-
Sorry for the delay, this scan took a long time.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, May 25, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, May 24, 2009 14:09:37
Records in database: 2233588
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
S:\
T:\
Scan statistics:
Files scanned: 346008
Threat name: 14
Infected objects: 39
Suspicious objects: 0
Duration of the scan: 07:03:53
File name / Threat name / Threats count
C:\Documents and Settings\tyler\.housecall6.6\Quarantine\lmn_setup.exe.bac_a02192 Infected: Trojan-Dropper.Win32.Agent.apgo 1
C:\Documents and Settings\tyler\Application Data\Thunderbird\Profiles\961z1n4u.default\Mail\localhost\Inbox Infected: Trojan.JS.Redirector.b 4
C:\Documents and Settings\tyler\Desktop\regtools.vbs Infected: not-a-virus:RiskTool.VBS.DisReg.a 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\1055860099.exe.vir Infected: Trojan.Win32.Agent.cirp 1
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\916653139.exe.vir Infected: not-a-virus:FraudTool.Win32.MalwareDoctor.g 1
C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\Documents and Settings\tyler\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\Documents and Settings\tyler\Start Menu\Programs\Startup\ChkDisk.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\autochk.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir Infected: Trojan-Spy.Win32.Agent.argt 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\ovfsthvymesoyvdpmpiksmxxflewndjouobobu.sys.vir Infected: Trojan.Win32.Tdss.aalf 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\lmn_setup.exe.vir Infected: Trojan-Dropper.Win32.Agent.apgo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthbxakoykveeojioyvfcjyhqpsbhojfsjj.dll.vir Infected: Trojan.Win32.Tdss.aalg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthmbsjujgwtdfpxmbrfqqmoelydvugaitd.dll.vir Infected: Trojan.Win32.Tdss.aald 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthtueppkcrqsitkjhvtsgeqdxhfipurfke.dll.vir Infected: Trojan.Win32.Tdss.aalc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ovfsthtueppkcrqsitkjhvtsgeqdxhfipurfke.dll_old.vir Infected: Trojan.Win32.Tdss.aalc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir Infected: Trojan-PSW.Win32.LdPinch.agbf 1
C:\Qoobox\Quarantine\[4]-Submit_2009-05-24_04.20.20.zip Infected: Trojan.Win32.Agent.cimn 2
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130639.sys Infected: Trojan.Win32.Tdss.aalf 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130640.dll Infected: Trojan.Win32.Tdss.aalc 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130641.dll Infected: Trojan.Win32.Tdss.aalg 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130642.dll Infected: Trojan.Win32.Tdss.aald 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130663.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130664.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130666.exe Infected: Trojan-Dropper.Win32.Agent.apgo 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130669.exe Infected: Trojan.Win32.Agent.cirp 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130670.exe Infected: not-a-virus:FraudTool.Win32.MalwareDoctor.g 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130671.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130672.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130673.dll Infected: Trojan-Spy.Win32.Agent.argt 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130680.exe Infected: Trojan-PSW.Win32.LdPinch.agbf 1
C:\System Volume Information\_restore{F8AA3596-A17B-46B6-A847-BA39BEB8D45C}\RP1430\A0130682.exe Infected: Trojan-PSW.Win32.LdPinch.agbf 1
C:\WINDOWS\pss\ChkDisk.dllStartup Infected: Trojan-Spy.Win32.Agent.argt 1
S:\s\complete\unsorted\Scene\ZhayTee\Star Systems - The Ideal City (Fourth Movement).mp3 Infected: Virus.DOS.VCC.Pocks.424 1
The selected area was scanned.
:snorkle::snorkle::snorkle::snorkle::snorkle::snorkle::snorkle::snorkle:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:24 PM, on 5/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Flock\flock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {c871956a-1bff-4b64-9254-6551494a43aa} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\office03\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\office03\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\tyler\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\MsgPlusLoader.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: hggfdec - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\tracking\protools\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
--
End of file - 11231 bytes
-
Yes it will :)
Empty these folders:
C:\Documents and Settings\tyler\.housecall6.6\Quarantine
C:\Qoobox\Quarantine\
Delete these:
C:\WINDOWS\pss\ChkDisk.dllStartup
S:\s\complete\unsorted\Scene\ZhayTee\Star Systems - The Ideal City (Fourth Movement).mp3
Empty Recycle Bin.
Still problems?
-
Thank you so far. Unfortunately, yes, I still have problems. I've been using a browser called "Flock" as my emergency backup. When I start Firefox, it loads very slowly and suspiciously. Then, when I do a Google search for "stuff" and click on the result "Stuff White People Like" (a trustworthy, basic, humour sort of blog), I get redirected to a site other than the expected one.
I've attached a few screenshots. Sear.jpg is an example of expected search results. The others show what happens when I click on the bottom result.
Additionally, when I check my hotmail account, I can't click on any email messages. When I click, nothing happens.
I suspect shenanigans and it has something to do with opening Firefox. Any ideas? Add ons or plugins within Firefox? I also suspect Firefox may be what triggers the reinstall of whatever has been spreading back on my system in the past. I hope I haven't undone any of your work.
-
Also, please note that I didn't click "OK" when that box came up.
-
Yes you might have certain Firefox specific infection.
Please download GooredFix by jpshortstuff ... save it to your desktop.
- Double-click Goored.exe to run it.
- Select "1. Find Goored (no fix)"... by typing 1 and pressing Enter.
- A log will open... it can also be found on your desktop... "Goored.txt".
- Please post the contents of the log Goored.txt in your next reply.
Note: Do not run Option #2 unless instructed to do so!
-
GooredFix v1.92 by jpshortstuff
Log created at 01:10 on 26/05/2009 running Option #1 (tyler)
Firefox version 3.0.10 (en-US)
=====Suspect Goored Entries=====
C:\Program Files\Mozilla Firefox\extensions\{C232E52F-23C9-4688-999E-6C512033249B}
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
-
Important! Make sure all instances of Firefox are closed!
- Please double-click the GooredFix.exe icon... on your desktop to run it.
- Select "2. Fix Goored"... by typing 2 and pressing Enter.
- Type y... at the prompt ... press Enter again.
- A log will open... it can also be found on your desktop... "GooredLog.txt".
- Please post the contents of the log GooredLog.txt in your next reply.
Note: Please also allow any registry changes that may be challenged by any of your security programs.
If you receive a message indicating a system restart is needed, please save any work, close all applications and reboot your system.
-
No message asking for a restart. I ran it. I just tried Firefox and can't replicate my previous link alteration problem but I noticed in the past that it would go away sometimes after I ran Spybot, Malwarebytes, or AVG... then eventually return. I'll keep you updated if I see anything suspicious over the next week or so, I'd really prefer not to consider this case "closed" yet. I am very grateful for the help you've provided. You're a really nice person for volunteering your time like this. My results:
GooredFix v1.92 by jpshortstuff
Log created at 13:05 on 26/05/2009 running Option #2 (tyler)
Firefox version 3.0.10 (en-US)
(Subsequent Run)
=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{C232E52F-23C9-4688-999E-6C512033249B}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
-
Yes, Goored is gone now :)
Test a bit and let me know.
-
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Everyone else please begin a New Topic.