Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websites are redirecting


  • This topic is locked This topic is locked
19 replies to this topic

#1 tbltns

tbltns

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 23 July 2017 - 09:34 AM

When I go to certain websites that I always use, like Yahoo, it will redirect to a different website like to buy a car or something else that I wasn't intending on going to.  It continues until I close out of Firefox and restart.  Then comes back after a while.  Thank you.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-07-2017
Ran by D (administrator) on D-53DCF107D16B4 (23-07-2017 10:25:14)
Running from C:\Documents and Settings\D\Desktop
Loaded Profiles: D (Available Profiles: D)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehRecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\WINDOWS\ehome\mcrdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-07-27] (SigmaTel, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [36975 2005-11-10] (Sun Microsystems, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-10-19] (AVAST Software)
HKU\S-1-5-21-2052111302-1292428093-682003330-1003\...\MountPoints2: E - E:\LaunchU3.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{63A27334-0763-4543-817F-AF654CBB0F2F}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2052111302-1292428093-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2052111302-1292428093-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2052111302-1292428093-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <==== ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10] (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

FireFox:
========
FF DefaultProfile: fpc9hk33.default
FF ProfilePath: C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\fpc9hk33.default [2017-07-23]
FF DefaultSearchEngine.US: C:\Documents and Settings\D\Application Data\Mozilla\Firefox\Profiles\fpc9hk33.default -> Google
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-19]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-19]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-26] (Google Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-25]
CHR Extension: (Google Slides) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-27]
CHR Extension: (Google Docs) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-27]
CHR Extension: (Google Drive) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-27]
CHR Extension: (YouTube) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-27]
CHR Extension: (Google Search) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-27]
CHR Extension: (Google Sheets) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-27]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-09]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-02]
CHR Extension: (Gmail) - C:\Documents and Settings\D\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-06-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aspnet_state; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [32768 2004-07-15] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-14] (AVAST Software)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [174024 2017-06-29] (Mozilla Foundation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2006-06-19] (Advanced Micro Devices)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [32792 2016-06-14] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-06-14] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [91168 2016-06-14] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [64272 2016-06-14] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [58776 2016-06-14] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [815792 2016-06-14] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [449640 2016-06-14] (AVAST Software)
R3 aswStmXP; C:\WINDOWS\system32\drivers\aswStmXP.sys [187208 2016-06-14] (AVAST Software)
S3 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [67216 2016-06-14] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-10-19] (AVAST Software)
S0 cercsr6; C:\WINDOWS\system32\Drivers\cercsr6.sys [39904 2004-12-13] (Adaptec, Inc.) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-10] ()
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1171464 2006-07-27] (SigmaTel, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 10:25 - 2017-07-23 10:27 - 00010450 _____ C:\Documents and Settings\D\Desktop\FRST.txt
2017-07-23 10:24 - 2017-07-23 10:25 - 00000000 ____D C:\FRST
2017-07-23 10:24 - 2017-07-23 10:24 - 01778176 _____ (Farbar) C:\Documents and Settings\D\Desktop\FRST.exe
2017-07-19 10:46 - 2017-07-19 10:47 - 00016539 _____ C:\Documents and Settings\D\Desktop\tp.jpeg
2017-06-29 21:39 - 2017-07-22 23:12 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-23 10:27 - 2015-10-31 12:11 - 00000000 ____D C:\Documents and Settings\D\Local Settings\Temp
2017-07-23 09:59 - 2015-11-27 18:47 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-07-23 09:54 - 2016-06-15 17:30 - 00000462 _____ C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1466026233.job
2017-07-23 09:54 - 2015-10-31 13:13 - 00081191 _____ C:\WINDOWS\system32\nvapps.xml
2017-07-23 09:53 - 2015-12-28 23:14 - 00000354 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2017-07-23 09:53 - 2015-11-27 18:47 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2017-07-23 09:49 - 2015-10-31 12:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-23 09:49 - 2015-10-31 12:03 - 00000000 ____D C:\WINDOWS\Registration
2017-07-22 23:58 - 2015-10-31 18:59 - 00004568 _____ C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt
2017-07-22 23:58 - 2015-10-31 12:11 - 00000178 ___SH C:\Documents and Settings\D\ntuser.ini
2017-07-22 23:58 - 2015-10-31 12:10 - 00032636 _____ C:\WINDOWS\SchedLgU.Txt
2017-07-22 15:43 - 2015-10-31 12:11 - 00000000 ____D C:\Documents and Settings\D
2017-07-13 22:12 - 2004-08-10 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-07-01 09:27 - 2015-10-31 09:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2015-10-31 12:16 - 2015-10-31 12:16 - 0000124 _____ () C:\Documents and Settings\D\Local Settings\Application Data\fusioncache.dat

Some files in TEMP:
====================
2015-04-13 12:25 - 2015-04-13 12:25 - 0938408 _____ (Oracle Corporation) C:\Documents and Settings\D\Local Settings\Temp\jre-7u79-windows-i586-iftw_59f7da76.exe
2016-04-30 15:05 - 2006-10-28 02:30 - 0145184 ____R (Microsoft Corporation) C:\Documents and Settings\D\Local Settings\Temp\ose00000.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by D (23-07-2017 10:28:32)
Running from C:\Documents and Settings\D\Desktop
Microsoft Windows XP Professional Service Pack 2 (X86) (2015-10-31 16:09:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2052111302-1292428093-682003330-500 - Administrator - Enabled)
ASPNET (S-1-5-21-2052111302-1292428093-682003330-1004 - Limited - Enabled)
D (S-1-5-21-2052111302-1292428093-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\D
Guest (S-1-5-21-2052111302-1292428093-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-2052111302-1292428093-682003330-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-2052111302-1292428093-682003330-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Shockwave Player 12.2 (HKLM\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Athlon 64 Processor Driver (HKLM\...\{C151CE54-E7EA-4804-854B-F515368B0798}) (Version: 1.3.2.0 - )
ATI Parental Control & Encoder (HKLM\...\{36CDA33B-909B-4719-97D1-C4B99309BDC7}) (Version: 3.0 - ATI Technologies Inc.) Hidden
Avast Free Antivirus (HKLM\...\Avast) (Version: 11.2.2262 - AVAST Software)
Broadcom 440x 10/100 Integrated Controller (HKLM\...\{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}) (Version: 8.06.09 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}) (Version: 9.03.01 - Broadcom Corporation)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
J2SE Runtime Environment 5.0 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0150060}) (Version: 1.5.0.60 - Sun Microsystems, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Modem Diagnostic Tool (HKLM\...\{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}) (Version: 1.0.17.2 - )
Mozilla Firefox 52.2.1 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.2.1 ESR (x86 en-US)) (Version: 52.2.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.2.1.6387 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
SafeZone Stable 1.48.2066.101 (HKLM\...\SafeZone 1.48.2066.101) (Version: 1.48.2066.101 - Avast Software) Hidden
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4820.0 - SigmaTel)
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
WebFldrs XP (HKLM\...\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows XP Hotfix - KB839210 (HKLM\...\KB839210) (Version: 1 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-14] (AVAST Software)
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-14] (AVAST Software)
ContextMenuHandlers03: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-14] (AVAST Software)
ContextMenuHandlers05: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\WINDOWS\system32\nvshell.dll [2006-08-23] ()
ContextMenuHandlers05: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\WINDOWS\system32\nvcpl.dll [2006-08-23] (NVIDIA Corporation)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-06-14] (AVAST Software)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SafeZone scheduled Autoupdate 1466026233.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Documents and Settings\All Users\Desktop\ESPN Motion.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> hxxp://espn.go.com/motion/detect.html

==================== Loaded Modules (Whitelisted) ==============

2015-12-28 23:13 - 2016-06-14 18:15 - 00123344 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-28 23:13 - 2016-06-14 18:15 - 00135816 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-07-22 11:14 - 2017-07-22 11:14 - 05886720 _____ () C:\Program Files\AVAST Software\Avast\defs\17072200\algo.dll
2017-07-23 09:50 - 2017-07-23 09:50 - 05886720 _____ () C:\Program Files\AVAST Software\Avast\defs\17072300\algo.dll
2016-04-14 17:49 - 2016-06-14 18:15 - 00479680 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-28 23:13 - 2016-06-14 18:15 - 00309912 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2004-08-10 07:00 - 2005-08-05 18:01 - 00282112 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2005-06-28 21:55 - 01287680 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2004-08-10 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2004-08-10 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-10-31 13:12 - 2006-08-23 18:12 - 00196608 _____ () C:\WINDOWS\system32\nvapi.dll
2015-12-28 23:13 - 2015-12-28 23:13 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2052111302-1292428093-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\D\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.2.1
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Enabled:@xpsp2res.dll,-22007

==================== Restore Points =========================

06-05-2017 10:09:21 System Checkpoint
07-05-2017 13:10:16 System Checkpoint
08-05-2017 17:34:01 System Checkpoint
09-05-2017 19:05:45 System Checkpoint
10-05-2017 19:21:39 System Checkpoint
11-05-2017 20:17:53 System Checkpoint
12-05-2017 20:46:20 System Checkpoint
13-05-2017 20:58:45 System Checkpoint
15-05-2017 18:35:57 System Checkpoint
17-05-2017 18:25:20 System Checkpoint
18-05-2017 19:44:15 System Checkpoint
19-05-2017 20:22:55 System Checkpoint
20-05-2017 20:53:58 System Checkpoint
21-05-2017 23:17:16 System Checkpoint
23-05-2017 20:40:03 System Checkpoint
24-05-2017 21:22:53 System Checkpoint
26-05-2017 17:42:11 System Checkpoint
27-05-2017 18:33:46 System Checkpoint
29-05-2017 09:31:08 System Checkpoint
30-05-2017 22:10:03 System Checkpoint
01-06-2017 00:09:03 System Checkpoint
02-06-2017 21:50:23 System Checkpoint
03-06-2017 22:04:53 System Checkpoint
05-06-2017 17:58:30 System Checkpoint
06-06-2017 18:23:06 System Checkpoint
07-06-2017 18:29:54 System Checkpoint
08-06-2017 19:05:43 System Checkpoint
10-06-2017 10:08:13 System Checkpoint
11-06-2017 13:08:35 System Checkpoint
12-06-2017 18:13:44 System Checkpoint
13-06-2017 19:07:28 System Checkpoint
14-06-2017 19:13:56 System Checkpoint
15-06-2017 21:51:19 System Checkpoint
16-06-2017 21:58:10 System Checkpoint
18-06-2017 09:53:57 System Checkpoint
19-06-2017 18:00:58 System Checkpoint
20-06-2017 18:18:25 System Checkpoint
22-06-2017 17:54:54 System Checkpoint
24-06-2017 10:05:07 System Checkpoint
25-06-2017 22:12:15 System Checkpoint
28-06-2017 18:19:15 System Checkpoint
01-07-2017 12:06:06 System Checkpoint
02-07-2017 13:15:14 System Checkpoint
03-07-2017 18:54:47 System Checkpoint
04-07-2017 19:44:20 System Checkpoint
05-07-2017 20:16:01 System Checkpoint
06-07-2017 20:51:05 System Checkpoint
07-07-2017 20:58:52 System Checkpoint
08-07-2017 21:08:28 System Checkpoint
12-07-2017 18:28:46 System Checkpoint
15-07-2017 13:29:43 System Checkpoint
16-07-2017 13:36:09 System Checkpoint
17-07-2017 14:15:34 System Checkpoint
18-07-2017 17:59:56 System Checkpoint
19-07-2017 18:29:02 System Checkpoint
20-07-2017 19:23:46 System Checkpoint
21-07-2017 19:39:40 System Checkpoint
22-07-2017 20:42:50 System Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (07/23/2017 09:53:53 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/23/2017 09:49:22 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/22/2017 11:25:36 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/22/2017 11:20:54 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/22/2017 09:54:47 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (07/22/2017 07:59:04 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/22/2017 07:58:22 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/22/2017 03:13:18 PM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/22/2017 11:14:42 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.

Error: (07/22/2017 08:52:33 AM) (Source: Schannel) (EventID: 4108) (User: )
Description: The certificate received from the remote server has not validated correctly. The
error code is 0x80096004. The SSL connection request has failed. The attached data contains
the server certificate.


==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 85%
Total physical RAM: 958.42 MB
Available physical RAM: 143.26 MB
Total Virtual: 2314.26 MB
Available Virtual: 1206.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:144.33 GB) (Free:122.29 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: E686F016)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=144.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.6 GB) - (Type=DB)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:46 PM

Posted 26 July 2017 - 03:40 PM

Greetings tbltns and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Does this only happen when using Firefox?

You are running dangerously low on free memory space. This will not cause redirects but it can negatively affect overall computer performance.
 

Percentage of memory in use: 85%
Total physical RAM: 958.42 MB


Please do this.

===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
ExportKey: "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs"
SearchScopes: HKLM -> DefaultScope value is missing
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Only happen with Firefox?
  • AdwCleaner log
  • MTB.txt
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 tbltns

tbltns
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 26 July 2017 - 09:50 PM

Hello, I'm Lora.

I only use Firefox because I have had problems with Internet Explorer in the past.

 

For the first step, I downloaded AdwCleaner, but when I run it, it says that is not a valid Win32 application.  So I stopped there.

 

 

Thanks for your help.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:46 PM

Posted 26 July 2017 - 10:21 PM

Hi Lora,

 

Skip AdwCleaner and complete the other steps. I am logging off for the evening but will be back online early in the morning.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 tbltns

tbltns
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 27 July 2017 - 10:54 PM

I was only able to run MiniToolBox, because I don't know an administrator password to run FRST.

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by D (administrator) on 27-07-2017 at 23:49:22
Running from "C:\Documents and Settings\D\Desktop"
Microsoft Windows XP Professional Service Pack 2 (X86)
Model: Dimension C521 Manufacturer: Dell Inc
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration         
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



        Host Name . . . . . . . . . . . . : d-53dcf107d16b4

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : Belkin



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : Belkin

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-13-72-39-C9-6E

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.2.3

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.2.1

        DHCP Server . . . . . . . . . . . : 192.168.2.1

        DNS Servers . . . . . . . . . . . : 192.168.2.1

        Lease Obtained. . . . . . . . . . : Thursday, July 27, 2017 10:23:58 PM

        Lease Expires . . . . . . . . . . : Monday, January 18, 2038 11:14:07 PM

Server:  UnKnown
Address:  192.168.2.1

Name:    google.com
Address:  216.58.216.78



Pinging google.com [216.58.216.78] with 32 bytes of data:



Reply from 216.58.216.78: bytes=32 time=33ms TTL=55

Reply from 216.58.216.78: bytes=32 time=33ms TTL=55



Ping statistics for 216.58.216.78:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 33ms, Maximum = 33ms, Average = 33ms

Server:  UnKnown
Address:  192.168.2.1

Name:    yahoo.com
Addresses:  98.138.253.109, 206.190.36.45, 98.139.180.149



Pinging yahoo.com [98.138.253.109] with 32 bytes of data:



Reply from 98.138.253.109: bytes=32 time=47ms TTL=52

Reply from 98.138.253.109: bytes=32 time=47ms TTL=52



Ping statistics for 98.138.253.109:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 47ms, Maximum = 47ms, Average = 47ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 39 c9 6e ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1     192.168.2.3      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      192.168.2.0    255.255.255.0      192.168.2.3     192.168.2.3      20
      192.168.2.3  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.2.255  255.255.255.255      192.168.2.3     192.168.2.3      20
        224.0.0.0        240.0.0.0      192.168.2.3     192.168.2.3      20
  255.255.255.255  255.255.255.255      192.168.2.3     192.168.2.3      1
Default Gateway:       192.168.2.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [90112] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

**** End of log ****
 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:46 PM

Posted 28 July 2017 - 11:15 AM

Thank you.

 

Please just double click on the FRST icon. You are automatically an Administrator on Windows XP.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 tbltns

tbltns
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 28 July 2017 - 05:04 PM

Thanks, this is the log

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 18-07-2017
Ran by D (28-07-2017 17:58:23) Run:1
Running from C:\Documents and Settings\D\Desktop
Loaded Profiles: D (Available Profiles: D)
Boot Mode: Normal

==============================================

fixlist content:
*****************

CreateRestorePoint:
CloseProcesses:
ExportKey: "HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs"
SearchScopes: HKLM -> DefaultScope value is missing
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
================== ExportKey: ===================

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"DesktopItemNavigationFailure"="res://shdoclc.dll/navcancl.htm"
"NavigationFailure"="res://shdoclc.dll/navcancl.htm"
"NavigationCanceled"="res://shdoclc.dll/navcancl.htm"
"OfflineInformation"="res://shdoclc.dll/offcancl.htm"
"Home"="270"
"blank"="res://mshtml.dll/blank.htm"
"PostNotCached"="res://mshtml.dll/repost.htm"

=== End of ExportKey ===
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 9572 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/dllcache/drivers => 17780722 B
Edge => 0 B
Chrome => 48443103 B
Firefox => 39326390 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66164 B
All Users => 0 B
systemprofile => 120505 B
LocalService => 1076 B
NetworkService => 628 B
D => 45950921 B

RecycleBin => 163223128 B
EmptyTemp: => 300.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:59:41 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:46 PM

Posted 28 July 2017 - 05:33 PM

Thank you.

Please do this.

===================================================

Resetting Firefox

--------------------
  • Please review this information to understand what resetting Firefox will do
  • Click on the Menu button (3 horizontal bars in the top right corner of window)
  • Click the Help button (question mark - ?)
  • Click Troubleshooting Information
  • Click Refresh Firefox
  • Confirm the Reset
  • Firefox will close
  • Click Finish on the information window and Firefox will restart
  • Check your browser performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 tbltns

tbltns
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 30 July 2017 - 10:10 AM

It seems better now.  Firefox still crashes sometimes but at least not redirecting.  Thanks.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:46 PM

Posted 30 July 2017 - 03:43 PM

Well at least we are making some progress.

Please do this.

===================================================

Reviewing Firefox Crash Report

--------------------
  • Launch Firefox
  • In the address bar type about:crashes and press Enter
  • A list of links to your crash reports will appear
  • Left click on the most recent link and allow the information to populate
  • Please locate the following 2 lines:

Process Type
Crash Reason

  • Highlight both lines then hit the ctrl + C keys at the same time
  • Paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Firefox crash report information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 tbltns

tbltns
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 31 July 2017 - 08:33 PM

Process Type content (web) Crash Reason EXCEPTION_BREAKPOINT

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:46 PM

Posted 31 July 2017 - 09:11 PM

Thank you.

Type about:crashes again. On the page listing Report ID's, right click over the entry, select Copy Link Location, and paste that address in your reply. Do that for the last 3, if 3 are listed.


Edited by Oh My!, 31 July 2017 - 09:24 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 tbltns

tbltns
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 01 August 2017 - 10:23 PM

https://crash-stats.mozilla.com/report/index/bp-7654cd3c-6029-4084-902e-ead590170802

https://crash-stats.mozilla.com/report/index/bp-fac19f9c-fb1d-4956-8556-cc3050170802

https://crash-stats.mozilla.com/report/index/bp-6f689058-a98a-4349-992b-8a8540170802



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:46 PM

Posted 02 August 2017 - 07:33 AM

Thank you for the report information.

Please do this.

===================================================

Enabling Firefox Hardware Acceleration

-------------------
  • Launch Firefox
  • In the address bar type about:preferences#advanced and hit Enter
  • Place a check mark in Use hardware acceleration when available
  • Close the Firefox browser then relaunch it
  • Monitor the browser for crash activity
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 tbltns

tbltns
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:46 AM

Posted 03 August 2017 - 10:14 PM

Hello, that box was already checked.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users