12-31 07:57 - 2009-06-15 08:44 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-31 02:26 - 2014-08-21 03:27 - 00032480 _____ () C:\WINDOWS\SchedLgU.Txt
2014-12-31 02:26 - 2009-06-15 09:12 - 00000178 ___SH () C:\Documents and Settings\Baila\ntuser.ini
2014-12-29 23:17 - 2014-10-31 13:21 - 00000000 ____D () C:\Program Files\GPLGS
2014-12-29 23:15 - 2014-10-31 13:25 - 00000000 ____D () C:\Program Files\Acro Software
2014-12-29 22:55 - 2014-10-24 04:41 - 00000664 _____ () C:\Documents and Settings\Baila\Local Settings\Application Data\d3d9caps.tmp
2014-12-29 00:48 - 2013-12-16 19:06 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-21 17:00 - 2011-02-09 01:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2476687$
2014-12-18 10:42 - 2014-05-13 04:16 - 00000000 ____D () C:\Documents and Settings\Pessy
2014-12-16 14:50 - 2014-05-30 01:39 - 00000000 ____D () C:\Documents and Settings\Pessy\Local Settings\Application Data\Paint.NET
2014-12-14 17:48 - 2014-10-22 15:05 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-12-14 17:48 - 2014-10-22 15:05 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-12-14 17:48 - 2014-10-03 05:10 - 00000000 ____D () C:\Documents and Settings\Pessy\Local Settings\Application Data\Adobe
2014-12-14 15:36 - 2013-07-11 21:24 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-14 15:20 - 2009-06-21 21:48 - 109818608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 01:16 - 2014-11-19 18:03 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-08 23:30 - 2014-05-04 22:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 02:40 - 2014-01-14 04:42 - 00000000 ____D () C:\Documents and Settings\Administrator.BAILA
2014-12-07 15:32 - 2009-06-15 09:12 - 00000000 ____D () C:\Documents and Settings\Baila
2014-12-04 02:47 - 2014-11-27 01:19 - 00015872 _____ () C:\Documents and Settings\Baila\My Documents\avg daily balances 2013_2014.xls
2014-12-04 02:31 - 2010-01-19 14:21 - 00000000 ____D () C:\Documents and Settings\Baila\Local Settings\Application Data\Help
2014-12-02 09:14 - 2012-09-04 15:23 - 00000000 ____D () C:\Documents and Settings\Baila\Local Settings\Application Data\Temp

Some content of TEMP:
====================
C:\Documents and Settings\Pessy\Local Settings\Temp\AskSLib.dll
C:\Documents and Settings\Pessy\Local Settings\Temp\converter.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

***************************

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 28-12-2014
Ran by Pessy at 2015-01-01 00:06:04
Running from C:\Documents and Settings\Baila\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall (Disabled) {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

100% Free Chess 7.30 (HKLM\...\FreeChess) (Version: 7.30 - DreamQuest)
AbleWord v2.1 (HKLM\...\AbleWord_is1) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Blue Coat K9 Web Protection (HKLM\...\Blue Coat K9 Web Protection) (Version: 4.4.276 - Blue Coat Systems, Inc.)
BOWEP setup (HKLM\...\BOWEP setup) (Version:  - )
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{612B9183-67A9-4B44-9877-2F059E35B86A}) (Version: 10.04.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}) (Version: 9.03.01 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Desktop Taipei version 2.2 (HKLM\...\Desktop Taipei_is1) (Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
FileHippo.com Update Checker (HKLM\...\FileHippo.com) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
Kiran's Typing Tutor 1.0 (HKLM\...\Kiran's Typing Tutor_is1) (Version: 1.0 - Kiran)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Excel 97 (HKLM\...\Excel) (Version:  - )
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Publisher 98 (HKLM\...\MSPUB5) (Version:  - )
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word 97 (HKLM\...\Word8.0) (Version:  - )
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}) (Version: 1.0.17.2 - )
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{AEB9948B-4FF2-47C9-990E-47014492A0FE}) (Version: 6.00.3883.8 - Microsoft Corporation)
NetZero Internet (HKLM\...\{6c651250-2eb2-11d5-8e33-0050dad72ac2}) (Version: 8.9.0.0 - NetZero, Inc.)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Online Armor 7.0 (HKLM\...\OnlineArmor_is1) (Version: 7.0 - Emsisoft GmbH)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PC Camera (HKLM\...\{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}) (Version: 1.0.20 - ANC)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Should I Remove It (HKU\S-1-5-21-1454471165-1844237615-839522115-1003\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows PowerShell™ 1.0 MUI pack (HKLM\...\KB926141) (Version: 2 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
XPS Essentials Pack (HKLM\...\{6A69D94E-C569-4154-9643-72E94D1DDFDA}) (Version: 1.0.6000 - Microsoft Corporation)
XPS Essentials Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-11-2014 12:10:37 System Checkpoint
26-11-2014 12:10:43 Revo Uninstaller's restore point - Mozilla Maintenance Service
26-11-2014 12:10:49 Revo Uninstaller's restore point - Mozilla Maintenance Service
21-11-2014 00:22:09 System Checkpoint
23-11-2014 21:45:53 System Checkpoint
24-11-2014 22:55:26 System Checkpoint
26-11-2014 03:36:44 System Checkpoint
26-11-2014 12:07:35 avast! antivirus system restore point
27-11-2014 14:19:16 System Checkpoint
30-11-2014 03:38:10 System Checkpoint
30-11-2014 18:14:48 before working with foxit
01-12-2014 03:06:57 Restore Operation
01-12-2014 03:10:16 Restore Operation
01-12-2014 11:59:34 avast! antivirus system restore point
01-12-2014 12:53:13 avast! antivirus system restore point
02-12-2014 19:07:03 System Checkpoint
03-12-2014 19:27:59 System Checkpoint
04-12-2014 20:01:43 System Checkpoint
07-12-2014 23:02:48 System Checkpoint
09-12-2014 00:48:43 System Checkpoint
10-12-2014 12:04:40 System Checkpoint
11-12-2014 14:02:47 System Checkpoint
12-12-2014 14:09:56 System Checkpoint
13-12-2014 15:09:56 System Checkpoint
14-12-2014 15:19:14 Software Distribution Service 3.0
15-12-2014 16:31:07 System Checkpoint
16-12-2014 01:54:41 Revo Uninstaller's restore point - Unlocker 1.9.2
16-12-2014 01:56:08 Revo Uninstaller's restore point - Unlocker 1.9.2
17-12-2014 03:02:32 System Checkpoint
18-12-2014 11:01:07 System Checkpoint
21-12-2014 17:21:37 System Checkpoint
22-12-2014 17:57:42 System Checkpoint
23-12-2014 22:42:49 System Checkpoint
25-12-2014 00:54:10 System Checkpoint
26-12-2014 10:50:38 System Checkpoint
28-12-2014 10:38:34 System Checkpoint
29-12-2014 13:25:11 System Checkpoint
29-12-2014 22:52:05 Printer Driver CutePDF Writer Installed
29-12-2014 23:10:42 Revo Uninstaller's restore point - CutePDF Writer 3.0
29-12-2014 23:12:55 Revo Uninstaller's restore point - CutePDF Writer 3.0
29-12-2014 23:16:17 Printer Driver CutePDF Writer Installed
31-12-2014 00:57:07 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2003-07-16 11:23 - 2013-06-30 22:46 - 00000698 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job => c:\Program Files\Microsoft IntelliPoint\ipoint.exe
Task: C:\WINDOWS\Tasks\Synchronize.job => C:\WINDOWS\system32\mobsync.exe

==================== Loaded Modules (whitelisted) =============

2014-12-31 22:18 - 2014-12-31 22:19 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14123101\algo.dll
2014-12-29 22:52 - 2012-03-11 14:55 - 00088656 _____ () C:\WINDOWS\system32\cpwmon2k.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\WINDOWS\IsUninst.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\IsUninst.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:SummaryInformation
AlternateDataStreams: C:\WINDOWS\system32\cleanmgr.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR

========================= Accounts: ==========================

Admin (S-1-5-21-1454471165-1844237615-839522115-1065 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-1454471165-1844237615-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator.BAILA
ASPNET (S-1-5-21-1454471165-1844237615-839522115-1005 - Limited - Enabled)
Baila (S-1-5-21-1454471165-1844237615-839522115-1003 - Limited - Enabled) => %SystemDrive%\Documents and Settings\Baila
esti (S-1-5-21-1454471165-1844237615-839522115-1063 - Limited - Enabled) => %SystemDrive%\Documents and Settings\esti
Guest (S-1-5-21-1454471165-1844237615-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1454471165-1844237615-839522115-1000 - Limited - Disabled)
Pessy (S-1-5-21-1454471165-1844237615-839522115-1062 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Pessy
SUPPORT_388945a0 (S-1-5-21-1454471165-1844237615-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: HL-DT-ST DVD+-RW GSA-H73N
Description: CD-ROM Drive
Class Guid: {4D36E965-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to change the device start type parameter in the registry.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/30/2014 10:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 34.0.5.5443, faulting module mozalloc.dll, version 34.0.5.5443, fault address 0x00001425.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (12/15/2014 02:17:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application avastui.exe, version 10.0.2208.726, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [avastui.exe!ws!]

Error: (12/01/2014 03:36:12 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.

Error: (11/19/2014 03:54:19 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (888) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/12/2014 07:09:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ClamWin.exe, version 0.0.0.0, faulting module python23.dll, version 0.0.0.0, fault address 0x000443ee.
Processing media-specific event for [ClamWin.exe!ws!]

Error: (11/11/2014 08:29:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application acrord32.exe, version 11.0.8.4, faulting module acrord32.dll, version 11.0.8.4, fault address 0x000d750c.
Processing media-specific event for [acrord32.exe!ws!]

Error: (11/10/2014 06:09:27 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (920) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/10/2014 06:09:26 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (920) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/10/2014 06:09:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (920) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (11/10/2014 06:09:24 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost (920) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (12/30/2014 08:51:00 AM) (Source: Print) (EventID: 6161) (User: BAILA)
Description: The document Your Medicare Health Plan Details owned by Baila failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 45112132. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\BAILA. Win32 error code returned by the print processor: Your Medicare Health Plan Details0. Your Medicare Health Plan Details1

Error: (12/30/2014 08:46:56 AM) (Source: Print) (EventID: 6161) (User: BAILA)
Description: The document Your Medicare Health Plan Details owned by Baila failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 45117088. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\BAILA. Win32 error code returned by the print processor: Your Medicare Health Plan Details0. Your Medicare Health Plan Details1

Error: (12/30/2014 08:46:53 AM) (Source: Print) (EventID: 6161) (User: BAILA)
Description: The document Your Medicare Health Plan Details owned by Baila failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 44248396. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\BAILA. Win32 error code returned by the print processor: Your Medicare Health Plan Details0. Your Medicare Health Plan Details1

Error: (12/30/2014 08:32:48 AM) (Source: Print) (EventID: 6161) (User: BAILA)
Description: The document Your Medicare Health Plan Details owned by Baila failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 45555592. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\BAILA. Win32 error code returned by the print processor: Your Medicare Health Plan Details0. Your Medicare Health Plan Details1

Error: (12/30/2014 08:22:13 AM) (Source: Print) (EventID: 6161) (User: BAILA)
Description: The document Your Medicare Health Plan Comparison owned by Baila failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 50702380. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\BAILA. Win32 error code returned by the print processor: Your Medicare Health Plan Comparison0. Your Medicare Health Plan Comparison1

Error: (12/29/2014 11:58:09 PM) (Source: Print) (EventID: 6161) (User: BAILA)
Description: The document Test Page owned by Baila failed to print on printer CutePDF Writer. Data type: NT EMF 1.008. Size of the spool file in bytes: 90400. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\BAILA. Win32 error code returned by the print processor: Test Page0. Test Page1

Error: (12/29/2014 10:27:15 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.8.2 for the Network Card with network address 001372392AB3 has been
denied by the DHCP server 192.168.8.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/17/2014 06:18:31 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.8.2 for the Network Card with network address 001372392AB3 has been
denied by the DHCP server 192.168.8.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/17/2014 02:14:30 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.8.2 for the Network Card with network address 001372392AB3 has been
denied by the DHCP server 192.168.8.1 (The DHCP Server sent a DHCPNACK message).

Error: (12/17/2014 01:27:48 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.8.2 for the Network Card with network address 001372392AB3 has been
denied by the DHCP server 192.168.8.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (12/30/2014 10:14:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe34.0.5.5443mozalloc.dll34.0.5.544300001425

Error: (12/15/2014 02:17:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: avastui.exe10.0.2208.7260.0.0.000000000

Error: (12/01/2014 03:36:12 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabThe data is invalid.

Error: (11/19/2014 03:54:19 PM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost888C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/12/2014 07:09:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ClamWin.exe0.0.0.0python23.dll0.0.0.0000443ee

Error: (11/11/2014 08:29:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: acrord32.exe11.0.8.4acrord32.dll11.0.8.4000d750c

Error: (11/10/2014 06:09:27 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost920C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/10/2014 06:09:26 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost920C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/10/2014 06:09:25 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost920C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (11/10/2014 06:09:24 AM) (Source: ESENT) (EventID: 490) (User: )
Description: svchost920C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 44%
Total physical RAM: 1982.42 MB
Available physical RAM: 1094.52 MB
Total Pagefile: 3875.71 MB
Available Pagefile: 2996.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.09 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.82 GB) (Free:204.95 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.8 GB) (Disk ID: C0000000)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 01 January 2015 - 12:59 AM

Thank you for the logs! :)

Please allow me some time to analyze them, and I'll get back to you as soon as I can!

I'd also like to wish you a healthy and happy new year as well!

bloopie

#7 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 01 January 2015 - 04:40 PM

Hello again, and happy 2015!! :thumbsup:
 
Okay after analyzing your logs, malware is certainly not the cause of your issues...so that's good! :)
 
A reinstall of Firefox should fix your "tabs opening by themselves" issue, but if you really don't want to do that, then we could try something else as a bit of a test. I've crafted a fix that may, or may not solve this problem, but you won't have to fully reinstall Firefox to test it. :lol:
 
The idea behind my fix is to remove entries related to your google update and gmail, within firefox. If you're unhappy with the result, you can either try a system restore to before the fix, try to re-enter these settings through firefox usage, or "reset firefox". But the latter (resetting firefox), should take care of the original problem.
 
==========
 
Okay, this next fix with FRST may make some minor changes to your IE as well (which you aren't using anyway). I'm interested to see if this fix will work, but you are not obligated to run the fix. The other choice you have is to "reset firefox". This is ultimately up to you, and I'm sorry that I haven't found anything else more relevant either.

Here are the instructions for the FRST fix:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    Attached File  fixlist.txt   1.83KB   5 downloads
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

Please post the fixlog in your next reply and let me know how things are running afterwards!

bloopie



#8 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 05 January 2015 - 09:54 AM

I did not run your fix yet. can you elaborate a little on what things you expect to change with this fix? are you talking about registry entries and cookies related to gmail and google? aren't those stored online in my gmail account? Or do you mean any shortcuts, or extensions, or addons, or bookmarks that somehow relate to google. I know this is an experiment, but I'd feel better knowing what we are trying to do, because, once in a while, system restore does not work...

 

I know that my alternate solution is to reset firefox. Does that mean in every user account, individually?

 

thank you so much for your time!

 

Alyab123



#9 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 05 January 2015 - 09:14 PM

Hello again,

 

My time and help are my pleasure!! :thumbup2:

 

Or do you mean any shortcuts, or extensions, or addons, or bookmarks that somehow relate to google.

Yes, these are merely related to Firefox plugin's and search plugin's. They should not affect any bookmarks or anything like that at all. :)
 

I know that my alternate solution is to reset firefox. Does that mean in every user account, individually?

Reinstalling Firefox is easier than you think. Have a look at these links (and yes, you need to login and do this for each user logon as they each have a separate profile):

==========

 

Let me know how you make out! :)

 

bloopie



#10 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 11 January 2015 - 12:11 PM

Hello again,

 

It has been several days since my last post. If you still wish to receive help, please follow the instructions in my previous post.

 

If you do not respond in another 48hours, I will be forced to close this topic!

 

bloopie



#11 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 11 January 2015 - 02:27 PM

I have been very busy and for some reason gmail tabs have not been self-opening in the last few days. I don't have any clue why. I haven't done any changing, or restorations or anything, not even removal of any pups. I haven't tried your fix yet. the mystery deepens!

I'm not ready to close the matter, because I'm not yet confident that the issue really stopped. I want to give it a bit more time, before I just forget about it.

 

Thank you.



#12 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 11 January 2015 - 08:33 PM

Hello again,

 

If you need more time, that's okay. Thanks for letting me know!

 

I will keep the topic open longer to accommodate, and I will ask again in another 5 days if you're not back by then! :wink:

 

Good luck!

 

bloopie



#13 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 16 January 2015 - 03:15 PM

I haven't forgotten about this. Gmail sometimes scrolls a bit unpredictably, but the gmail tabs opening by themself has pretty much stopped. Still, I think I may bite the bullet and consider resetting firefox. It's many years that I've been using the same profile, and it takes very long to open. I wonder if there's some minor corruption. I will use your links to guide me to use it without too much confusion.

 

I hope I get to this early next week...

 

Have a great weekend.



#14 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:02:56 AM

Posted 16 January 2015 - 08:12 PM

Thanks for letting me know! :)
 

Gmail sometimes scrolls a bit unpredictably, but the gmail tabs opening by themself has pretty much stopped.

That's good to hear. I also agree there could be some corruption, either with the Firefox installation itself, or on the hard disk (I can't tell which just yet), but it's good to hear some improvement! :wink:
 

I hope I get to this early next week...

Not a problem, but be sure to save your settings (bookmarks and such), so that re-installation will be easier.
 
==========
 
It wouldn't hurt to run a disc check in the meantime either (could take time to run). Instructions on this are below:
 
Use the Windows Error Checking utility (Check Disk), with the options to scan the disk surface for errors, and attempt recovery of data and repair the disk.

  • Open "My Computer"
  • Right-click on the drive that you wish to check > Properties > Tools > and in the "Error checking" section, click on "Check now".
  • Place a tick in both boxes > Start.
  • If the disk you have chosen is the system disk:
    • A message will notify you that a restart is necessary: Click OK, and close all windows.
    • Re-start the computer. The disk will be checked when the system boots.
      This test will take some time to run and at times may appear stalled but just let it run.
    • When the disk check is complete, the system will re-start automatically and load Windows.

A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Go to Start > Run > and type eventvwr and press the <ENTER> key.
    The Event Viewer window will open.
  • In the left pane, click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Double-click on that entry to view the log.
  • Click on the copybutton.jpg button to copy the log text to the clipboard.
  • Please paste the log text into your next reply.

==========

Just a thought, and worth a try. :wink:

==========

I hope you enjoy your weekend as well! :thumbup2:

 

Good Luck!

bloopie



#15 Alyab123

Alyab123
  • Topic Starter

  • Members
  • 71 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:56 AM

Posted 22 January 2015 - 10:31 PM

Hello again, Bloopie

I tried to run Frst.exe

It is on my desktop.

I got a windows error message: FRST.exe has encountered a problem and needs to close.  We are sorry for the inconvenience.

I clicked on the details and I got this:

Error Signature
AppName: frst.exe     AppVer: 28.12.2014.0     ModName: frst.exe
ModVer: 28.12.2014.0     Offset: 0001f3d9

 

So I figured the whole thing didn't work.

but then I noticed, I have a fixlog.txt file on my desktop.

 

Here are the contents. Can you tell if it actually ran, or if it just tried to and failed?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-12-2014
Ran by Baila at 2015-01-22 22:24:37 Run:3
Running from C:\Documents and Settings\Baila\Desktop
Loaded Profile: Baila (Available profiles: Baila & Pessy & esti & Admin & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1454471165-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> {2D59A26F-65DA-4A5C-AFEF-96E62977B847} URL =
SearchScopes: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL =
Toolbar: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> No Name - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} -  No File
Toolbar: HKU\S-1-5-21-1454471165-1844237615-839522115-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Documents and Settings\Pessy\Application Data\Mozilla\Firefox\Profiles\8k3b0d0i.default\searchplugins\startpage-ssl.xml
EmptyTemp:
*****************

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Value not found.
HKU\S-1-5-21-1454471165-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users