When I was surfing on a site chromeplus.org Avast prompted about a blocked malicious program. It was something like js:FakeAV-GE [Trj]. The link of that suspicious file was httb://www2.smartfhdefense.rr.nu/1e2f5910.js|%3E{gzip}. I think, that ChromePlus site was redirected to some strange sites. An another site was httb://sokoloperkovuskeci.com/in.php?g=82. Please note, that I changed the “http” word’s p to b due to the security reasons. I really have no idea what happened.

That looks like a link to a rogue av to me

Are you experiencing any problems ?

I ran Avast, Malwarebytes and Hitman Pro scans and they found nothing. I’ll post OTS and aswMBR logs soon.

Here’s the OTL, Malwarebytes and aswMBR logs as an attachment.

Looks good to I, I would recommend that you empty the temps though to be 100% sure. Saved by Avast ;D

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop

[*] Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Then run OTL and hit the cleanup button

When I ran TFC first time the BSOD came due to some reason, but when I ran it second time it completed and it asked to reboot. Do I have to wait the finishing of it after rebooting or can I use the computer immediately after the reboot? Here’s the log about that BSOD.

[b]- System

• Provider

[ Name] Microsoft-Windows-Kernel-Power
[ Guid] {331C3B3A-2005-44C2-AC5E-77220C37D6B4}

EventID 41

Version 2

Level 1

Task 63

Opcode 0

Keywords 0x8000000000000002

• TimeCreated

[ SystemTime] 2011-09-03T13:07:40.192411800Z

EventRecordID 58085

Correlation

• Execution

[ ProcessID] 4
[ ThreadID] 8

Channel System

Computer J***a-PC

• Security

[ UserID] S-1-5-18

• EventData

  BugcheckCode 244
  BugcheckParameter1 0x6
  BugcheckParameter2 0xfffffa800afb3790
  BugcheckParameter3 0xfffffa800afae7a0
  BugcheckParameter4 0xfffff80003388880
  SleepInProgress false
  PowerButtonTimestamp 0[/b]

Please note, that I hid my user name due to security reasons.

You can use it as soon as the boot is complete

Do you have a mindump at c:\windows\minidump ? If so if you could upload to mediafire I will take a look at it

Here’s the Minidump folder as a zip file uploaded to Mediafire: http://www.mediafire.com/?vn4e4ad6fumkm9l.

Was there something bad in the Minidump file?

For some reason (again) I am having trouble accessing mediafire

Could you try Megaupload please

I don’t know what you need to check essexboy (any DNS server blocking), but I can connect to and download that file from mediafire. Albeit that the download took a while to even start, even though it was only 25KB.

Are you getting an error or is it just not connecting ?

I am getting a 404, I had this about a week ago for a few days. Then when I next got on the landing page had changed. With all my talk about security I never use dns servers, although I might give openDNS a whirl

Currently, I can’t use OpenDNS since I’m on BT Infinity fibre optic, with its Home Hub and I can’t change the DNS server (I really liked OpenDNS).

Ok this is weird I can access it via the address cdn.mediafire.com but not using www I am wondering whether it is an ISP problem
Plus with this new system being a HP I am removing rubbish from it all the time

Certainly weird, as I would have thought any ISP DNS blocking would normally be domain based and sub-domains would be included in that.

Here’s the same file uploaded to Megaupload: http://www.megaupload.com/?d=1Z815UJK.

Spooky mediafire is working again and now megaupload is refusing my connection…

OK the mindump gave us a driver terminating unexpectedly within the NTos kernel… Has this happened again since ? As these are usually just one off problems

It hasn’t happened after that TFC crash.

If you get any further problems let me know. I think both mediafire and megaupload were getting a bit miffed about the amount of files I am downloading ;D

My friend sent me some links, which were suspicious for me and I was so stupid, that I clicked those links. I ran Avast and Hitman Pro and they found nothing. Malwarebytes found some “Simulation.Spycar” variants, which I downloaded just to test Malwarebytes, so it didn’t found any real malware. Here’s Malwarebytes, OTL and aswMBR logs as attachments.