Popups in Firefox to directrdr

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Popups in Firefox to directrdr

#1 madbob

Group: Member
Posts: 9
Joined: 11-June 06

Posted 04 May 2012 - 04:49 PM

Hi,

I've been getting some random popups ever since the last but one Firefox update (may not be connected however).

They happen every hour or so, or it could be dependent on how many pages I open or visit but its not eminating from any one particular site i visit. I don't know. The pages are opening and i'm managing to close them quickly but looking at my history they are opening a web page:

www3 dot directrdr dot com and then that site seem to be displaying a random webpage, normally advertising. Just to note re my OTL results below I am using a swagbucks toolbar and swagbucks searchbox, but not had trouble with it before. I've tried things like spybot, panda & housecall online scanners and nothing has shown.

My OTL log posted below

-----------------------------------------------------------------------------------

OTL logfile created on: 04/05/2012 23:23:52 - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Trevor\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1014.64 Mb Total Physical Memory | 197.96 Mb Available Physical Memory | 19.51% Memory free
2.33 Gb Paging File | 0.98 Gb Available in Paging File | 41.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.73 Gb Total Space | 112.21 Gb Free Space | 78.62% Space Free | Partition Type: NTFS
Drive D: | 6.32 Gb Total Space | 0.88 Gb Free Space | 13.94% Space Free | Partition Type: NTFS

Computer Name: TREVOR-PC | User Name: Trevor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/04 23:22:15 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Trevor\Downloads\OTL.exe
PRC - [2012/04/25 09:55:27 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe
PRC - [2009/08/26 13:04:56 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () -- C:\Windows\System32\CSHelper.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 08:33:40 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsqmcons.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/20 12:34:52 | 000,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/14 15:01:21 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe
PRC - [2006/11/03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe
PRC - [2006/09/28 14:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE

========== Modules (No Company Name) ==========

MOD - [2012/04/25 09:55:26 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/24 22:06:18 | 000,079,872 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko12.dll
MOD - [2012/04/20 22:42:20 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2008/02/26 11:04:34 | 000,057,344 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSLOG.DLL
MOD - [2006/11/10 06:56:02 | 000,094,208 | ---- | M] () -- c:\Program Files\Common Files\aol\1182422047\ee\services\waolTrayMenuService\ver_0_9_1\waolTrayMenuService.dll
MOD - [2006/07/17 16:56:52 | 000,077,824 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSEVENT.DLL
MOD - [2006/07/17 16:56:32 | 000,024,576 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSERROR.DLL
MOD - [2006/07/17 16:45:26 | 000,040,960 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE
MOD - [2006/07/17 16:44:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SDSREG.DLL
MOD - [2006/07/17 16:40:50 | 000,016,384 | ---- | M] () -- C:\Program Files\Royal Mail\SmartStamp\BINARY\SMSG.DLL

========== Win32 Services (SafeList) ==========

SRV - [2012/05/04 22:16:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/25 09:55:27 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/04/17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe -- (NIS)
SRV - [2009/03/03 21:34:32 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Windows\System32\CSHelper.exe -- (CSHelper)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/23 13:50:35 | 000,046,640 | ---- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/30 20:35:20 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120503.035\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/04/30 20:35:20 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120503.035\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/28 01:18:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120503.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/04/05 21:47:01 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/04/03 00:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/02/04 12:18:05 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/05/10 12:10:22 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/21 02:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207010.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/31 04:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1207010.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/31 04:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207010.003\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/15 03:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207010.003\symefa.sys -- (SymEFA)
DRV - [2011/01/27 07:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1207010.003\symds.sys -- (SymDS)
DRV - [2011/01/27 06:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1207010.003\ironx86.sys -- (SymIRON)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot)
DRV - [2006/11/20 08:48:40 | 000,506,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/01 21:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {1CC0292F-CC64-4908-8791-38A977CCDF65}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{1CC0292F-CC64-4908-8791-38A977CCDF65}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {1CC0292F-CC64-4908-8791-38A977CCDF65}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{1CC0292F-CC64-4908-8791-38A977CCDF65}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Swagbucks.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.topcashback.co.uk/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll (ArtistScope)
FF - HKCU\Software\MozillaPlugins\@artistscope.com/ArtistScope plugin 42,version=4.2.0.0: C:\Program Files\Mozilla Firefox\plugins\npArtistScope42.dll (ArtistScope)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2012/02/01 11:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_7_5 [2012/05/04 09:53:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 09:55:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 11:01:45 | 000,000,000 | ---D | M]

[2008/09/02 18:57:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Extensions
[2012/05/02 23:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions
[2010/10/22 11:00:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/25 09:55:44 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2012/03/31 10:07:53 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/13 09:57:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\extensions\engine@conduit.com
[2010/11/02 16:56:04 | 000,000,923 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\searchplugins\conduit.xml
[2012/05/03 23:17:57 | 000,001,540 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\Mozilla\Firefox\Profiles\1214htm2.default\searchplugins\swagbuckscom.xml
[2012/04/20 11:12:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/04 09:53:38 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\COFFPLGN_2011_7_7_5
[2012/02/01 11:19:01 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\TREVOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1214HTM2.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
[2012/04/25 09:55:27 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/01/15 19:53:03 | 000,616,448 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScope42.dll
[2009/02/02 07:06:56 | 000,211,456 | ---- | M] (ArtistScope) -- C:\Program Files\mozilla firefox\plugins\npArtistScopeDRM11.dll
[2012/02/29 10:57:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/25 09:55:25 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/25 09:55:25 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/25 09:55:25 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/04/25 09:55:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/25 09:55:25 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1182422047\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [OLP-Tray] C:\Program Files\Royal Mail\SmartStamp\BINARY\STRAY.EXE ()
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} http://downloads.ewi...oOnlineScan.cab (ewidoOnlineScan Control)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (Reg Error: Key error.)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-24-0.cab (EPUImageControl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} http://www.ooxtv.com/stream.ocx (KooPlayer Control)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} https://media.pineco...loadcontrol.cab (InetDownload Class)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63D52BD7-6001-4347-981F-A60F3A001194}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Trevor\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 22:47:38 | 000,000,000 | ---D | C] -- C:\b74376b9821fd0ffbbac73deed5b2571
[2012/05/04 17:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/03 23:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/04/25 09:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/04/25 09:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

========== Files - Modified Within 30 Days ==========

[2012/05/04 23:23:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 23:16:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 23:16:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 23:05:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/04 20:22:04 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job
[2012/05/04 20:07:24 | 000,000,536 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Trevor.job
[2012/05/04 15:22:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 11:38:18 | 000,004,090 | ---- | M] () -- C:\Users\Trevor\AppData\Roaming\wklnhst.dat
[2012/05/04 09:57:38 | 000,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/04 09:57:38 | 000,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/04 09:52:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/04 09:52:29 | 1064,689,664 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/03 23:03:52 | 000,000,949 | ---- | M] () -- C:\Users\Trevor\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/03 22:55:09 | 000,324,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/03 22:05:04 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012/05/03 22:04:49 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012/04/26 15:47:01 | 000,011,843 | ---- | M] () -- C:\Users\Trevor\Documents\070314_email.pdf
[2012/04/20 11:12:33 | 000,000,876 | ---- | M] () -- C:\Users\Trevor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/20 11:12:32 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/11 23:11:30 | 000,472,828 | ---- | M] () -- C:\Users\Trevor\AppData\Local\census.cache
[2012/04/11 23:10:48 | 000,205,429 | ---- | M] () -- C:\Users\Trevor\AppData\Local\ars.cache

========== Files Created - No Company Name ==========

[2012/05/03 23:03:49 | 000,000,955 | ---- | C] () -- C:\Users\Trevor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/26 15:46:53 | 000,011,843 | ---- | C] () -- C:\Users\Trevor\Documents\070314_email.pdf
[2012/04/20 22:42:27 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/20 11:12:32 | 000,000,876 | ---- | C] () -- C:\Users\Trevor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/20 11:12:32 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/20 11:12:31 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/19 22:53:03 | 000,472,828 | ---- | C] () -- C:\Users\Trevor\AppData\Local\census.cache
[2012/03/19 22:52:22 | 000,205,429 | ---- | C] () -- C:\Users\Trevor\AppData\Local\ars.cache
[2011/02/24 16:06:05 | 011,012,102 | ---- | C] () -- C:\Users\Trevor\AppData\Roaming\CricketCaptain2010upd19.exe
[2011/01/04 23:00:09 | 000,001,940 | ---- | C] () -- C:\Users\Trevor\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/08/26 23:03:11 | 000,000,036 | ---- | C] () -- C:\Users\Trevor\AppData\Local\housecall.guid.cache

========== LOP Check ==========

[2007/08/06 15:45:04 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\.wyzo
[2012/05/04 22:43:52 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Amazon
[2010/02/06 22:59:57 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/02/24 02:29:30 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Childish Things
[2008/01/10 23:03:41 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Cool Record Edit Pro
[2009/09/29 20:23:06 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\FloodLightGames
[2012/05/04 22:40:32 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\GSplit
[2007/12/25 11:08:10 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Sports Interactive
[2007/06/21 20:25:11 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\Template
[2008/09/18 13:08:58 | 000,000,000 | ---D | M] -- C:\Users\Trevor\AppData\Roaming\WinBatch
[2012/05/04 01:59:22 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/05/04 20:22:04 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A49CB1FB-39CC-40DB-920E-CCDF10379628}.job

========== Purity Check ==========

< End of report >

#2 RKinner

Group: Expert
Posts: 10,636
Joined: 19-April 05

Posted 05 May 2012 - 08:47 AM

At the top of the Firefox window, click the Firefox button, go over to the Help menu and select Restart with Add-ons Disabled.... Firefox will start up with the Firefox Safe Mode dialog. Select: Continue In Safe Mode when Firefox restarts. Test in this mode. If it stops then one of your add-ons is the source. Go back in and turn a few on a time until you locate the problem. If you are still getting redirected then:

Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#3 madbob

Group: Member
Posts: 9
Joined: 11-June 06

Posted 11 May 2012 - 12:59 PM

Quote

Did the trick, it turns out it is the toolbar doing this so i've disabled it and have had no problems since. Thanks.

#4 RKinner

Group: Expert
Posts: 10,636
Joined: 19-April 05

Posted 11 May 2012 - 01:30 PM

You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Popups in Firefox to directrdr - Geeks to Go Forums