Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • Please log in to reply
11 replies to this topic

#1 pumpkinhead

pumpkinhead

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 12 May 2009 - 09:58 PM

Hello! I have a/the Google redirect virus and possibly some other issues.

What I've noticed:
- when I click on a link from Google, the address bar at the bottom will often say "Waiting for google-redirect.com" or "Waiting for tebe.us" before redirecting me to some other website.
- links on some other sites will exhibit the redirecting behavior, too.
- when I start my computer, I get a popup blank window that says "Advertising" in the title bar, and an error message that says "Error loading nasijuye.dll"
- I can't click on any of the links in Hotmail for individual messages.
- I think it disabled my virus protection - but it looks like it's back on now.

Thank you in advance for any help!

Here's my log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by dunnkath at 22:36:58.28 on Tue 05/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.759.405 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\dunnkath.PC2609\Application Data\ptidle\ptidle.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Documents and Settings\dunnkath.PC2609\Desktop\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uDefault_Page_URL = hxxp://www.grinnell.edu
mDefault_Page_URL = hxxp://www.grinnell.edu
uInternet Connection Wizard,ShellNext = hxxp://www.grinnell.edu/
uInternet Settings,ProxyOverride = *.local
BHO: CPV: {15421b84-3488-49a7-ad18-cbf84a3efaf6} - c:\program files\wwshow\WWShow.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: {ae7fd55c-7bec-4313-b5a6-53573283335d} - c:\windows\system32\ratikolo.dll
BHO: Jcore class: {d88e1558-7c2d-407a-953a-c044f5607cea} - c:\program files\jcore\Jcore2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ptidle] "c:\documents and settings\dunnkath.pc2609\application data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [autochk] rundll32.exe c:\docume~1\networ~1\protect.dll,_IWMPEvents@16
uRun: [Twain] c:\documents and settings\dunnkath.pc2609\application data\twain\Twain.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [hedifamuyu] Rundll32.exe "c:\windows\system32\nasijuye.dll",s
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
dRun: [autochk] rundll32.exe c:\windows\system32\config\system~1\protect.dll,_IWMPEvents@16
mExplorerRun: [Lsass Service] c:\documents and settings\dunnkath.pc2609\application data\microsoft\windows\lsass.exe
StartupFolder: c:\documents and settings\dunnkath.pc2609\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\dunnka~1.pc2\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-system: SetVisualStyle =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: amaena.com
Trusted Zone: onerateld.com
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxp://antivirus.grinnell.edu/officescan/console/ClientInstall/WinNTChk.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxp://antivirus.grinnell.edu/officescan/console/ClientInstall/setup.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxp://antivirus.grinnell.edu/officescan/console/html/AtxEnc.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxp://antivirus.grinnell.edu/officescan/console/ClientInstall/RemoveCtrl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193234503605
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxps://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193234494372
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: KATRACK.DLL,c:\windows\system32\hironuyu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dunnka~1.pc2\applic~1\mozilla\firefox\profiles\0usm9uc9.default\
FF - prefs.js: browser.startup.homepage - hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1223641124&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
FF - component: c:\program files\mozilla firefox\components\WWShow.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-6-2 161392]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-1-16 161064]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090502.002\naveng.sys [2009-5-2 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090502.002\navex15.sys [2009-5-2 876144]
S3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-6-2 185968]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-6-2 83568]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-6-23 124608]
S3 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-6-23 1715904]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

=============== Created Last 30 ================

2009-05-12 18:00 <DIR> --d----- c:\program files\Seagate
2009-05-12 18:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Seagate
2009-05-12 17:58 <DIR> --dsh--- c:\windows\ftpcache
2009-05-09 11:58 <DIR> --d----- c:\windows\system32\KB905474
2009-05-06 18:44 0 a---h--- c:\windows\system32\BITA01.tmp
2009-05-06 18:44 2,713 ---sh--- c:\windows\system32\doyuzusa.exe
2009-05-06 17:41 <DIR> --d----- c:\docume~1\dunnka~1.pc2\applic~1\Twain
2009-05-06 17:37 24,064 a--sh--- c:\documents and settings\dunnkath.pc2609\protect.dll
2009-05-06 17:37 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-06 17:37 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-06 17:36 <DIR> --d----- c:\program files\WWShow
2009-05-06 17:31 <DIR> --d----- c:\program files\Jcore
2009-05-06 03:43 2,713 ---sh--- c:\windows\system32\jeyifoba.exe
2009-05-06 00:38 43 a------- c:\windows\system32\ovfsthkvuwgjrxokstpdcifonmnchukoowcecn.dat
2009-05-06 00:37 <DIR> --d----- c:\docume~1\dunnka~1.pc2\applic~1\ptidle
2009-05-06 00:37 147,411 a------- c:\windows\system32\ovfsthpyvodrthdmtrpuwsqxamdpyrpxoebsik.dat
2009-04-27 21:50 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-27 21:48 <DIR> --d--r-- c:\program files\Skype
2009-04-17 21:18 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-16 22:18 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
2009-04-16 22:18 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
2009-04-16 22:18 110,592 -c------ c:\windows\system32\dllcache\services.exe
2009-04-16 22:18 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
2009-04-16 22:18 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 22:18 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 22:18 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 22:18 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
2009-04-16 22:17 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
2009-04-14 22:39 <DIR> --d----- c:\program files\iPod
2009-04-14 22:37 <DIR> --d----- c:\program files\iTunes
2009-04-14 22:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-14 22:29 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2001-05-21 13:46 198,656 a------- c:\program files\Comdlg32.ocx
2008-09-28 17:14 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092820080929\index.dat

============= FINISH: 22:38:05.73 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:33 PM

Posted 19 May 2009 - 06:26 PM

Hello pumpkinhead,

You have the latest Java™ 6 Update 13 but you need to
uninstall these old versions of Java,
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 5
Java™ 6 Update 7



Please download Malwarebytes' Anti-Malware from one of these places:
http://download.cnet.com/Malwarebytes-Anti...&tag=button
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/mbam/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply .

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please download GooredFix and save it to your Desktop.
Double-click Goored.exe to run it. Select 1.
Find Goored (no fix)
by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

Edited by SifuMike, 19 May 2009 - 06:29 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 pumpkinhead

pumpkinhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 19 May 2009 - 10:37 PM

Hi SifuMike, thanks for your help.

I removed the extra Java listings using Add/Remove Programs.

Then I downloaded and ran the two programs you asked for. Here are the logs:



-------Malwarebytes------------------


Malwarebytes' Anti-Malware 1.36
Database version: 2156
Windows 5.1.2600 Service Pack 3

5/19/2009 11:19:53 PM
mbam-log-2009-05-19 (23-19-53).txt

Scan type: Quick Scan
Objects scanned: 118573
Time elapsed: 27 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 23
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ae7fd55c-7bec-4313-b5a6-53573283335d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ae7fd55c-7bec-4313-b5a6-53573283335d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
KHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prnet (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_CPV.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hedifamuyu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Lsass Service (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\dunnkath.PC2609\Application Data\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Application Data\NI.GSCNS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Application Data\Twain (Trojan.Matcash) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\autochk.dll (Worm.Autorun) -> Delete on reboot.
C:\Documents and Settings\NetworkService\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Program Files\Jcore\Jcore2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Local Settings\Temp\ovfsthbuwmxtivbd.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Local Settings\Temp\ovfsthptuiqooqxp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\msb.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\protect.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\Components\WWShow.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Start Menu\Programs\Startup\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Application Data\NI.GSCNS\dl.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Application Data\NI.GSCNS\settings.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovfsthkvuwgjrxokstpdcifonmnchukoowcecn.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ovfsthpyvodrthdmtrpuwsqxamdpyrpxoebsik.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\dunnkath.PC2609\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.



---------------Gooredfix-------------------


GooredFix v1.92 by jpshortstuff
Log created at 23:31 on 19/05/2009 running Option #1 (dunnkath)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{68015375-6803-48B8-872B-56BAD759497F}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:33 PM

Posted 19 May 2009 - 10:53 PM

Hi pumpkinhead,

Your very welcome. :thumbup2:

Please double-click GooredFix.exe on your Desktop to run it. Select 2.
Fix Goored
by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.
Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Reboot your computer and see if the redirection is gone.

Edited by SifuMike, 19 May 2009 - 10:55 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 pumpkinhead

pumpkinhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 20 May 2009 - 04:48 PM

It looks like the Google redirects are gone, thanks! I'm still not able to click on links in Hotmail and I think my virus protection is off, though.

Here is the Goored log:

GooredFix v1.92 by jpshortstuff
Log created at 17:30 on 20/05/2009 running Option #2 (dunnkath)
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{68015375-6803-48B8-872B-56BAD759497F}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:33 PM

Posted 20 May 2009 - 04:55 PM

I think my virus protection is off, though.


Reinstall it.


Please disable any running anti-virus program before running Kaspersky Online Scanner.
If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Close any open browsers

Please do a scan with Kaspersky Online Scanner

You can refer to this animation by sundavis.


Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
This scanner will only scan. It does not remove any malware it finds.



I'm still not able to click on links in Hotmail



Sorry, I know nothing about Hotmail so I cant help you with that. :thumbup2:
Try one of our other forums.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 pumpkinhead

pumpkinhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 21 May 2009 - 04:43 PM

I uninstalled my Symantec and haven't been able to redownload it yet (get it free from my workplace), but I'm working on that.

Here are the Kapersky scan results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, May 21, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, May 21, 2009 03:51:03
Records in database: 2207669
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 81494
Threat name: 2
Infected objects: 37
Suspicious objects: 0
Duration of the scan: 03:16:31


File name / Threat name / Threats count
C:\Documents and Settings\dunnkath\Application Data\Sun\Java\Deployment\cache\javaws\http\Dus.meetnow.marratech.com\P80\DM976.1\DMwindows\DMnative\RMvnc.dll.jar Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 2
C:\Documents and Settings\dunnkath\Application Data\Sun\Java\Deployment\cache\javaws\http\Dus.meetnow.marratech.com\P80\DM976.1\DMwindows\DMnative\RNvnc.dll.jar\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Documents and Settings\dunnkath\Application Data\Sun\Java\Deployment\cache\javaws\http\Dus.meetnow.marratech.com\P80\DM976.1\DMwindows\DMnative\RNvnc.dll.jar\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A3F90FHS\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A3F90FHS\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A3F90FHS\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A3F90FHS\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A3F90FHS\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A3F90FHS\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A3F90FHS\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCA3B1CFR.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCA6WOEOW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCA724R93.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCA7O0BZK.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCA8XAV24.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCA8YO7PJ.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCAHBOSN6.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCAL6IUXL.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCALRFNYD.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCAR5G7ZH.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCARK0BGN.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCAV2KHNW.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCAWTBY5U.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCAXEKOAR.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\acCAYAND7H.htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[10].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[11].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[3].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[4].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[5].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[6].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[7].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[8].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NNG6IITH\ac[9].htm Infected: Trojan-Downloader.JS.Agent.cnn 1

The selected area was scanned.

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:33 PM

Posted 21 May 2009 - 05:08 PM

Hi,


I uninstalled my Symantec and haven't been able to redownload it yet (get it free from my workplace), but I'm working on that.


You need an antivirus active while you brownse the net. I suggest you downlaod
AntiVir until you get Symantec from your work.

Remember NOT to run two antivirus programs at the same time, as it will slow you system and cause false alarms.



Kaspersky found viruses in your temp files, so we will empy those.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

How is your computer running?

Edited by SifuMike, 21 May 2009 - 05:11 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 pumpkinhead

pumpkinhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 21 May 2009 - 05:31 PM

I got AntiVir installed. Thanks for the suggestion.

I ran ATF Cleaner. Things look good! Even the problem I had with my Hotmail has been resolved.

Is there anything else I need to do? Can I get rid of some of these programs you had me download?

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:33 PM

Posted 21 May 2009 - 05:45 PM

Hi pumpkinhead,

Next we do the program clean up. :)

Delete Gooredfix from your deskop.

I recommend you leave ATF Cleaner as that is a good temp file cleaner, and MalwareBytes, as that is a great malware removal tool.



Please read and follow

Simple and easy ways to keep your computer safe and secure on the Internet
as well
Groovicus' Guide to Simple PC Security to help keep yourself from becoming infected again, as well as
How did I get infected?, With steps so it does not happen again!
as well as
How to prevent Malware' by miekiemoes

If you want to improve speed/system performance after malware removal, take a look here.


Now your good to go. :thumbup2:
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 pumpkinhead

pumpkinhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 21 May 2009 - 05:51 PM

Thanks very much for your help and all the great information! There is always more to learn, but it's nice to have a good place to start.

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:08:33 PM

Posted 21 May 2009 - 07:13 PM

You're most welcome. :) And I thank you for taking the time to say thank you! It's amazing just how far those two little words go. :thumbup2:
Regards,
SifuMike
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users