Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Takeover


  • Please log in to reply
14 replies to this topic

#1 RedirectTakeover

RedirectTakeover

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 01 August 2011 - 10:06 AM

So, I'm pretty positive that I'm infected with a TDSS Redirect Virus.
I know, because I'm rarely not redirected to a different site when searching for something
I have run malwarebytes, TDSSkiller, Avast, Ad-Aware, and Super Anti-Spyware
and they've all come up with nothing at all
What can I do?
Thank you very much in advance for the help.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 PM

Posted 01 August 2011 - 09:36 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 02 August 2011 - 03:15 AM

Security Check Log
-------------------
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Thunderbird (5.0.) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````



MiniToolbox Log
----------------
MiniToolBox by Farbar
Ran by PJ (administrator) on 01-08-2011 at 21:56:48
Windows 7 Ultimate (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================




========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ForeverApc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
Physical Address. . . . . . . . . : 00-23-8B-28-68-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-6B-07-06-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A03B8C0B-59F8-412B-9764-D63D9135B020}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 23 8b 28 68 86 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
11...00 21 6b 07 06 c0 ......Intel® WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3960.87 MB
Available physical RAM: 2407.57 MB
Total Pagefile: 7919.88 MB
Available Pagefile: 6320.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.39 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:294.12 GB) (Free:233.53 GB) NTFS

========================= Users: ========================================

User accounts for \\FOREVERAPC

Administrator Guest PJ


== End of log ==



MalwareBytes Log
-----------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7351

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/1/2011 10:32:56 PM
mbam-log-2011-08-01 (22-32-56).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 271644
Time elapsed: 30 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER log
---------
Nothing

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 PM

Posted 02 August 2011 - 06:31 PM

When you ran MiniToolbox were you disconnected from the internet for some reason?

If so, reconnect and post fresh MiniToolbox log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 August 2011 - 01:35 AM

Here is MiniToolbox, definitely with the internet on

----------------------------

MiniToolBox by Farbar
Ran by PJ (administrator) on 02-08-2011 at 23:33:51
Windows 7 Ultimate (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================




========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ForeverApc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain_not_set.invalid

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
Physical Address. . . . . . . . . : 00-23-8B-28-68-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-6B-07-06-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd72:488d:79b:249b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 02, 2011 11:14:47 AM
Lease Expires . . . . . . . . . . : Wednesday, August 03, 2011 11:23:40 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184557931
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B1-41-47-00-23-8B-28-68-86
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.238.64.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{A03B8C0B-59F8-412B-9764-D63D9135B020}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1cfe:2d05:93f2:470f(Preferred)
Link-local IPv6 Address . . . . . : fe80::1cfe:2d05:93f2:470f%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.115
74.125.224.114
74.125.224.116
74.125.224.113
74.125.224.112


Pinging google.com [74.125.224.81] with 32 bytes of data:
Reply from 74.125.224.81: bytes=32 time=53ms TTL=56
Reply from 74.125.224.81: bytes=32 time=54ms TTL=56

Ping statistics for 74.125.224.81:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 54ms, Average = 53ms
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=132ms TTL=52
Reply from 67.195.160.76: bytes=32 time=129ms TTL=52

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 129ms, Maximum = 132ms, Average = 130ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 7ms, Average = 5ms
===========================================================================
Interface List
12...00 23 8b 28 68 86 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
11...00 21 6b 07 06 c0 ......Intel® WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.72 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.72 281
192.168.1.72 255.255.255.255 On-link 192.168.1.72 281
192.168.1.255 255.255.255.255 On-link 192.168.1.72 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.72 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.72 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:1cfe:2d05:93f2:470f/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::1cfe:2d05:93f2:470f/128
On-link
11 281 fe80::cd72:488d:79b:249b/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/02/2011 11:33:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 01:42:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 11:42:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 02:30:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:57:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:56:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:56:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:56:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/01/2011 08:58:00 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/01/2011 08:58:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (07/31/2011 00:08:14 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:04:50 PM on ?7/?31/?2011 was unexpected.

Error: (07/30/2011 09:54:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:50:10 PM on ?7/?30/?2011 was unexpected.

Error: (07/30/2011 08:49:15 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (07/30/2011 08:49:15 PM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/30/2011 08:49:15 PM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/30/2011 08:14:36 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/30/2011 01:36:46 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:34:26 AM on ?7/?30/?2011 was unexpected.

Error: (07/29/2011 02:47:58 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (08/02/2011 11:33:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 01:42:51 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 11:42:04 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 02:30:00 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:57:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:56:51 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:56:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:56:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe


========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3960.87 MB
Available physical RAM: 1930.98 MB
Total Pagefile: 7919.88 MB
Available Pagefile: 5796.78 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:294.12 GB) (Free:232.82 GB) NTFS

========================= Users: ========================================

User accounts for \\FOREVERAPC

Administrator Guest PJ


== End of log ==

#6 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 August 2011 - 01:36 AM

...

Edited by RedirectTakeover, 03 August 2011 - 01:37 AM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 PM

Posted 03 August 2011 - 06:08 PM

I don't see much so far...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 August 2011 - 08:38 PM

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-03 17:00:07
-----------------------------
17:00:07.446 OS Version: Windows x64 6.1.7600
17:00:07.447 Number of processors: 2 586 0x170A
17:00:07.448 ComputerName: FOREVERAPC UserName: PJ
17:00:09.267 Initialize success
17:00:09.584 AVAST engine defs: 11080301
17:01:07.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:01:07.103 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
17:01:09.154 Disk 0 MBR read successfully
17:01:09.159 Disk 0 MBR scan
17:01:09.164 Disk 0 Windows 7 default MBR code
17:01:09.169 Service scanning
17:01:11.025 Modules scanning
17:01:11.031 Disk 0 trace - called modules:
17:01:11.054 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:01:11.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0c130]
17:01:11.067 3 CLASSPNP.SYS[fffff8800189043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800467a1f0]
17:01:12.163 AVAST engine scan C:\
17:52:54.567 Scan finished successfully
18:37:32.609 Disk 0 MBR has been saved successfully to "C:\Users\PJ\Desktop\MBR.dat"
18:37:32.622 The log file has been saved successfully to "C:\Users\PJ\Desktop\aswMBR.txt"

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 PM

Posted 03 August 2011 - 08:42 PM

Looks clean...

Open IE, go Tools>Internet options>Advanced tab, click on "Reset" button.
Restart IE.
Still redirected?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 August 2011 - 09:30 PM

I did that in IE, but I use firefox, and it didn't change anything in firefox. Still getting redirected, would there be a different process for mirefox

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 PM

Posted 03 August 2011 - 09:34 PM

I see. I didn't see Firefox installed.

Important question! Is IE getting redirected as well?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 August 2011 - 10:49 PM

IE hasn't been redirecting me.


Here's the Log

-----------

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:45 on 03/08/2011 (PJ)
Firefox version [Unable to determine]

========== GooredScan ==========

Deleting "C:\Users\PJ\Application Data\Mozilla\Firefox\Profiles\7o6bn0vw.default\extensions\{ed896038-5d98-4365-814b-373b05fbff4f}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [01:16 20/07/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [06:40 21/07/2011]

C:\Users\PJ\Application Data\Mozilla\Firefox\Profiles\7o6bn0vw.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 PM

Posted 03 August 2011 - 10:51 PM

How is redirection in Firefox now?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 August 2011 - 10:55 PM

Usually I'm redirected after a bout 3 searches, but now I wasn't redirected until about my 25th search, so its still there, yet less frequent.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:07 PM

Posted 03 August 2011 - 10:57 PM

Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or 5 go Help>Restart Firefox with Add-ons Disabled.
Same issue?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users