Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS Takeover


  • Please log in to reply
14 replies to this topic

#1 RedirectTakeover

RedirectTakeover

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 01 August 2011 - 10:06 AM

So, I'm pretty positive that I'm infected with a TDSS Redirect Virus.
I know, because I'm rarely not redirected to a different site when searching for something
I have run malwarebytes, TDSSkiller, Avast, Ad-Aware, and Super Anti-Spyware
and they've all come up with nothing at all
What can I do?
Thank you very much in advance for the help.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 01 August 2011 - 09:36 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 02 August 2011 - 03:15 AM

Security Check Log
-------------------
Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities 2011
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Thunderbird (5.0.) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````



MiniToolbox Log
----------------
MiniToolBox by Farbar
Ran by PJ (administrator) on 01-08-2011 at 21:56:48
Windows 7 Ultimate (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================




========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ForeverApc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
Physical Address. . . . . . . . . : 00-23-8B-28-68-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-6B-07-06-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A03B8C0B-59F8-412B-9764-D63D9135B020}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 23 8b 28 68 86 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
11...00 21 6b 07 06 c0 ......Intel® WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Memory info: ===================================

Percentage of memory in use: 39%
Total physical RAM: 3960.87 MB
Available physical RAM: 2407.57 MB
Total Pagefile: 7919.88 MB
Available Pagefile: 6320.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3985.39 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:294.12 GB) (Free:233.53 GB) NTFS

========================= Users: ========================================

User accounts for \\FOREVERAPC

Administrator Guest PJ


== End of log ==



MalwareBytes Log
-----------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7351

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/1/2011 10:32:56 PM
mbam-log-2011-08-01 (22-32-56).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 271644
Time elapsed: 30 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER log
---------
Nothing

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 02 August 2011 - 06:31 PM

When you ran MiniToolbox were you disconnected from the internet for some reason?

If so, reconnect and post fresh MiniToolbox log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 August 2011 - 01:35 AM

Here is MiniToolbox, definitely with the internet on

----------------------------

MiniToolBox by Farbar
Ran by PJ (administrator) on 02-08-2011 at 23:33:51
Windows 7 Ultimate (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================




========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : ForeverApc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain_not_set.invalid

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
Physical Address. . . . . . . . . : 00-23-8B-28-68-86
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Intel® WiFi Link 5100 AGN
Physical Address. . . . . . . . . : 00-21-6B-07-06-C0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::cd72:488d:79b:249b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, August 02, 2011 11:14:47 AM
Lease Expires . . . . . . . . . . : Wednesday, August 03, 2011 11:23:40 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184557931
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B1-41-47-00-23-8B-28-68-86
DNS Servers . . . . . . . . . . . : 192.168.1.1
68.238.64.12
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{A03B8C0B-59F8-412B-9764-D63D9135B020}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1cfe:2d05:93f2:470f(Preferred)
Link-local IPv6 Address . . . . . : fe80::1cfe:2d05:93f2:470f%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.domain_not_set.invalid:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain_not_set.invalid
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.115
74.125.224.114
74.125.224.116
74.125.224.113
74.125.224.112


Pinging google.com [74.125.224.81] with 32 bytes of data:
Reply from 74.125.224.81: bytes=32 time=53ms TTL=56
Reply from 74.125.224.81: bytes=32 time=54ms TTL=56

Ping statistics for 74.125.224.81:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 53ms, Maximum = 54ms, Average = 53ms
Server: dslmodem.domain
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=132ms TTL=52
Reply from 67.195.160.76: bytes=32 time=129ms TTL=52

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 129ms, Maximum = 132ms, Average = 130ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=7ms TTL=128
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 7ms, Average = 5ms
===========================================================================
Interface List
12...00 23 8b 28 68 86 ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
11...00 21 6b 07 06 c0 ......Intel® WiFi Link 5100 AGN
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.72 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.72 281
192.168.1.72 255.255.255.255 On-link 192.168.1.72 281
192.168.1.255 255.255.255.255 On-link 192.168.1.72 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.72 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.72 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:1cfe:2d05:93f2:470f/128
On-link
11 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::1cfe:2d05:93f2:470f/128
On-link
11 281 fe80::cd72:488d:79b:249b/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/02/2011 11:33:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 01:42:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 11:42:04 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/02/2011 02:30:00 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:57:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:56:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:56:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/01/2011 09:56:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/01/2011 08:58:00 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error:
%%1053

Error: (08/01/2011 08:58:00 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (07/31/2011 00:08:14 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:04:50 PM on ?7/?31/?2011 was unexpected.

Error: (07/30/2011 09:54:09 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:50:10 PM on ?7/?30/?2011 was unexpected.

Error: (07/30/2011 08:49:15 PM) (Source: Service Control Manager) (User: )
Description: The UPnP Device Host service failed to start due to the following error:
%%1069

Error: (07/30/2011 08:49:15 PM) (Source: Service Control Manager) (User: )
Description: The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:
%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/30/2011 08:49:15 PM) (Source: DCOM) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (07/30/2011 08:14:36 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/30/2011 01:36:46 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:34:26 AM on ?7/?30/?2011 was unexpected.

Error: (07/29/2011 02:47:58 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Microsoft Office Sessions:
=========================
Error: (08/02/2011 11:33:52 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 01:42:51 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 11:42:04 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 02:51:52 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/02/2011 02:30:00 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:57:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:56:51 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:56:50 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/01/2011 09:56:48 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe


========================= Memory info: ===================================

Percentage of memory in use: 51%
Total physical RAM: 3960.87 MB
Available physical RAM: 1930.98 MB
Total Pagefile: 7919.88 MB
Available Pagefile: 5796.78 MB
Total Virtual: 4095.88 MB
Available Virtual: 3965.8 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:294.12 GB) (Free:232.82 GB) NTFS

========================= Users: ========================================

User accounts for \\FOREVERAPC

Administrator Guest PJ


== End of log ==

#6 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 August 2011 - 01:36 AM

...

Edited by RedirectTakeover, 03 August 2011 - 01:37 AM.


#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 03 August 2011 - 06:08 PM

I don't see much so far...

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 August 2011 - 08:38 PM

aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-03 17:00:07
-----------------------------
17:00:07.446 OS Version: Windows x64 6.1.7600
17:00:07.447 Number of processors: 2 586 0x170A
17:00:07.448 ComputerName: FOREVERAPC UserName: PJ
17:00:09.267 Initialize success
17:00:09.584 AVAST engine defs: 11080301
17:01:07.099 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:01:07.103 Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 11
17:01:09.154 Disk 0 MBR read successfully
17:01:09.159 Disk 0 MBR scan
17:01:09.164 Disk 0 Windows 7 default MBR code
17:01:09.169 Service scanning
17:01:11.025 Modules scanning
17:01:11.031 Disk 0 trace - called modules:
17:01:11.054 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:01:11.060 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c0c130]
17:01:11.067 3 CLASSPNP.SYS[fffff8800189043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800467a1f0]
17:01:12.163 AVAST engine scan C:\
17:52:54.567 Scan finished successfully
18:37:32.609 Disk 0 MBR has been saved successfully to "C:\Users\PJ\Desktop\MBR.dat"
18:37:32.622 The log file has been saved successfully to "C:\Users\PJ\Desktop\aswMBR.txt"

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 03 August 2011 - 08:42 PM

Looks clean...

Open IE, go Tools>Internet options>Advanced tab, click on "Reset" button.
Restart IE.
Still redirected?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 August 2011 - 09:30 PM

I did that in IE, but I use firefox, and it didn't change anything in firefox. Still getting redirected, would there be a different process for mirefox

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 03 August 2011 - 09:34 PM

I see. I didn't see Firefox installed.

Important question! Is IE getting redirected as well?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 August 2011 - 10:49 PM

IE hasn't been redirecting me.


Here's the Log

-----------

GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:45 on 03/08/2011 (PJ)
Firefox version [Unable to determine]

========== GooredScan ==========

Deleting "C:\Users\PJ\Application Data\Mozilla\Firefox\Profiles\7o6bn0vw.default\extensions\{ed896038-5d98-4365-814b-373b05fbff4f}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [01:16 20/07/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [06:40 21/07/2011]

C:\Users\PJ\Application Data\Mozilla\Firefox\Profiles\7o6bn0vw.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(Key not found)

-=E.O.F=-

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 03 August 2011 - 10:51 PM

How is redirection in Firefox now?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 RedirectTakeover

RedirectTakeover
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:44 PM

Posted 03 August 2011 - 10:55 PM

Usually I'm redirected after a bout 3 searches, but now I wasn't redirected until about my 25th search, so its still there, yet less frequent.

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:44 PM

Posted 03 August 2011 - 10:57 PM

Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, or 5 go Help>Restart Firefox with Add-ons Disabled.
Same issue?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users