Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1: http://jpshortstuff.247fixes.com/GooredFix.exe
Download Mirror #2: http://downloads.securitycadets.com/GooredFix.exe
Double-click GooredFix.exe to run it.
Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
GooredFix v1.92 by jpshortstuff
Log created at 19:17 on 17/05/2009 running Option #1 (Benjamin Weiner)
Firefox version 3.0.10 (en-US)
=====Suspect Goored Entries=====
C:\Program Files\Mozilla Firefox\extensions\{26D47F28-3C86-4F25-BB23-6A0B301E4807}
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
Please double-click GooredFix.exe on your Desktop to run it.
Select "2. Fix Goored" by typing 2 and pressing Enter.
Make sure all instances of Firefox are closed at this point.
Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
GooredFix v1.92 by jpshortstuff
Log created at 19:22 on 17/05/2009 running Option #2 (Benjamin Weiner)
Firefox version 3.0.10 (en-US)
=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{26D47F28-3C86-4F25-BB23-6A0B301E4807}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"
c:\windows\winstart.bat <<< I am not liking the look of this item:
http://www.google.com/search?hl=en&q...at&btnG=Search
Please delete that file and you may need to show all files and folders to see it:
http://www.bleepingcomputer.com/tuto...l62.html#winxp
Then give me a report.
Thanks
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
I deleted it. Should I empty my recycle bin as well? I have not been redirected lately, but it only happens every once in a while, so I will keep trying. Thanks for all your help so far.
I missed this ealier, it's running in the log and you are not using Symantec, so uninstall it in Add Remove programs.
LiveUpdate 3.0 (Symantec Corporation)
Yes...that should be the only file in there because ATF-Cleaner empties the Recycle Bin.Should I empty my recycle bin as well?
Let's see if we can wrap up like this.
Remove combofix from the computer like this:
Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.
Clean the System Restore files like this:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, keep it updated and run it once a month or so)
Update AVG 8.5 and scan the system, to be sure it is running right and scanning clean.
Some good AVG information.
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/
If all is well at this point, let me know and I will close the topic.
Some good information for you:
http://users.telenet.be/bluepatchy/m...wcomputer.html
http://www.microsoft.com/windowsxp/u...s/mcgill1.mspx
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/m...revention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
http://www.malwarecomplaints.info/
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
How hard are your passwords to crack?
http://www.microsoft.com/protect/you...d/checker.mspx
http://users.telenet.be/bluepatchy/m...oes/Links.html
http://www.microsoft.com/windows/ie/...rotection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/com.../browsing.mspx
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
Thank you!
I ran the MBAM and AVG scans, and they came out clean. Everything seems to be running great. I assume it is okay to delete Goored and the ATF Cleaner? Thank you SO much for your help!
Delete GooredFix, it does not update.
ATF-Cleaner <<< yours to keep if you wish, you will not find a better, small cleaner anywhere for the price. I suggest you give it free to all of your friends, when they see the cute little garbage can they will sing your praises
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
Alright, thanks again for your help. You are a lifesaver.
