Google Redirect Virus --need help

April 29, 2009 at 20:30:34
Specs: Windows XP
Hi. My Dell XPS 400 has somehow fallen to the Google Redirect Virus. Can someone help me rid my CPU of this crap.

See More: Google Redirect Virus --need help

Report •


#1
April 30, 2009 at 03:25:26
You need to download and run an anti-malware program. There is one from the Windows site or there is also Malware Bytes. Please see post 2 in this post for more information:

http://www.computing.net/answers/se...


Report •

#2
April 30, 2009 at 04:23:40
I have run Malware Bytes and VIPRE. Both didn't finish it off. Should I post a Hijack This log?

Report •

#3
April 30, 2009 at 16:35:59
Can someone help me get rid of this?

Report •

Related Solutions

#4
April 30, 2009 at 16:51:52
Please post your Hijack This log.

Report •

#5
April 30, 2009 at 16:59:21
Here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:59 PM, on 4/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Kwabena\LOCALS~1\Temp\clclean.0001
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Rhapsody\rhapsody.exe
C:\Program Files\Rhapsody\rhaphlpr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Creative MediaSource Go] "C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Kwabena\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\mnesb87co.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\mnesb87co.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1245640046.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\mnesb87co.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/g...
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - (no file)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IntelĀ® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7589 bytes


Report •

#6
April 30, 2009 at 17:53:48
Your java is out of date and may have been exploited.
Download the latest version of java from this link Java
Click on the JRE 6 Update 13 download button.
Check the box that says: "Accept License Agreement". The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java. Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the "coffee cup" icon next to it.
Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to toolb.exe> click save.

Combofix is a powerful tool so follow the instructions exactly or you could damage your computer.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

In your case to run Combofix do the following:
1. Go offline turn off your Sunbelt antivirus, Comodo firewall and any other antispyware that you may have.
2. Run Combofix by double clicking the toolb.exe icon on your desktop and save its log.
3. Restart the computer to get the antivirus running again but leave the antispyware programs off until we get the computer cleaned.
4. Post the Combofix log.


Remember to re-enable the protection again afterwards before connecting to the Internet.


Report •

#7
April 30, 2009 at 19:13:23
ComboFix 09-04-30.05 - Kwabena 04/30/2009 22:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.691 [GMT -4:00]
Running from: c:\documents and settings\Kwabena\Desktop\toolb.exe
AV: Sunbelt VIPRE *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kwabena\protect.dll
c:\documents and settings\Kwabena\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Kwabena\Start Menu\Programs\Startup\ChkDisk.lnk
c:\documents and settings\LocalService\protect.dll
c:\documents and settings\Mom\protect.dll
c:\documents and settings\Mom\Start Menu\Programs\Startup\ChkDisk.dll
c:\documents and settings\Mom\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\ak1.exe
c:\windows\system32\config\systemprofile\protect.dll
c:\windows\system32\drivers\ovfsthxntpyovii.sys
c:\windows\system32\loader49.exe
c:\windows\system32\ovfsthxbybjmmlr.dat
c:\windows\system32\ovfsthxdonedgud.dll
c:\windows\system32\ovfsthxkbejnhal.dat
c:\windows\system32\ovfsthxkjkcxxuc.dll
c:\windows\system32\ovfsthxtcmppyeg.dll
c:\windows\system32\winglsetup.exe
c:\windows\Temp\1083608796.exe
c:\windows\Temp\1245640046.exe
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthxlvmynpyl


((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-05-01 01:34 . 2009-05-01 01:47 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-30 11:01 . 2009-04-30 11:01 -------- d-----w c:\documents and settings\Mom\Local Settings\Application Data\Identities
2009-04-30 10:00 . 2009-04-30 10:00 -------- d-----w c:\documents and settings\Mom\Application Data\Malwarebytes
2009-04-30 03:20 . 2009-04-30 03:20 -------- d-----w C:\_OTMoveIt
2009-04-30 01:16 . 2009-04-30 01:16 -------- d-----w c:\documents and settings\Kwabena\Application Data\Malwarebytes
2009-04-30 01:15 . 2009-04-30 01:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-25 02:01 . 2009-04-25 02:02 24576 ----a-w c:\windows\system32\ftp_non_crp.exe
2009-04-22 11:21 . 2009-04-22 11:21 -------- d-----w c:\windows\system32\Adobe
2009-04-20 11:17 . 2009-04-20 11:17 40176 ----a-w c:\documents and settings\Mom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-20 11:17 . 2009-04-20 11:17 -------- d-----w c:\documents and settings\All Users\Application Data\Dell
2009-04-19 02:02 . 2009-04-19 02:02 -------- d-----w c:\documents and settings\Kwabena\Application Data\AdobeUM
2009-04-19 02:02 . 2009-04-19 02:02 -------- d-----w c:\documents and settings\Kwabena\Local Settings\Application Data\Adobe
2009-04-18 18:08 . 2009-04-18 18:08 -------- d-----w c:\documents and settings\Kwabena\Application Data\Viewpoint
2009-04-16 00:48 . 2009-03-06 14:00 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-16 00:48 . 2005-07-26 04:20 60416 ------w c:\windows\system32\dllcache\colbact.dll
2009-04-16 00:48 . 2009-02-06 09:54 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-04-16 00:48 . 2009-02-09 10:01 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 00:48 . 2009-02-06 10:22 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-16 00:48 . 2009-02-09 10:01 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 00:48 . 2009-02-06 09:41 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 00:48 . 2009-02-09 10:01 728576 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 00:48 . 2009-02-09 10:01 617984 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 00:48 . 2009-02-09 10:01 715264 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 00:46 . 2008-04-21 10:02 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 02:31 . 2009-04-30 18:05 56 --sh--r c:\windows\system32\4BA7E9EBB3.sys
2009-04-15 02:31 . 2009-04-30 18:05 2516 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-04-15 02:15 . 2009-04-24 20:49 -------- d-----w c:\program files\PhotoFiltre
2009-04-14 20:49 . 2009-04-28 22:39 -------- d-----w c:\documents and settings\Mom\Application Data\AdobeUM
2009-04-14 20:49 . 2009-04-14 20:49 -------- d-----w c:\documents and settings\Mom\Local Settings\Application Data\Adobe
2009-04-14 02:12 . 2009-04-14 02:12 -------- d-----w c:\windows\Sun
2009-04-13 19:23 . 2009-04-13 19:23 -------- d-----w c:\windows\system32\Events
2009-04-13 19:16 . 2009-04-13 19:16 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 13:44 . 2009-04-13 13:44 -------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-04-13 13:42 . 2009-04-13 13:42 -------- d-----w c:\program files\Raxco
2009-04-13 13:29 . 2009-04-13 13:57 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-13 13:29 . 2009-04-13 13:29 155384 ----a-w c:\windows\system32\guard32.dll
2009-04-13 13:29 . 2009-04-13 13:29 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-13 13:29 . 2009-04-13 13:29 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-04-13 13:29 . 2009-04-13 13:29 -------- d-----w c:\program files\COMODO
2009-04-13 13:27 . 2009-02-20 18:09 52224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-13 13:27 . 2009-02-20 18:09 459264 ------w c:\windows\system32\dllcache\msfeeds.dll
2009-04-13 13:27 . 2009-02-20 18:09 268288 ------w c:\windows\system32\dllcache\iertutil.dll
2009-04-13 13:27 . 2009-02-20 10:20 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-04-13 13:27 . 2009-02-20 18:09 6066176 ------w c:\windows\system32\dllcache\ieframe.dll
2009-04-13 13:27 . 2009-02-20 18:09 383488 ------w c:\windows\system32\dllcache\ieapfltr.dll
2009-04-13 13:27 . 2008-07-09 14:25 2455488 ------w c:\windows\system32\dllcache\ieapfltr.dat
2009-04-13 13:27 . 2009-02-20 18:09 63488 ------w c:\windows\system32\dllcache\icardie.dll
2009-04-13 13:24 . 2007-08-13 22:54 33792 ----a-w c:\windows\system32\dllcache\custsat.dll
2009-04-13 12:58 . 2009-03-05 03:30 69936 ----a-w c:\windows\system32\drivers\sbapifs.sys
2009-04-13 12:58 . 2008-09-12 13:38 13360 ----a-w c:\windows\system32\drivers\sbaphd.sys
2009-04-13 12:38 . 2009-04-13 12:38 -------- d-----w c:\documents and settings\Mom\Application Data\TuneUp Software
2009-04-13 11:06 . 2009-04-13 11:06 -------- d-----w c:\program files\DellSupport
2009-04-13 04:00 . 2009-04-13 04:00 -------- d-----w c:\program files\MSXML 4.0
2009-04-13 00:39 . 2009-04-13 00:39 -------- d-----w c:\documents and settings\Mom\Local Settings\Application Data\Mozilla
2009-04-13 00:34 . 2009-04-13 00:34 -------- d-----w c:\documents and settings\Mom\Application Data\Sunbelt
2009-04-13 00:24 . 2009-04-13 14:06 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-13 00:22 . 2009-04-13 00:22 -------- d-----w c:\documents and settings\Kwabena\Application Data\Sunbelt
2009-04-13 00:19 . 2008-09-04 16:42 1106944 ------w c:\windows\system32\dllcache\msxml3.dll
2009-04-13 00:19 . 2008-06-13 13:10 272128 ------w c:\windows\system32\dllcache\bthport.sys
2009-04-13 00:19 . 2008-06-13 13:10 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-04-13 00:13 . 2009-02-06 10:29 2142720 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-13 00:13 . 2009-02-06 10:32 2186112 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-13 00:13 . 2009-02-06 09:49 2020864 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-13 00:13 . 2009-02-06 09:49 2062976 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-13 00:13 . 2009-02-20 18:09 3595264 ------w c:\windows\system32\dllcache\mshtml.dll
2009-04-13 00:11 . 2006-03-21 03:23 23040 ------w c:\windows\kb913800.exe
2009-04-13 00:11 . 2009-04-13 00:22 -------- d-----w c:\windows\system32\drivers\UMDF
2009-04-13 00:11 . 2009-04-13 00:11 -------- d-----w c:\windows\system32\LogFiles
2009-04-13 00:07 . 2009-04-13 00:30 -------- d-----w c:\program files\Rhapsody
2009-04-13 00:04 . 2009-04-13 00:04 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-04-13 00:04 . 2008-11-12 20:44 27904 ----a-w c:\windows\system32\uxtuneup.dll
2009-04-13 00:04 . 2009-04-13 00:04 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-04-13 00:04 . 2009-04-13 00:04 -------- d-----w c:\documents and settings\Kwabena\Application Data\TuneUp Software
2009-04-13 00:04 . 2009-04-13 00:04 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-04-13 00:04 . 2009-04-13 00:04 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-04-13 00:04 . 2009-04-13 00:04 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-04-13 00:02 . 2008-05-08 12:28 202752 ------w c:\windows\system32\dllcache\rmcast.sys
2009-04-13 00:02 . 2009-04-13 00:02 -------- d-----w c:\documents and settings\Kwabena\Application Data\acccore
2009-04-13 00:02 . 2008-10-24 11:10 453632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-13 00:01 . 2009-04-13 00:01 -------- d-----w c:\documents and settings\Kwabena\Local Settings\Application Data\AOL OCP
2009-04-13 00:01 . 2009-04-13 00:01 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-04-13 00:01 . 2008-12-11 11:57 333184 ------w c:\windows\system32\dllcache\srv.sys
2009-04-13 00:01 . 2008-05-01 14:30 331776 ------w c:\windows\system32\dllcache\msadce.dll
2009-04-13 00:01 . 2009-04-13 00:01 -------- d-----w c:\program files\AIM6
2009-04-13 00:01 . 2008-04-11 18:50 683520 ------w c:\windows\system32\dllcache\inetcomm.dll
2009-04-13 00:00 . 2008-10-03 10:15 247326 ------w c:\windows\system32\dllcache\strmdll.dll
2009-04-13 00:00 . 2008-10-15 16:57 332800 ------w c:\windows\system32\dllcache\netapi32.dll
2009-04-12 23:56 . 2009-04-12 23:56 -------- d-----w c:\documents and settings\Kwabena\Local Settings\Application Data\AOL
2009-04-12 23:55 . 2009-04-12 23:57 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-12 23:49 . 2009-04-12 23:49 -------- d-----w c:\documents and settings\All Users\Application Data\Sunbelt
2009-04-12 23:45 . 2008-10-09 14:21 202928 ----a-w c:\windows\system32\drivers\sbtis.sys
2009-04-12 23:45 . 2009-04-12 23:45 -------- d-----w c:\program files\Sunbelt Software
2009-04-12 23:23 . 2009-04-12 23:23 -------- d-----w c:\program files\uTorrent
2009-04-12 23:23 . 2009-04-13 13:42 -------- d-----w c:\documents and settings\Kwabena\Application Data\uTorrent
2009-04-12 23:12 . 2009-04-12 23:12 -------- d-----w c:\documents and settings\Kwabena\Local Settings\Application Data\Mozilla
2009-04-12 23:11 . 2009-04-12 23:11 40176 ----a-w c:\documents and settings\Kwabena\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 23:02 . 2001-08-17 17:47 12928 ----a-w c:\windows\system32\dllcache\dot4prt.sys
2009-04-12 23:02 . 2001-08-17 17:47 12928 ----a-w c:\windows\system32\drivers\Dot4Prt.sys
2009-04-12 23:02 . 2001-08-18 02:36 324608 ----a-w c:\windows\system32\dllcache\hpojwia.dll
2009-04-12 23:02 . 2001-08-18 02:36 324608 ----a-w c:\windows\system32\hpojwia.dll
2009-04-12 23:02 . 2001-08-17 17:47 8704 ----a-w c:\windows\system32\dllcache\dot4scan.sys
2009-04-12 23:02 . 2001-08-17 17:47 8704 ----a-w c:\windows\system32\drivers\Dot4scan.sys
2009-04-12 23:02 . 2001-08-17 17:47 23808 ----a-w c:\windows\system32\dllcache\dot4usb.sys
2009-04-12 23:02 . 2001-08-17 17:47 23808 ----a-w c:\windows\system32\drivers\Dot4usb.sys
2009-04-12 23:01 . 2004-08-04 02:58 207360 ----a-w c:\windows\system32\dllcache\dot4.sys
2009-04-12 23:01 . 2004-08-04 02:58 207360 ----a-w c:\windows\system32\drivers\Dot4.sys
2009-04-12 22:52 . 2005-08-17 00:52 136 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
2009-04-12 22:52 . 2006-05-17 17:43 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Corel
2009-04-12 22:52 . 2006-05-17 17:39 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Gtek
2009-04-12 22:52 . 2005-08-17 00:52 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
2009-04-12 22:52 . 2006-05-17 17:32 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\BVRP Software
2009-04-12 22:52 . 2006-05-17 17:40 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Musicmatch
2009-04-12 22:52 . 2006-05-17 17:39 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Wildtangent
2009-04-12 22:52 . 2006-05-17 17:27 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2009-04-12 22:46 . 2001-08-17 17:48 12160 ----a-w c:\windows\system32\drivers\mouhid.sys
2009-04-12 22:46 . 2004-08-04 02:58 14848 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-04-12 22:46 . 2001-08-17 18:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 01:47 . 2006-05-17 17:27 -------- d-----w c:\program files\Java
2009-04-30 23:42 . 2006-05-17 17:42 -------- d-----w c:\program files\Trend Micro
2009-04-13 00:01 . 2006-05-17 17:37 -------- d-----w c:\program files\Common Files\AOL
2009-04-12 23:59 . 2006-05-17 17:37 -------- d-----w c:\program files\Common Files\aolshare
2009-04-12 23:55 . 2006-05-17 17:38 -------- d-----w c:\program files\Viewpoint
2009-03-31 15:45 . 2009-03-31 15:45 231176 ----a-w c:\windows\system32\PDBoot.exe
2009-03-17 17:26 . 2009-03-17 17:26 65320 ----a-w c:\windows\system32\sbbd.exe
2009-03-06 14:00 . 2005-08-16 08:18 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2005-08-16 08:18 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2005-08-16 08:18 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2005-08-16 08:18 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-08-16 08:18 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2005-08-16 08:18 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2005-08-16 08:18 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2005-08-16 08:18 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2005-08-16 08:18 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2005-08-16 08:18 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2005-08-16 08:18 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 02:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2005-08-16 08:18 55808 ----a-w c:\windows\system32\secur32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-05-01 01:47 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-06-06 50528]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2005-10-19 135168]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"SetDefaultMIDI"="MIDIDef.exe" - c:\windows\MIDIDEF.EXE [2004-12-22 24576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7323648]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 57344]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CTRegRun"="c:\windows\CTRegRun.EXE" [1999-10-11 41984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-01 148888]
"MBMon"="CTMBHA.DLL" - c:\windows\system32\CTMBHA.DLL [2005-05-19 1345520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2009-02-20 233472]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\[u]0[/u]autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" /tray
"SigmatelSysTrayApp"=stsystra.exe
"ehTray"=c:\windows\ehome\ehtray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"SBAMTray"=c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" -h

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=

R3 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2008-10-22 92464]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2009-04-13 110992]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2009-04-13 24336]
S1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2008-09-12 13360]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [2008-10-09 202928]
S2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [2009-03-17 894248]
S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2009-03-05 69936]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-13 603904]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 20:28]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Windows Resurections - c:\windows\TEMP\mnesb87co.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\1245640046.exe
HKU-Default-Run-autochk - c:\docume~1\LOCALS~1\protect.dll
SharedTaskScheduler-{B2BA40A2-74F0-42BD-F434-12345A2C8953} - (no file)
SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell.com
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
Trusted Zone: musicmatch.com\online
FF - ProfilePath - c:\documents and settings\Kwabena\Application Data\Mozilla\Firefox\Profiles\pj9fs9br.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 22:08
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(808)
c:\windows\system32\guard32.dll
.
Completion time: 2009-05-01 22:10
ComboFix-quarantined-files.txt 2009-05-01 02:10

Pre-Run: 140,364,300,288 bytes free
Post-Run: 140,584,812,544 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

292 --- E O F --- 2009-04-30 18:57


Report •

#8
April 30, 2009 at 20:15:02
Looks better.

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.


Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

The Kaspersky scan take 3hrs. or longer but is worth running as it will pick up many things missed by other scanners.

Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
3.Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
4. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
5. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
6. Click View scan report at the bottom.
7. Click the Save Report As... button.
8. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Report •

#9
May 1, 2009 at 14:29:03
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 01, 2009 14:52:27
Records in database: 2117868
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 53023
Threat name: 3
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 01:11:33


File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Kwabena\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Kwabena\Start Menu\Programs\Startup\ChkDisk.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Mom\Start Menu\Programs\Startup\ChkDisk.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.amjg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\winglsetup.exe.vir Infected: Trojan-Dropper.Win32.Agent.anrj 1
C:\Qoobox\Quarantine\C\WINDOWS\Temp\1083608796.exe.vir Infected: Trojan-Downloader.Win32.Suurch.oa 1
C:\Qoobox\Quarantine\C\WINDOWS\Temp\1245640046.exe.vir Infected: Trojan-Downloader.Win32.Suurch.oa 1

The selected area was scanned.


Report •

#10
May 1, 2009 at 20:31:25
Navigate to and delete this folder which are baddies quarantined by Combofix.:

C:\Qoobox

Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Go to start> control panel> add/remove programs and uninstall these programs:

Hijack This

Malwarebytes

Kaspersky

You should keep AFT Cleaner and run it weekly.


You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

How is the computer operating?


Report •

#11
May 3, 2009 at 10:13:21
I'm still getting redirected. It's not completely gone I think.

Report •

#12
May 3, 2009 at 14:55:21
Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Report •

#13
May 4, 2009 at 04:35:48
GooredFix v1.92 by jpshortstuff
Log created at 07:35 on 04/05/2009 running Option #1 (Mom)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{F511D839-8AD2-462C-B03A-E210074B3DB7}

C:\Program Files\Mozilla Firefox\extensions\{843202C8-A25E-464A-BA75-AD7F02A346F1}

C:\Program Files\Mozilla Firefox\extensions\{697BF29B-1779-48D0-A561-F928DBB8E961}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


Report •

#14
May 4, 2009 at 10:01:20
Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

You should not be being redirected since running the second part of the Goored fix...are you?


Report •

#15
May 4, 2009 at 17:49:45
GooredFix v1.92 by jpshortstuff
Log created at 20:48 on 04/05/2009 running Option #2
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{F511D839-8AD2-462C-B03A-E210074B3DB7}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{843202C8-A25E-464A-BA75-AD7F02A346F1}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{697BF29B-1779-48D0-A561-F928DBB8E961}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"


Report •

#16
May 4, 2009 at 18:02:23
And are you still being redirected?

Report •


Ask Question