Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect/Security Shield self-download


  • This topic is locked This topic is locked
11 replies to this topic

#1 Berley

Berley

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 17 July 2012 - 05:16 PM

I have been fighting a nasty bit of malware for more than a week now and am at a loss as to how to fix it. It started when I was surfing the web and noticed a redirect of a Google link. Thinking I hadn't clicked where I intended to, I went back and tried again and that time it worked. This happened a couple more times over the day (very intermittent). Then when I clicked on a Wikipedia link, I not only got redirected, all of a sudden I got an alert telling me that Security Shield had been successfully installed.

I immediately closed all my windows and ran a deep virus scan. Nothing.

But the Google redirects continue on an intermittent basis. Usually related to something with sales potential. "Laptop reviews" will usually redirect at least once, but "coat of arms" didn't.

So something is still there. I've run more than 15 (yes, 15) different antivirus/malware scans. Sophos located and fixed "Mal/EncPK-ZC." GMER freezes and gives me a BSOD. No other program has found anything. Yet the redirects continue. So far, only in Google.

This is not a particularly new computer, so I may simply start over. But if I can prolong its life a bit, that would be fab. Any advice is welcome. Preliminary log results are below. Thanks!



Farbar Service Scanner Version: 08-07-2012
Ran by Offi ce Depot (administrator) on 16-07-2012 at 21:24:45
Running from "C:\Users\Kimberly\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-09 18:55] - [2012-03-30 05:39] - 0905600 ____A (Microsoft Corporation) 27D470DABC77BC60D0A3B0E4DEB6CB91

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll
[2009-07-16 20:51] - [2009-04-10 23:28] - 0334848 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****


MiniToolBox by Farbar Version: 15-07-2012
Ran by Offi ce Depot (administrator) on 16-07-2012 at 21:35:36
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add address name="Local Area Connection" address=192.168.0.1


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : KGLaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-1B-77-65-F1-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2811:2eab:b437:6919%9(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, July 16, 2012 8:34:20 PM
Lease Expires . . . . . . . . . . : Tuesday, July 17, 2012 8:34:21 PM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 234887390
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-0B-FC-C1-00-1B-24-56-C9-14
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-1B-24-56-C9-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 14:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5F65C9C6-74BA-41CE-927B-79616BFA11A0}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{5D397078-D39D-4699-93C7-15D8C45D702E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 10.0.0.1

Name: google.com
Addresses: 2607:f8b0:400a:800::1003
173.194.33.14
173.194.33.4
173.194.33.2
173.194.33.1
173.194.33.8
173.194.33.3
173.194.33.7
173.194.33.6
173.194.33.5
173.194.33.0
173.194.33.9

Pinging google.com [173.194.33.9] with 32 bytes of data:Reply from 173.194.33.9: bytes=32 time=13ms TTL=55Reply from 173.194.33.9: bytes=32 time=12ms TTL=55Ping statistics for 173.194.33.9: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 12ms, Maximum = 13ms, Average = 12msServer: UnKnown
Address: 10.0.0.1

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=134ms TTL=48Reply from 98.139.183.24: bytes=32 time=121ms TTL=47Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 121ms, Maximum = 134ms, Average = 127msServer: UnKnown
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
9 ...00 1b 77 65 f1 76 ...... Intel® PRO/Wireless 3945ABG Network Connection
8 ...00 1b 24 56 c9 14 ...... Intel® PRO/100 VE Network Connection
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
16 ...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #3
18 ...00 00 00 00 00 00 00 e0 isatap.{5F65C9C6-74BA-41CE-927B-79616BFA11A0}
21 ...00 00 00 00 00 00 00 e0 isatap.{5D397078-D39D-4699-93C7-15D8C45D702E}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.12 25
10.0.0.0 255.255.255.0 On-link 10.0.0.12 281
10.0.0.12 255.255.255.255 On-link 10.0.0.12 281
10.0.0.255 255.255.255.255 On-link 10.0.0.12 281
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.12 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.12 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 281 fe80::/64 On-link
9 281 fe80::2811:2eab:b437:6919/128
On-link
1 306 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/16/2012 08:36:54 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/16/2012 08:11:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b6daf142-dffd-4df5-bf64-8140f36b877f}

Error: (07/16/2012 06:25:22 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/15/2012 07:38:50 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/14/2012 11:13:31 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/14/2012 09:44:57 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/14/2012 05:10:10 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: -1032

Error: (07/14/2012 05:10:09 PM) (Source: ESENT) (User: )
Description: Catalog Database (1480) Catalog Database: An attempt to open the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (07/14/2012 05:07:38 PM) (Source: MsiInstaller) (User: KGLAPTOP)KGLAPTOP
Description: Product: Java™ SE Runtime Environment 6 -- Error 1606.Could not access network location 0.

Error: (07/14/2012 05:07:36 PM) (Source: MsiInstaller) (User: KGLAPTOP)KGLAPTOP
Description: Product: Java™ SE Runtime Environment 6 -- Error 1606.Could not access network location 0.


System errors:
=============
Error: (07/16/2012 08:35:05 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (07/16/2012 08:31:00 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (07/16/2012 08:27:37 PM) (Source: ipnathlp) (User: )
Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Error: (07/16/2012 07:47:16 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/16/2012 07:47:15 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, is not ready for access yet.

Error: (07/16/2012 06:29:02 PM) (Source: Service Control Manager) (User: )
Description: VIPRE Internet Security

Error: (07/16/2012 06:28:46 PM) (Source: DCOM) (User: )
Description: {FE7E09CE-BBF4-4698-8BC1-37C9002DAA43}

Error: (07/16/2012 06:24:49 PM) (Source: Service Control Manager) (User: )
Description: Intuit Update Service%%1053

Error: (07/16/2012 06:24:49 PM) (Source: Service Control Manager) (User: )
Description: 30000Intuit Update Service

Error: (07/16/2012 06:22:25 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (01/02/2010 10:31:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 31783 seconds with 120 seconds of active time. This session ended with a crash.

Error: (12/31/2009 00:09:46 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8110 seconds with 3780 seconds of active time. This session ended with a crash.

Error: (09/06/2008 11:22:23 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1084. This session lasted 2475 seconds with 1740 seconds of active time. This session ended with a crash.

Error: (07/15/2008 06:49:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2624 seconds with 420 seconds of active time. This session ended with a crash.

Error: (05/23/2008 09:49:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 52805 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/13/2008 07:54:47 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 41662 seconds with 1920 seconds of active time. This session ended with a crash.

Error: (01/20/2008 05:21:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 856367 seconds with 420 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader 9.5.1 (Version: 9.5.1)
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Canon MP160
Chicken Invaders 2 - Christmas Edition
Chicken Invaders v1.30
CIF USB Camera (Version: 1.0.0.2)
Conexant HD Audio
ESU for Microsoft Vista (Version: 2.0.1.1)
Facebook Plug-In
GearDrvs (Version: 5.0.0.2)
Google Update Helper (Version: 1.3.21.115)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Active Support Library 32 bit components (Version: 1.0.9)
HP Customer Experience Enhancements (Version: 5.1.0.2278)
HP Doc Viewer (Version: 1.01.0005)
HP Easy Setup - Frontend (Version: 5.1.0.2279)
HP Help and Support (Version: 2.0.10.0)
HP Pavilion Webcam Driver for Vista v061.001.00005 (Version: 061.001.00005)
HP Photosmart Essential 2.0 (Version: 2.0)
HP Photosmart Essential2.5 (Version: 1.00.0000)
HP Quick Launch Buttons 6.20 B1 (Version: 6.20 B1)
HP QuickPlay 3.6
HP RC Mirror Driver (Version: 1.0.0.0)
HP Total Care Advisor (Version: 1.1.19)
HP Update (Version: 4.000.011.006)
HP User Guides 0082 (Version: 1.01.0001)
HP Wireless Assistant (Version: 3.00 K2)
HPAsset component for HP Active Support Library (Version: 3.0.0.7)
HPNetworkAssistant (Version: 1.1.70)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
iTunes (Version: 10.6.1.7)
iTunes Agent 1.3.4
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 31 (Version: 6.0.310)
Java™ 6 Update 5 (Version: 1.6.0.50)
Java™ 6 Update 7 (Version: 1.6.0.70)
LightScribe System Software 1.10.19.1 (Version: 1.10.19.1)
LightScribe Template Labeler (Version: 1.10.16.1)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Expression Studio 2 (Version: 2.0.133.0)
Microsoft Expression Web 2 (Version: 12.0.4518.1084)
Microsoft Expression Web 2 MUI (English) (Version: 12.0.4518.1084)
Microsoft IntelliPoint 6.3 (Version: 6.30.191.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Works (Version: 08.05.0818)
MobileMe Control Panel (Version: 3.1.5.0)
Move Networks Media Player for Internet Explorer
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
MS Word Word Count & Frequency Statistics Software
MSCU for Microsoft Vista (Version: 1.0.1.1)
MSN
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My HP Games (Version: HPLAP0503)
Nero BackItUp 2 Essentials (Version: 7.03.1238)
neroxml (Version: 1.0.0)
Norton Security Suite (Version: 5.2.2.3)
PSSWCORE (Version: 2.00.5000)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer (Version: 15.0.4)
RealUpgrade 1.1 (Version: 1.1.0)
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.4.0)
Roxio Creator Basic v9 (Version: 3.4.0)
Roxio Creator Copy (Version: 3.4.0)
Roxio Creator Data (Version: 3.4.0)
Roxio Creator EasyArchive (Version: 3.4.0)
Roxio Creator Tools (Version: 3.4.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.0.551)
Sophos Virus Removal Tool (Version: 2.1)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
TurboTax 2008
TurboTax 2008 WinPerFedFormset (Version: 008.000.0324)
TurboTax 2008 WinPerProgramHelp (Version: 008.000.0214)
TurboTax 2008 WinPerReleaseEngine (Version: 008.000.0169)
TurboTax 2008 WinPerTaxSupport (Version: 008.000.0969)
TurboTax 2008 WinPerUserEducation (Version: 008.000.0412)
TurboTax 2008 wrapper (Version: 008.000.0063)
TurboTax 2009
TurboTax 2009 WinPerFedFormset (Version: 009.000.1925)
TurboTax 2009 WinPerReleaseEngine (Version: 009.000.0316)
TurboTax 2009 WinPerTaxSupport (Version: 009.000.0234)
TurboTax 2009 wrapper (Version: 009.000.0145)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.3441)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0414)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0199)
TurboTax 2010 wrapper (Version: 010.000.0157)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Detect
Yahoo! Toolbar for Internet Explorer

========================= Devices: ================================

Name: Simplo Webcam
Description: Simplo Webcam
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sonix
Service: SNP2UVC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 1013.31 MB
Available physical RAM: 223.89 MB
Total Pagefile: 2573.66 MB
Available Pagefile: 1428.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.32 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:140.92 GB) (Free:62.2 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:8.13 GB) (Free:1.27 GB) NTFS

========================= Users: ========================================

User accounts for \\KGLaptop

Administrator Guest Offi ce Depot


**** End of log ****



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-16 22:35:40
-----------------------------
22:35:40.020 OS Version: Windows 6.0.6002 Service Pack 2
22:35:40.020 Number of processors: 2 586 0xE0C
22:35:40.021 ComputerName: KGLaptop UserName:
22:36:10.491 Initialize success
22:37:27.522 AVAST engine defs: 12071601
22:37:56.917 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
22:37:56.920 Disk 0 Vendor: FUJITSU_MHW2160BH_PL 891F Size: 152627MB BusType: 3
22:37:56.942 Disk 0 MBR read successfully
22:37:56.946 Disk 0 MBR scan
22:37:57.070 Disk 0 unknown MBR code
22:37:57.074 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 144302 MB offset 63
22:37:57.106 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8322 MB offset 295531740
22:37:57.116 Disk 0 scanning sectors +312576705
22:37:57.232 Disk 0 scanning C:\Windows\system32\drivers
22:38:18.422 Service scanning
22:39:03.895 Modules scanning
22:39:16.793 Disk 0 trace - called modules:
22:39:16.814 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
22:39:16.837 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84d10340]
22:39:16.843 3 CLASSPNP.SYS[86da28b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8416c030]
22:39:18.815 AVAST engine scan C:\Windows
22:39:25.305 AVAST engine scan C:\Windows\system32
22:44:29.782 AVAST engine scan C:\Windows\system32\drivers
22:44:54.595 AVAST engine scan C:\Users\Offi ce Depot
23:36:46.319 AVAST engine scan C:\ProgramData
23:43:23.230 Scan finished successfully
06:39:19.393 Disk 0 MBR has been saved successfully to "C:\Users\Kimberly\Desktop\MBR.dat"
06:39:20.149 The log file has been saved successfully to "C:\Users\Kimberly\Desktop\aswMBR.txt"


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.17.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Offi ce Depot :: KGLaptop [administrator]

7/16/2012 9:47:16 PM
mbam-log-2012-07-16 (21-47-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316854
Time elapsed: 44 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 17 July 2012 - 08:34 PM

Welcome aboard Posted Image

Which browser is affected?

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 17 July 2012 - 09:18 PM

Sorry -- should have thought of that. I've only noticed it in Firefox 13.0.1. I've tried to reproduce it in IE 7 but no dice. (Yeah, can you tell I never use/update IE?)

Thanks!

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 17 July 2012 - 09:36 PM

Uninstall Firefox completely using this guide: http://kb.mozillazine.org/Uninstalling_Firefox
Do NOT skip any steps.
If you want to backup some stuff like bookmarks and passwords use MozBackup: http://mozbackup.jasnapaka.com/
Install fresh copy and see how it goes.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#5 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 17 July 2012 - 10:32 PM

Will I jinx it if I think it worked? I had uninstalled and reinstalled firefox before, but not done the extra steps.

So far, so good. As it has been an intermittent problem, I can't say for sure. But that just might have done it! I hope so. Thanks!!!

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 17 July 2012 - 10:36 PM

Keep me posted.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#7 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 20 July 2012 - 07:55 PM

Alas, the problem has returned. I ran a search on Google for "portable generator" and clicked on a result that should have taken me to a camping magazine article, and instead was redirected to a sales site.

Although this should be unrelated, I have noticed a correlation with one of my bookmarks. It is to a blog with its own URL. For some reason, it stops loading properly when the Google redirect thing happens. That's how I knew to go try Google -- I clicked on my bookmark and it didn't load. It was working fine earlier today.

Since my last post, the only thing I've done on this machine other than surf is allow Windows Update to run. There were 9 "important" updates. I let it hibernate last night instead of shutting down, and this morning I did get a BSOD. Well, actually, it was black. It rebooted and it ran a CHKDSK, rebooted again, and seemed fine.

Any additional steps I can try? Any help would be appreciated. Thanks!

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 20 July 2012 - 08:13 PM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 20 July 2012 - 08:15 PM

When I did a Google search for "portable generator," the result I chose was to:
www.campingworld.com/category/portable-generators/623

When I hover over that result, the link that actually shows at the bottom of the screen reads
173.214.255.227/feed?go.php?id=9f5fd502-e86e-4728-9c16-e51ffacc9ca4&sid=e9b651c7b44f1167b0e5eac83610f21b&n=n-6&tid=7147760434435136635&s=3482&o=http://ssengine.com/search?q=portable+generator

Clicking on that campingworld result actually says it redirects to
click.findsearchengineresults.com/ads-clicktrack/click/jump1.do?sid=elTzRZQ8T%2Biwq0cvYaxdWFRCWzpoGPJVI4iOx13nHAE%3D&AFFILIATE=48640&subid=10105&rc=0&terms=portable%20generator

And that redirect goes to
63.209.69.107/search/web/portable+generator/a22/48640-10105/v5

Thanks.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:24 PM

Posted 20 July 2012 - 08:17 PM

Please read my previous reply.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 Berley

Berley
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 20 July 2012 - 08:21 PM

Thanks. Will do.

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,049 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:01:24 AM

Posted 21 July 2012 - 12:29 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic461684.htmlyou should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users