Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Occasional link redirects to random sites such as "askthecrew.net"


  • Please log in to reply
15 replies to this topic

#1 Tuxedo.Bond

Tuxedo.Bond

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 17 March 2012 - 10:39 AM

I started getting some random link redirects in the latest Firefox (with Adblock Plus and NoScript) and Opera browsers to sites like "askthecrew.net" as well as others which I cannot recall. It's occasional and doesn't seem to be website specific. I'm not sure if it's related but not long after noticing the redirects my Windows User Account control settings were reset from never notify to default. I had NOD32 version 4 installed and ran a scan which found malicious java files in the temporary folder. I uninstalled NOD32 and installed the latest version of Kaspersky Internet Security, yet some time later I started getting the same occasional redirects with no malicious files detected in a scan but with at least some of the malicious links blocked by Kaspersky. As an example some of the links appear as xx.xxx.xxx.xxx.com/favicon.ico.

I have run Malwarebytes, TDSSkiller, TFC, aswMBR, and few of the online scan tools with no results.

Edited by Tuxedo.Bond, 17 March 2012 - 10:41 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:36 PM

Posted 17 March 2012 - 10:57 AM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Tuxedo.Bond

Tuxedo.Bond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 19 March 2012 - 08:46 PM

Security Check:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Kaspersky Internet Security 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 7 Update 3
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
``````````End of Log````````````


Farbar Service Scanner:


Farbar Service Scanner Version: 01-03-2012
Ran by Tuxedo.Bond (administrator) on 19-03-2012 at 20:50:38
Running from "D:\Downloads\Tools\Bleeping Computer"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-16 08:43] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

MiniToolBox:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Tuxedo.Bond (administrator) on 19-03-2012 at 21:41:16
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 5010
========================= Hosts content: =================================

::1 localhost

67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost

========================= IP Configuration: ================================

Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20) = Local Area Connection 2 (Connected)
Hamachi Network Interface = Hamachi (Hardware not present)
TAP-Win32 Adapter V9 (Tunngle) = Tunngle (Hardware not present)
NETGEAR WG111v3 Wireless-G USB Adapter = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=192.168.1.1 publish=Yes
add route prefix=0.0.0.0/0 interface="Local Area Connection 2" nexthop=192.168.1.1 publish=Yes
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
add address name="Local Area Connection" address=192.168.1.5
add address name="Local Area Connection 2" address=192.168.1.2


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : TuxedoBond-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 40-61-86-8F-98-49
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::50b4:99a3:2a42:34b3%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 322986374
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-4A-28-4A-00-1F-E2-6B-33-E9
DNS Servers . . . . . . . . . . . : 71.3.0.116
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{ADA827DD-24ED-4D6B-BEE1-67B4D0F79A67}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:209a:ae15:b8fc:57de(Preferred)
Link-local IPv6 Address . . . . . : fe80::209a:ae15:b8fc:57de%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldns-ftmy.embarqhsd.net
Address: 71.3.0.116

Name: google.com
Addresses: 74.125.159.113
74.125.159.138
74.125.159.139
74.125.159.100
74.125.159.101
74.125.159.102


Pinging google.com [74.125.159.138] with 32 bytes of data:
Reply from 74.125.159.138: bytes=32 time=42ms TTL=52
Reply from 74.125.159.138: bytes=32 time=46ms TTL=52

Ping statistics for 74.125.159.138:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 46ms, Average = 44ms
Server: dsldns-ftmy.embarqhsd.net
Address: 71.3.0.116

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=56ms TTL=48
Reply from 98.139.183.24: bytes=32 time=58ms TTL=48

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 56ms, Maximum = 58ms, Average = 57ms
Server: dsldns-ftmy.embarqhsd.net
Address: 71.3.0.116

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
14...40 61 86 8f 98 49 ......Realtek RTL8168D/8111D Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
0.0.0.0 0.0.0.0 192.168.1.1 Default
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:209a:ae15:b8fc:57de/128
On-link
14 276 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::209a:ae15:b8fc:57de/128
On-link
14 276 fe80::50b4:99a3:2a42:34b3/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
14 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/19/2012 09:31:48 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/19/2012 09:13:36 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/19/2012 07:28:06 PM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/19/2012 08:47:32 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/18/2012 07:35:23 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/17/2012 01:23:02 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 11.0.0.4454 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 690

Start Time: 01cd0456830fb4a1

Termination Time: 25

Application Path: D:\Program Files (x86)\Browsers\Mozilla Firefox\firefox.exe

Report Id: d8280cf7-7055-11e1-aed7-4061868f9849

Error: (03/17/2012 10:48:12 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/17/2012 00:25:23 AM) (Source: Winlogon) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/16/2012 07:44:50 AM) (Source: Application Error) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Firefox because of this error.

Program: Firefox
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: 00000000
Disk type: 0

Error: (03/16/2012 07:44:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: tbb-firefox.exe, version: 10.0.2.4432, time stamp: 0x4f4063ff
Faulting module name: xul.dll, version: 10.0.2.4432, time stamp: 0x4f406382
Exception code: 0xc000001d
Fault offset: 0x00062441
Faulting process id: 0x4b4c
Faulting application start time: 0xtbb-firefox.exe0
Faulting application path: tbb-firefox.exe1
Faulting module path: tbb-firefox.exe2
Report Id: tbb-firefox.exe3


System errors:
=============
Error: (03/19/2012 09:31:43 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)
Description: A fatal hardware error has occurred.

Component: AMD Northbridge
Error Source: 3
Error Type: 7
Processor ID: 0

The details view of this entry contains further information.

Error: (03/19/2012 09:31:33 PM) (Source: BugCheck) (User: )
Description: 0x00000124 (0x0000000000000000, 0xfffffa80061e78f8, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\031912-14991-01.dmp031912-14991-01

Error: (03/19/2012 09:31:32 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:29:54 PM on ?3/?19/?2012 was unexpected.

Error: (03/18/2012 08:04:06 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/17/2012 01:52:36 PM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (03/17/2012 00:52:36 PM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (03/17/2012 11:52:36 AM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (03/16/2012 11:36:00 PM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (03/16/2012 10:36:00 PM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5

Error: (03/16/2012 09:36:00 PM) (Source: Service Control Manager) (User: )
Description: The SPP Notification Service service terminated with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (03/19/2012 09:31:48 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/19/2012 09:13:36 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/19/2012 07:28:06 PM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/19/2012 08:47:32 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/18/2012 07:35:23 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/17/2012 01:23:02 PM) (Source: Application Hang)(User: )
Description: firefox.exe11.0.0.445469001cd0456830fb4a125D:\Program Files (x86)\Browsers\Mozilla Firefox\firefox.exed8280cf7-7055-11e1-aed7-4061868f9849

Error: (03/17/2012 10:48:12 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/17/2012 00:25:23 AM) (Source: Winlogon)(User: )
Description: 0x800700050x00000000

Error: (03/16/2012 07:44:50 AM) (Source: Application Error)(User: )
Description: Firefox000000000

Error: (03/16/2012 07:44:50 AM) (Source: Application Error)(User: )
Description: tbb-firefox.exe10.0.2.44324f4063ffxul.dll10.0.2.44324f406382c000001d000624414b4c01cd030065831135D:\Downloads\Tools\Tor\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exeD:\Downloads\Tools\Tor\Tor Browser\FirefoxPortable\App\Firefox\xul.dll6facc803-6f5d-11e1-9d3a-4061868f9849


=========================== Installed Programs ============================

Activision (Version: 1.1)
Activision® (Version: 1.00.0000)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.62)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.63)
Age of Empires III (Version: 1.00.0000)
AI War (Version: 3.0.0.0)
AMD OverDrive (Version: 3.0.2.0289)
ATI Catalyst Install Manager (Version: 3.0.804.0)
Borderlands (Version: 1.0)
Call of Duty® - World at War™ (Version: 1.0)
Call of Duty® - World at War™ (Version: 1.7)
Call of Duty® - World at War™ 1.2 Patch
Call of Duty® - World at War™ 1.2 Patch (Version: 1.2)
Call of Duty® - World at War™ 1.4 Patch
Call of Duty® - World at War™ 1.4 Patch (Version: 1.4)
Call of Duty® - World at War™ 1.5 Patch
Call of Duty® - World at War™ 1.5 Patch (Version: 1.5)
Call of Duty® - World at War™ 1.6 Patch
Call of Duty® - World at War™ 1.6 Patch (Version: 1.6)
Call of Duty® - World at War™ 1.7 Patch
Call of Duty® - World at War™ 1.7 Patch (Version: 1.7)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch
Call of Duty® 4 - Modern Warfare™ 1.7 Patch
Call of Duty: Black Ops
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2010.1215.2136.38682)
Catalyst Control Center Graphics Previews Vista (Version: 2010.1215.2136.38682)
Catalyst Control Center InstallProxy (Version: 2009.0813.2131.36817)
Catalyst Control Center InstallProxy (Version: 2010.1125.2142.38865)
Catalyst Control Center Localization All (Version: 2010.1215.2136.38682)
ccc-core-static (Version: 2010.1215.2136.38682)
ccc-utility64 (Version: 2010.1215.2136.38682)
CCC Help Chinese Standard (Version: 2010.1215.2135.38682)
CCC Help Chinese Traditional (Version: 2010.1215.2135.38682)
CCC Help Czech (Version: 2010.1215.2135.38682)
CCC Help Danish (Version: 2010.1215.2135.38682)
CCC Help Dutch (Version: 2010.1215.2135.38682)
CCC Help English (Version: 2010.1215.2135.38682)
CCC Help Finnish (Version: 2010.1215.2135.38682)
CCC Help French (Version: 2010.1215.2135.38682)
CCC Help German (Version: 2010.1215.2135.38682)
CCC Help Greek (Version: 2010.1215.2135.38682)
CCC Help Hungarian (Version: 2010.1215.2135.38682)
CCC Help Italian (Version: 2010.1215.2135.38682)
CCC Help Japanese (Version: 2010.1215.2135.38682)
CCC Help Korean (Version: 2010.1215.2135.38682)
CCC Help Norwegian (Version: 2010.1215.2135.38682)
CCC Help Polish (Version: 2010.1215.2135.38682)
CCC Help Portuguese (Version: 2010.1215.2135.38682)
CCC Help Russian (Version: 2010.1215.2135.38682)
CCC Help Spanish (Version: 2010.1215.2135.38682)
CCC Help Swedish (Version: 2010.1215.2135.38682)
CCC Help Thai (Version: 2010.1215.2135.38682)
CCC Help Turkish (Version: 2010.1215.2135.38682)
Counter-Strike: Global Offensive Beta
Crysis 2.Limited Edition.v 1.1.0.0 (Version: Crysis 2.Limited Edition.v 1.1.0.0)
Demigod
Demigod (Version: 1.00)
Facebook Video Calling 1.1.1.1 (Version: 1.1.1)
Far Cry 2 (Version: 1.03.00)
FOX LiveUpdate (Version: 1.0.8.2)
Fraps (remove only)
Freedom Fighters
Gears of War (Version: 1.00.0000)
GOM Player (Version: 2.1.28.5039)
GOMTV Streamer (Version: 1.0.0.25)
Google Talk Plugin (Version: 2.7.6.6619)
Hector - Badge of Carnage - Hector - Episode 3 (Version: 1.0.0.15)
Hector - Badge of Carnage - Hector Episode 1 (Version: 1.0.0.0)
Hector - Badge of Carnage - Hector Episode 2 (Version: 1.0.0.15)
ImgBurn (Version: 2.5.0.0)
Impulse
Impulse (Version: 1.0)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 3 (Version: 7.0.30)
Kaspersky Internet Security 2012 (Version: 12.0.0.374)
Lexmark 8300 Series
Logitech GamePanel Software 3.06.109 (Version: 3.06.109)
Logitech SetPoint 5.20 (Version: 5.20)
LogMeIn Hamachi (Version: 2.0.1.66)
Machinarium (Version: 11.10.09)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft Games for Windows - LIVE (Version: 3.2.217.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.1.99.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mirror's Edge™ (Version: 1.0.1.0)
Monkey Island 2 LeChucks Revenge Special Edition
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA PhysX (Version: 9.10.0224)
Octoshape Streaming Services
Opera 11.61 (Version: 11.61.1250)
oZone3D.Net FurMark v1.7.0
PunkBuster Services (Version: 0.988)
Realtek High Definition Audio Driver (Version: 6.0.1.5943)
RESIDENT EVIL 5 (Version: 1.0.0.129)
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition (Version: v2.24 MSI Master Overclocking Arena 2009 edition)
Rosetta Stone Version 3 (Version: 3.4.5.0)
Serious Sam 2
Serious Sam HD - The Second Encounter
Singularity™ (Version: 1.1)
Singularity™ 1.1 Patch (Version: 1.1)
Sins of a Solar Empire Trinity
SlimDX Redistributable (March 2009) (Version: 2.0.7.41)
Spotify (Version: 0.8.2.610.g090a06f8)
StarCraft II (Version: 1.4.2.20141)
Steam
Steam (Version: 1.0.0.0)
SWAT 4 (Version: 1.0.31763)
TeamSpeak 3 Client
The Void
Tom Clancy's H.A.W.X (Version: 1.02.00000)
Total Uninstall 5.2.0 (Version: 5.2.0)
Tunngle beta
VLC media player 1.1.5 (Version: 1.1.5)
Warcraft III
WinRAR archiver

========================= Devices: ================================

Name: NETGEAR WG111v3 Wireless-G USB Adapter
Description: NETGEAR WG111v3 Wireless-G USB Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: NETGEAR Inc.
Service: RTL8187B
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TAP-Win32 Adapter V9 (Tunngle)
Description: TAP-Win32 Adapter V9 (Tunngle)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider V9 (Tunngle)
Service: tap0901t
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 31%
Total physical RAM: 6142.16 MB
Available physical RAM: 4205.3 MB
Total Pagefile: 6140.3 MB
Available Pagefile: 3976.68 MB
Total Virtual: 4095.88 MB
Available Virtual: 3964.13 MB

========================= Partitions: =====================================

1 Drive c: (System Reserved) (Fixed) (Total:30 GB) (Free:5.93 GB) NTFS
2 Drive d: (Hitachi 1TB) (Fixed) (Total:901.51 GB) (Free:34.69 GB) NTFS

========================= Users: ========================================

User accounts for \\TUXEDOBOND-PC

Administrator Guest Tuxedo.Bond


**** End of log ****



Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.19.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Tuxedo.Bond :: TUXEDOBOND-PC [administrator]

3/19/2012 9:07:09 PM
mbam-log-2012-03-19 (21-07-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190076
Time elapsed: 1 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


aswMBE

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-19 21:15:23
-----------------------------
21:15:23.287 OS Version: Windows x64 6.1.7600
21:15:23.287 Number of processors: 4 586 0x403
21:15:23.287 ComputerName: TUXEDOBOND-PC UserName: Tuxedo.Bond
21:15:23.630 Initialize success
21:16:14.570 AVAST engine defs: 12031700
21:17:26.624 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-8
21:17:26.629 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA3AA Size: 953861MB BusType: 11
21:17:26.652 Disk 0 MBR read successfully
21:17:26.657 Disk 0 MBR scan
21:17:26.665 Disk 0 Windows 7 default MBR code
21:17:26.683 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 30720 MB offset 2048
21:17:26.705 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 923146 MB offset 62916608
21:17:26.737 Disk 0 scanning C:\Windows\system32\drivers
21:17:34.815 Service scanning
21:17:54.371 Modules scanning
21:17:54.375 Disk 0 trace - called modules:
21:17:54.381 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:17:54.383 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80062d7790]
21:17:54.387 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP6T0L0-8[0xfffffa800603a060]
21:17:54.779 AVAST engine scan C:\Windows
21:17:58.521 AVAST engine scan C:\Windows\system32
21:20:29.006 AVAST engine scan C:\Windows\system32\drivers
21:20:53.798 AVAST engine scan C:\Users\Tuxedo.Bond
21:24:59.858 AVAST engine scan C:\ProgramData
21:26:59.868 Scan finished successfully
21:30:15.028 Disk 0 MBR has been saved successfully to "D:\Downloads\Tools\Bleeping Computer\MBR.dat"
21:30:15.032 The log file has been saved successfully to "D:\Downloads\Tools\Bleeping Computer\aswMBR.txt"

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:36 PM

Posted 19 March 2012 - 09:09 PM

Your "hosts" file has been hijacked and you have proxies set in Firefox.

Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

Re-run MiniToolbox.
Checkmark following boxes:
  • Flush DNS
  • Reset IE Proxy Settings
Click Go and post the result.

Re-run MiniToolbox.
Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
Click Go and post the result.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Tuxedo.Bond

Tuxedo.Bond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 20 March 2012 - 01:34 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Tuxedo.Bond (administrator) on 20-03-2012 at 14:31:38
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

**** End of log ****




MiniToolBox by Farbar Version: 18-01-2012
Ran by Tuxedo.Bond (administrator) on 20-03-2012 at 14:33:16
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.http", "127.0.0.1"
"network.proxy.http_port", 5010
========================= Hosts content: =================================

::1 localhost

67.215.245.19 www.google-analytics.com.
67.215.245.19 ad-emea.doubleclick.net.
67.215.245.19 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.

127.0.0.1 localhost


**** End of log ****

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:36 PM

Posted 20 March 2012 - 07:13 PM

Did you?

Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Tuxedo.Bond

Tuxedo.Bond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 20 March 2012 - 07:24 PM

Did you?

Please, go here: http://support.microsoft.com/kb/972034#FixItForMeAlways and click on "Fix it" button to reset your "hosts" file.
Follow all prompts.

Yes. When I manually view the hosts file it doesn't have those domains listed, yet in the report it does.

Edited by Tuxedo.Bond, 20 March 2012 - 07:24 PM.


#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:36 PM

Posted 20 March 2012 - 07:51 PM

OK, let's try this....

Re-run MiniToolbox.
Checkmark following boxes:
  • Flush DNS
  • Reset FF Proxy Settings
Click Go and post the result.

Delete "hosts" file manually (you may need to do it from safe mode).

Download following "hosts"(zipped) file: http://www.bleepstatic.com/fhost/uploads/0/hosts_seven.zip
Unzip it.
Copy hosts file found inside.
Open Windows Explorer and paste hosts file to C:\WINDOWS\SYSTEM32\DRIVERS\ETC folder.

NOTE.
If you receive You don't have permission to save in this location message take ownership of C:\windows\system32\drivers\etc folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/
If the above doesn't work save the file to some known location, like your desktop, copy it from there and paste it to "etc" folder.

Restart computer.

Re-run MiniToolbox.
Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
Click Go and post the result.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Tuxedo.Bond

Tuxedo.Bond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 20 March 2012 - 07:54 PM

I checked the hosts file permissions and it turns out it was read only. I allowed write access and redid the steps from your previous post and the results appear successful.

MiniToolBox by Farbar Version: 18-01-2012
Ran by Tuxedo.Bond (administrator) on 20-03-2012 at 20:50:07
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****



MiniToolBox by Farbar Version: 18-01-2012
Ran by Tuxedo.Bond (administrator) on 20-03-2012 at 20:51:27
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

# ::1 localhost


**** End of log ****

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:36 PM

Posted 20 March 2012 - 07:59 PM

Very well :)

How is redirection?

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Tuxedo.Bond

Tuxedo.Bond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 March 2012 - 06:28 PM

Programs utilized and no threats found.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:36 PM

Posted 21 March 2012 - 07:13 PM

How is redirection?


My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#13 Tuxedo.Bond

Tuxedo.Bond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 March 2012 - 08:30 PM

No redirection as of yet.

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:36 PM

Posted 21 March 2012 - 08:53 PM

Good :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

===============================================================

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/

2. Make sure, Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

5. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

6. Run Temporary File Cleaner (TFC) weekly.

7. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

8. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

9. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

10. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

11. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#15 Tuxedo.Bond

Tuxedo.Bond
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 14 April 2012 - 02:00 PM

It has been three weeks and all is running smooth. Thanks Broni for the excellent and quick help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users