Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

the source of Google Search redirect problems?


  • Please log in to reply
14 replies to this topic

#1 pnut

pnut

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 26 June 2011 - 12:37 AM

Hi. I'm in the process of going through all the steps to figure out why my Google search links are often being redirected, and think I may have stumbled upon a cause. Rkill and Malwarebytes are not picking it up at all (in normal or safe modes). So now I'm just looking for anything suspicious. In going through my Firefox history, out pops "Redirect" (around the middle of screen shot below). Wow, can it really be named so ridiculously too obvious???
:busy:

Posted Image

Looking at the location for it, I'm almost done typing "cpcadnet.com" into a Google search, when I suddenly get a full blue screen of death with some huge warning on it that I was being shut down! Within seconds, my computer crashed and was restarting on its own. As it was rebooting, I went directly into Safe Mode with Networking, and first get this recovery notice (can someone please translate to tell me WTH happened?):

Posted Image

Next, I get back to searching for info on "cpcadnet" (still in Safe Mode), but find virtually nothing being said about it related to a virus, malware, etc.

So I challenge myself to stare down the monster directly, expecting another all-out attack of some kind, and go to www.cpcadnet.com ...

and get this:


Posted Image

Yep, just "HELLO!"

Interestingly, I noticed that when I searched here on bleepingcomputer.com forums for "cpcadnet", almost every one of the 26 results found are related to the Google Redirect problem. In looking through those, nobody discusses cpcadnet directly (well, one person inquired – but the tech involved didn't respond on it). But my Google highlighter picks it up buried within every one of their Adware Tracking Cookie lists!

Lastly, I try the other cpcadnet link in my Firefox history (as follows):
http://www.cpcadnet.com/track/?b=44t2q2t25454r2&xargs=dT13d3cub2ZmZXJzZmluZGVyLmJpeiZwPTAmYWQ9MTU3Jm09dXMmZD1hSFIwY0RvdkwzTmxZWEpqYUM1MWN5NWlNREJyYldGeWEzTXVZMjl0TDJ4aGJtUnBibWN1Y0dod1AyWTlNakl5TWlaclpYbDNiM0prUFU5MWRHUnZiM0lyU0dGc2JHOTNaV1Z1Sm5GMVpYSjVQVzF2ZEdsdmJpdHZkWFJrYjI5eUswaGhiR3h2ZDJWbGJpWmhabVp6ZFdJOU1UVXdNbDlmTWpJMU1EQmZYek5sTWpOaFlqSTFaVFU0T1dSa056WXhZVEUzT0RGaVlUa3dNR014TURjNUptMWhjbXRsZEQxMWN3JTNEJTNEJms9T3V0ZG9vcitIYWxsb3dlZW4mcT1tb3Rpb24rb3V0ZG9vcitIYWxsb3dlZW4maXA9OTkuMTc4LjgxLjkxJm49YzI1ZjJkN2ZkMzYyNjkyZWU1OTJiNzU0ODMyMjUxMTMmYT0yMjUwMCZ0PTEzMDg3NjIxOTQmc2ljPTAmZmNsPWdsb2JhbCZpbW09MSZiYz0xJmRpPXd3dy5vZmZlcnNmaW5kZXIuYml6Jm1jZj0x&pos=0

and instantly get redirected to an ad page every time. AH-HA!!! :dance:


I have no idea how to fix it, but it sure seems to be the most likely culprit.


Anyone?

Edited by pnut, 26 June 2011 - 12:47 AM.


BC AdBot (Login to Remove)

 


#2 pnut

pnut
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 26 June 2011 - 10:55 AM

Also consider this - in using Google search today, I was redirected to the bogus "Windows 7 Repair" virus page. Recognized it immediately, because I was attacked by this thing about a week ago (not aware of the redirect problem yet, I happened to be searching for Windows 7 info at the time, and thought it was a legit MS page). So if the cpcadnet redirect was intended to "harmlessly" point us to mere advertising, why would this page be included?! I'm willing to bet they are all working in conjunction, to advertise crap and infect our machines to oblivion until we are tortured into paying their hostage fees! Come to think of it - that's exactly what they're doing! It's all about THE MONEY!!
MAY THESE NASTY EVIL CROOKS ROT IN HELL!!!
:angry:

(Meanwhile, still need a fix for it... help please?)

Edited by pnut, 26 June 2011 - 11:04 AM.


#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:22 PM

Posted 03 July 2011 - 04:10 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

========================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

==============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

====================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#4 pnut

pnut
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 July 2011 - 06:09 PM

Hi Broni. Happy to go through all the stock reply stuff for you, but please allow me some time to get it all done.

Meanwhile, is anything at all known about "cpcadnet"? Or do you have any additional thoughts on my post?

I have a lot of time into posting all that info, and would really appreciate any direct reply on it.

Thanks.

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:22 PM

Posted 03 July 2011 - 06:13 PM

For me to comment I need to see those logs first.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 pnut

pnut
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 03 July 2011 - 09:59 PM

OK Broni, the results are below. Please comment in full to my original posts. Thanks.

7/3/11 Google Search redirect virus notes



Results of screen317's Security Check version 0.99.7

Windows 7 Service Pack 1 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:


Windows Firewall Enabled!

Panda Cloud Antivirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:


Malwarebytes' Anti-Malware

CCleaner

Java™ 6 Update 26

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Adobe Reader X (10.1.0)

Mozilla Firefox (x86 en-US..) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent


Panda Security Panda Cloud Antivirus PSANHost.exe

Panda Security Panda Cloud Antivirus PSUNMain.exe

``````````End of Log````````````







MiniToolBox by Farbar

Ran by Paul (administrator) on 03-07-2011 at 22:12:42

Windows 7 Professional Service Pack 1 (X86)



***************************************************************************





========================= IE Proxy Settings: ==============================



Proxy is not enabled.

No Proxy Server is set.



========================= End of IE Proxy Settings ========================

=============== Hosts content: ============================================



# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host



# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost



=============== End of Hosts ==============================================



================= IP Configuration: =======================================



# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled





popd

# End of IPv4 configuration







Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org



Database version: 7015



Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421



7/3/2011 10:21:55 PM

mbam-log-2011-07-03 (22-21-55).txt



Scan type: Quick scan

Objects scanned: 165365

Time elapsed: 3 minute(s), 35 second(s)



Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0



Memory Processes Infected:

(No malicious items detected)



Memory Modules Infected:

(No malicious items detected)



Registry Keys Infected:

(No malicious items detected)



Registry Values Infected:

(No malicious items detected)



Registry Data Items Infected:

(No malicious items detected)



Folders Infected:

(No malicious items detected)



Files Infected:

(No malicious items detected)





(GMER 1st attempt):

Problem signature:

Problem Event Name: APPCRASH

Application Name: jb862e63.exe

Application Version: 1.0.15.15640

Application Timestamp: 4de220a0

Fault Module Name: jb862e63.exe

Fault Module Version: 1.0.15.15640

Fault Module Timestamp: 4de220a0

Exception Code: c0000005

Exception Offset: 0000c676

OS Version: 6.1.7601.2.1.0.256.48

Locale ID: 1033

Additional Information 1: 0a9e

Additional Information 2: 0a9e372d3b4ad19135b953a78882e789

Additional Information 3: 0a9e

Additional Information 4: 0a9e372d3b4ad19135b953a78882e789



Read our privacy statement online:

http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409



If the online privacy statement is not available, please read our privacy statement offline:

C:\Windows\system32\en-US\erofflps.txt





(GMER 2nd attempt):

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit scan 2011-07-03 22:52:43

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000005f Hitachi_ rev.JP4O

Running: jb862e63.exe; Driver: C:\Users\Paul\AppData\Local\Temp\kxldapod.sys





---- Kernel code sections - GMER 1.0.15 ----



.text ntkrnlpa.exe!ZwSaveKey + 13C1 82A52339 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A8BD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text sptd.sys 8842F000 8 Bytes [8E, BA, E2, 82, A0, 97, E2, ...]

.text sptd.sys 8842F009 23 Bytes [97, E2, 82, 34, 32, E3, 82, ...]

.text sptd.sys 8842F024 4 Bytes [44, B5, 55, 88]

.text sptd.sys 8842F02C 96 Bytes [7D, C4, BD, 82, D8, CE, A4, ...]

.text sptd.sys 8842F08D 91 Bytes [05, A5, 82, 1A, B5, A4, 82, ...]

.text ...

.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x885090AD]

? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.

.text USBPORT.SYS!DllUnload 8E76BD81 5 Bytes JMP 862541C8



---- User code sections - GMER 1.0.15 ----



.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] kernel32.dll!SetUnhandledExceptionFilter 765C3D01 5 Bytes JMP 65575B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] ole32.dll!OleLoadFromStream 76326143 5 Bytes JMP 65890DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] ntdll.dll!LdrLoadDll 76F222B8 5 Bytes JMP 012B1410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)



---- Kernel IAT/EAT - GMER 1.0.15 ----



IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8843071C] \SystemRoot\System32\Drivers\sptd.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88430F0E] \SystemRoot\System32\Drivers\sptd.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8843122E] \SystemRoot\System32\Drivers\sptd.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [884310EC] \SystemRoot\System32\Drivers\sptd.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88430910] \SystemRoot\System32\Drivers\sptd.sys



---- User IAT/EAT - GMER 1.0.15 ----



IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[1112] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74F9FFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)



---- Devices - GMER 1.0.15 ----



Device \FileSystem\Ntfs \Ntfs 849871E8

Device \Driver\usbohci \Device\USBPDO-0 862561E8

Device \Driver\usbehci \Device\USBPDO-1 862631E8

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\nvstor \Device\00000060 849851E8



AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)



Device \Driver\cdrom \Device\CdRom0 85A691E8



AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)



Device \Driver\cdrom \Device\CdRom1 85A691E8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 849841E8

Device \Driver\atapi \Device\Ide\IdePort0 849841E8

Device \Driver\atapi \Device\Ide\IdePort1 849841E8

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 849841E8



AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)



Device \Driver\cdrom \Device\CdRom2 85A691E8



AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)



Device \Driver\NetBT \Device\NetBt_Wins_Export 859891E8

Device \Driver\PCI_PNP8672 \Device\0000004d sptd.sys

Device \Driver\nvstor \Device\RaidPort0 849851E8

Device \Driver\nvstor \Device\0000005f 849851E8

Device \Driver\usbohci \Device\USBFDO-0 862561E8

Device \Driver\usbehci \Device\USBFDO-1 862631E8

Device \Driver\amcf3r5s \Device\Scsi\amcf3r5s1Port3Path0Target0Lun0 862241E8

Device \Driver\amcf3r5s \Device\Scsi\amcf3r5s1 862241E8

Device \FileSystem\cdfs \Cdfs 872C51E8



---- Registry - GMER 1.0.15 ----



Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x21 0xCC 0x1E 0x4F ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x08 0xAF 0xA7 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x76 0x74 0x7C 0x17 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x21 0xCC 0x1E 0x4F ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5B 0x08 0xAF 0xA7 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x76 0x74 0x7C 0x17 ...



---- EOF - GMER 1.0.15 ----













#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:22 PM

Posted 03 July 2011 - 10:16 PM

So far, things look clean.

However, MiniToolbox log is incomplete, so please re-run/re-post it.

Now, does the redirection happen in Firefox only?
Did you check, if same issue happens in IE?

Then...

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#8 pnut

pnut
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 July 2011 - 09:29 AM

Hi Broni. Happy 4th!!!

I rarely use IE, as I much prefer Firefox for general searches and stuff, but I just tried an IE Google search and opened about 10 links with no redirects (but please don't completely rely on that, because redirects occur very sporadically in Firefox).


Here's the info you requested:

7/4/11 GoogleSearch redirect virus notes





MiniToolBox by Farbar

Ran by Paul (administrator) on 04-07-2011 at 10:16:26

Windows 7 Professional Service Pack 1 (X86)



***************************************************************************





========================= IE Proxy Settings:==============================



Proxy is not enabled.

No Proxy Server is set.



========================= End of IE Proxy Settings========================

=============== Hosts content: ============================================



# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP forWindows.

#

# This file contains the mappings of IP addresses to hostnames. Each

# entry should be kept on an individual line. The IP addressshould

# be placed in the first column followed by thecorresponding host name.

# The IP address and the host name should be separated by atleast one

# space.

#

# Additionally, comments (such as these) may be inserted onindividual

# lines or following the machine name denoted by a '#'symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # sourceserver

# 38.25.63.10 x.acme.com # x client host



# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost



=============== End of Hosts==============================================



================= IP Configuration:=======================================



# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4



reset

set global icmpredirects=enabled





popd

# End of IPv4 configuration







Windows IP Configuration



Host Name . . . . .. . . . . . . : Paul-PC

Primary DnsSuffix . . . . . . . :

Node Type . . . . .. . . . . . . : Broadcast

IP Routing Enabled.. . . . . . . : No

WINS Proxy Enabled.. . . . . . . : No

DNS Suffix SearchList. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection:



Connection-specificDNS Suffix . : gateway.2wire.net

Description . . . .. . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet

Physical Address. .. . . . . . . : 00-23-54-B9-BC-63

DHCP Enabled. . . .. . . . . . . : Yes

AutoconfigurationEnabled . . . . : Yes

Link-local IPv6Address . . . . . : fe80::8573:26f2:8b70:9cff%10(Preferred)

IPv4 Address. . . .. . . . . . . : 192.168.1.113(Preferred)

Subnet Mask . . . .. . . . . . . : 255.255.255.0

Lease Obtained. . .. . . . . . . : Monday, July 04, 2011 9:35:25 AM

Lease Expires . . .. . . . . . . : Tuesday, July 05, 2011 9:35:25 AM

Default Gateway . .. . . . . . . : 192.168.1.254

DHCP Server . . . .. . . . . . . : 192.168.1.254

DHCPv6 IAID . . . . . . . . . . . : 234890068

DHCPv6 Client DUID.. . . . . . . : 00-01-00-01-15-70-80-11-00-23-54-B9-BC-63

DNS Servers . . . .. . . . . . . : 192.168.1.254

NetBIOS over Tcpip.. . . . . . . : Enabled



Tunnel adapter isatap.gateway.2wire.net:



Media State . . . .. . . . . . . : Media disconnected

Connection-specificDNS Suffix . : gateway.2wire.net

Description . . . .. . . . . . . : Microsoft ISATAP Adapter

Physical Address. .. . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . .. . . . . . . : No

AutoconfigurationEnabled . . . . : Yes



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specificDNS Suffix . :

Description . . . .. . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. .. . . . . . . : 00-00-00-00-00-00-00-E0

DHCP Enabled. . . .. . . . . . . : No

AutoconfigurationEnabled . . . . : Yes

IPv6 Address. . . .. . . . . . . : 2001:0:4137:9e76:23:10f0:9c4d:aea4(Preferred)

Link-local IPv6Address . . . . . : fe80::23:10f0:9c4d:aea4%12(Preferred)

Default Gateway . .. . . . . . . : ::

NetBIOS over Tcpip.. . . . . . . : Disabled

Server: homeportal

Address: 192.168.1.254



Name: google.com

Addresses: 74.125.115.104

74.125.115.99

74.125.115.103

74.125.115.106

74.125.115.105

74.125.115.147





Pinging google.com [74.125.93.106] with 32 bytes of data:

Reply from 74.125.93.106: bytes=32 time=40ms TTL=50

Reply from 74.125.93.106: bytes=32 time=39ms TTL=50



Ping statistics for 74.125.93.106:

Packets: Sent = 2,Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 39ms,Maximum = 40ms, Average = 39ms

Server: homeportal

Address: 192.168.1.254



Name: yahoo.com

Addresses: 69.147.125.65

72.30.2.43

98.137.149.56

209.191.122.70

67.195.160.76





Pinging yahoo.com [67.195.160.76] with 32 bytes of data:

Reply from 67.195.160.76: bytes=32 time=31ms TTL=50

Reply from 67.195.160.76: bytes=32 time=31ms TTL=50



Ping statistics for 67.195.160.76:

Packets: Sent = 2,Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms,Maximum = 31ms, Average = 31ms



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2,Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms,Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

10...00 23 54 b9 bc63 ......NVIDIA nForce 10/100 Mbps Ethernet

1...........................SoftwareLoopback Interface 1

11...00 00 00 00 0000 00 e0 Microsoft ISATAP Adapter

12...00 00 00 00 0000 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================



IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.113 20

127.0.0.0 255.0.0.0 On-link 127.0.0.1 306

127.0.0.1 255.255.255.255 On-link 127.0.0.1 306

127.255.255.255 255.255.255.255 On-link 127.0.0.1 306

192.168.1.0 255.255.255.0 On-link 192.168.1.113 276

192.168.1.113 255.255.255.255 On-link 192.168.1.113 276

192.168.1.255 255.255.255.255 On-link 192.168.1.113 276

224.0.0.0 240.0.0.0 On-link127.0.0.1 306

224.0.0.0 240.0.0.0 On-link 192.168.1.113 276

255.255.255.255 255.255.255.255 On-link 127.0.0.1 306

255.255.255.255 255.255.255.255 On-link 192.168.1.113 276

===========================================================================

Persistent Routes:

None



IPv6 Route Table

===========================================================================

Active Routes:

If Metric NetworkDestination Gateway

12 58 ::/0 On-link

1 306 ::1/128 On-link

12 58 2001::/32 On-link

12 306 2001:0:4137:9e76:23:10f0:9c4d:aea4/128

On-link

10 276 fe80::/64On-link

12 306 fe80::/64 On-link

12 306 fe80::23:10f0:9c4d:aea4/128

On-link

10 276 fe80::8573:26f2:8b70:9cff/128

On-link

1 306 ff00::/8On-link

12 306 ff00::/8 On-link

10 276 ff00::/8 On-link

[size="3"][/size][size="3"]===========================================================================[/size]

[size="3"][/size][size="3"]Persistent Routes:[/size]

[size="3"][/size] [size="3"]None[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]================= End of IP Configuration =================================[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]========================= Event log errors:===============================[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Application errors:[/size]

[size="3"][/size][size="3"]==================[/size]

[size="3"][/size][size="3"]Error: (07/03/2011 10:39:31 PM) (Source: Application Error)(User: )[/size]

[size="3"][/size][size="3"]Description: Faulting application name: jb862e63.exe,version: 1.0.15.15640, time stamp: 0x4de220a0[/size]

[size="3"][/size][size="3"]Faulting module name: jb862e63.exe, version: 1.0.15.15640,time stamp: 0x4de220a0[/size]

[size="3"][/size][size="3"]Exception code: 0xc0000005[/size]

[size="3"][/size][size="3"]Fault offset: 0x0000c676[/size]

[size="3"][/size][size="3"]Faulting process id: 0x5f4[/size]

[size="3"][/size][size="3"]Faulting application start time: 0xjb862e63.exe0[/size]

[size="3"][/size][size="3"]Faulting application path: jb862e63.exe1[/size]

[size="3"][/size][size="3"]Faulting module path: jb862e63.exe2[/size]

[size="3"][/size][size="3"]Report Id: jb862e63.exe3[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Error: (07/03/2011 10:27:49 PM) (Source: SideBySide) (User:)[/size]

[size="3"][/size][size="3"]Description: Activation context generation failed for"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".[/size]

[size="3"][/size][size="3"]Dependent AssemblyMicrosoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"could not be found.[/size]

[size="3"][/size][size="3"]Please use sxstrace.exe for detailed diagnosis.[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Error: (07/03/2011 10:08:43 PM) (Source: SideBySide) (User:)[/size]

[size="3"][/size][size="3"]Description: Activation context generation failed for"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".[/size]

[size="3"][/size][size="3"]Dependent AssemblyMicrosoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"could not be found.[/size]

[size="3"][/size][size="3"]Please use sxstrace.exe for detailed diagnosis.[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Error: (07/03/2011 09:55:06 AM) (Source: SideBySide) (User:)[/size]

[size="3"][/size][size="3"]Description: Activation context generation failed for"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".[/size]

[size="3"][/size][size="3"]Dependent AssemblyMicrosoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"could not be found.[/size]

[size="3"][/size][size="3"]Please use sxstrace.exe for detailed diagnosis.[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Error: (07/01/2011 04:33:54 PM) (Source: Application Hang)(User: )[/size]

[size="3"][/size][size="3"]Description: The program xnview.exe version 1.98.0.0 stoppedinteracting with Windows and was closed. To see if more information about theproblem is available, check the problem history in the Action Center controlpanel.[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Process ID: 864[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Start Time: 01cc37f5b29ff3a0[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Termination Time: 78[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Application Path: C:\Program Files\XnView\xnview.exe[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Report Id: 6aadc521-a421-11e0-a421-002354b9bc63[/size]

[size="3"][/size][size="3"] [/size]

[size="3"][/size][size="3"]Error: (06/30/2011 11:55:52 AM) (Source: SideBySide) (User:)[/size]

[size="3"][/size][size="3"]Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".[/size]

[size="3"][/size][font="Calibri"][size="3"]Dependent AssemblyMicrosoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"could not be found.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Please use sxstrace.exe for detailed diagnosis.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (06/29/2011 09:34:00 PM) (Source: SideBySide) (User:)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: Activation context generation failed for"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Dependent AssemblyMicrosoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"could not be found.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Please use sxstrace.exe for detailed diagnosis.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (06/29/2011 08:53:14 PM) (Source: Application Hang)(User: )[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: The program Explorer.EXE version 6.1.7601.17567stopped interacting with Windows and was closed. To see if more informationabout the problem is available, check the problem history in the Action Centercontrol panel.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Process ID: 740[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Start Time: 01cc36beaab163a0[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Termination Time: 60000[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Application Path: C:\Windows\Explorer.EXE[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Report Id: 28e93261-a2b3-11e0-9795-002354b9bc63[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (06/29/2011 08:51:24 PM) (Source: Application Hang)(User: )[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: The program Nero.exe version 0.0.0.0 stoppedinteracting with Windows and was closed. To see if more information about theproblem is available, check the problem history in the Action Center controlpanel.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Process ID: 1794[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Start Time: 01cc36bee69f8590[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Termination Time: 51652[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Application Path: C:\Program Files\Nero\Nero 10\Nero BurningROM\Nero.exe[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Report Id: ea345721-a2b2-11e0-9795-002354b9bc63[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (06/29/2011 08:17:51 PM) (Source: Application Hang)(User: )[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: The program DllHost.exe version 6.1.7600.16385stopped interacting with Windows and was closed. To see if more informationabout the problem is available, check the problem history in the Action Centercontrol panel.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Process ID: c54[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Start Time: 01cc36badf70fa50[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Termination Time: 60000[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Application Path: C:\Windows\system32\DllHost.exe[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Report Id: 339e04b1-a2ae-11e0-9cd8-002354b9bc63[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]System errors:[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]=============[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/04/2011 09:35:39 AM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 10[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/04/2011 09:35:39 AM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 256[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/04/2011 09:35:39 AM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 256[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/04/2011 09:35:39 AM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 9[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/03/2011 10:26:25 PM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 256[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/03/2011 10:26:25 PM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 256[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/03/2011 10:26:25 PM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 256[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/03/2011 09:49:22 AM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 256[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/03/2011 09:49:22 AM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 256[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error: (07/03/2011 09:49:22 AM) (Source:Microsoft-Windows-WHEA-Logger) (User: LOCAL SERVICE)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Description: A fatal hardware error has occurred.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Reported by component: Processor Core[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Source: 3[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Error Type: 9[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Processor ID: 1[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The details view of this entry contains further information.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Microsoft Office Sessions:[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]=========================[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]========================= End of Event log errors========================= [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]========================= Memory info:====================================[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Percentage of memory in use: 58%[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Total physical RAM: 1919.3 MB[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Available physical RAM: 801.93 MB[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Total Pagefile: 3838.61 MB[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Available Pagefile: 2436.52 MB[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Total Virtual: 2047.88 MB[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Available Virtual: 1947 MB[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]======================= Partitions:=======================================[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]2 Drive c: () (Fixed) (Total:58.5 GB) (Free:34.78 GB) NTFS[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]3 Drive d: (SysBackup) (Fixed) (Total:39.06 GB) (Free:21.84GB) NTFS[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]4 Drive e: (Data) (Fixed) (Total:872.92 GB) (Free:742.45 GB)NTFS[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]5 Drive f: (DataBackup) (Fixed) (Total:109.99 GB)(Free:37.05 GB) NTFS[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]6 Drive g: (Work Pics) (CDROM) (Total:0.06 GB) (Free:0 GB)CDFS[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]================= Users:================================================== [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]User accounts for \\PAUL-PC[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]-------------------------------------------------------------------------------[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Administrator [/size][size="3"]Guest[/size] [size="3"]Paul[/size] [/font]

[font="Times New Roman"][size="3"][/size][/font][size="3"][font="Calibri"]UpdatusUser [/font][/size]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]The command completed successfully.[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]================= End of Users============================================[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]GooredFix by jpshortstuff (03.07.10.1)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Log created at 10:20 on 04/07/2011 (Paul)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]Firefox version 5.0 (en-US)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]========== GooredScan ==========[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]========== GooredLog ==========[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]C:\Program Files\Mozilla Firefox\extensions\[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:55 23/06/2011][/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [20:03 01/06/2011][/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [13:06 23/06/2011][/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]C:\Users\Paul\Application Data\Mozilla\Firefox\Profiles\k70paqk9.default\extensions\[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]{3112ca9c-de6d-4884-a869-9855de68056c} [02:26 03/06/2011][/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"][HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions][/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"](none)[/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"] [/size][/font]

[font="Times New Roman"][size="3"][/size][/font][font="Calibri"][size="3"]-=E.O.F=-[/size][/font]

[font="Times New Roman"][size="3"][/size][/font]

#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:22 PM

Posted 04 July 2011 - 11:35 AM

I still need GooredFix log.

Happy 4th!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#10 pnut

pnut
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 July 2011 - 11:49 AM

Not sure what else it should look like, but this is all I get:



GooredFix by jpshortstuff (03.07.10.1)
Log created at 12:48 on 04/07/2011 (Paul)
Firefox version 5.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:55 23/06/2011]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [20:03 01/06/2011]
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [13:06 23/06/2011]

C:\Users\Paul\Application Data\Mozilla\Firefox\Profiles\k70paqk9.default\extensions\
{3112ca9c-de6d-4884-a869-9855de68056c} [02:26 03/06/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
(none)

---------- Old Logs ----------
GooredFix[14.20.46_04-07-2011].txt
GooredFix[14.21.21_04-07-2011].txt

-=E.O.F=-



#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:22 PM

Posted 04 July 2011 - 12:04 PM

Looks clean as well.

1. Please check if you have same redirection in IE.

2. Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode).
If you're using Firefox 4, go [b]Help>Restart Firefox with Add-ons Disabled.
Same issue?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#12 pnut

pnut
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 July 2011 - 12:27 PM

Hi Broni. Well, as I mentioned earlier, "...I just tried an IE Google search and opened about 10 links with no redirects (but please don't completely rely on that, because redirects occur very sporadically in Firefox)."

I can try running Firefox in Safe Mode for you, but

a.) I have 5.0 = same procedure?

b.) because the problem is so sporadic, what would constitute a satisfactory effort for you?

Also, can you PLEASE provide some direct feedback on my original posts now? Am I possibly on to something, or barking up the wrong tree? I would really like your thoughts on why my system crashed - was it a coincedence or possibly intentional that it happened while googling "cpcadnet"? Is there any known info available about this thing being malicious or connected to other infections (like Windows 7 Repair)? Is there anyone else you can escalate this to that may have more knowledge on it?

Thanks.

Edited by pnut, 04 July 2011 - 12:27 PM.


#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:22 PM

Posted 04 July 2011 - 12:34 PM

As I said, so far, I don't see anything malicious.
On a top of it, if IE seems to be fine, I suspect it may be just FF problem.

Same procedure in FF5.
You can run it in "no add-ons" mode for a whole day and see how it goes.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 pnut

pnut
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:22 AM

Posted 04 July 2011 - 01:56 PM

OK, will do and let you know. And I agree that it probably is a Firefox problem, which seems consistent with all your other members who have posted with the same issue. Can you please escalate this now as well (and/or please advise on my options to do so)? No offense toward you at all - I really think this problem may be a lot bigger than just me, and would still like my posts addressed clearly and directly by someone further up the chain at this point. Again, no offense.

Thanks for all your time so far, and please go enjoy some Independence Day burgers and beers!

Edited by pnut, 04 July 2011 - 01:58 PM.


#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:22 PM

Posted 04 July 2011 - 02:03 PM

You can always create new topic in malware removal forum, but there is 5-7 days wait, so....it's up to you.
For now, run FF with no add-ons for a while and see how it goes.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users