Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ok, one more time

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: ok, one more time

Unread postby Kennyco » November 16th, 2010, 12:53 pm

Yes, much better! In fact I don't think I have seen any pop-ups. But I have been redirected twice, I will keep better track of that in the future. Thank you for all your help so far.
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm
Advertisement
Register to Remove

Re: ok, one more time

Unread postby Kennyco » November 16th, 2010, 1:00 pm

Plus Norton seems to be picking up tracking cookies now.

Do you know what caused this?
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby Kennyco » November 16th, 2010, 1:58 pm

This is the redirect site

http://do_check.s3.amazonaws.com/index.html?AWSAccessKeyId=AKIAIKDZBVZT6ABSN6MA&Expires=1289930521&Signature=Qh9aTR4xab5vvkhntQNg9xx74P0%3D
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby Kennyco » November 16th, 2010, 2:02 pm

and this pop-up now

http://travel.aol.com/travel-guide/united-states/nevada/las-vegas-overview/?ncid=AOLCOMMtravbannpaid0034
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 16th, 2010, 6:39 pm

Hi,
Please don't post any link (redirection) ;)
We will try with different approach. Just let me know about the system functional after you perform the instructions.

First,
GooredFix.
Please download from one of the locations below and save to the desktop.
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • Double click on GooredFix.exe and click on run
  • Click Yes to proceed.
  • A log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Next,
ATF by Atribune
Please download HERE and save to the desktop. Double-click ATF Cleaner.exe to open it.
Under Main choose:
    choose: Select All
    Click the Empty Selected button.
if you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,
Kaspersky Online AV Scan
Note: Internet Explorer should be used.
Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next.

What you need to post
Checklist.
  • Content of GooredFix.txt
  • Content of Kaspersky scan log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 16th, 2010, 8:15 pm

Kasperkey asking my to download Java 1.5 or later. Shall I download it?
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 16th, 2010, 8:47 pm

Please proceed.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 16th, 2010, 10:23 pm

It is giving me an error message when trying to run the Kasperkey av, saying please restart the website and that I must have steady internet connection error: License has expired? Here is the gooredfix.txt

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:50 on 16/11/2010 (Preston)
Firefox version 3.6.12 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:17 26/10/2010]

C:\Documents and Settings\Preston\Application Data\Mozilla\Firefox\Profiles\80b6n0g5.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [18:08 16/11/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\IPSFFPlgn\" [01:33 01/11/2010]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:40 12/11/2010]

-=E.O.F=-
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 16th, 2010, 11:19 pm

Hi,
Try this one.

Next,
ATF by Atribune
Please run it again.

Next,
ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

What you need to post
Checklist.
  • Content of log.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 17th, 2010, 9:36 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=178eac58f8e2aa4aadf507c4443cac5d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-17 04:17:52
# local_time=2010-11-16 09:17:52 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 205741 205741 0 0
# compatibility_mode=3587 16777190 85 76 460449 108033219 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=46800
# found=0
# cleaned=0
# scan_time=2042
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=178eac58f8e2aa4aadf507c4443cac5d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-17 07:42:03
# local_time=2010-11-17 12:42:03 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 261612 261612 0 0
# compatibility_mode=3587 16777190 85 76 516320 108089090 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=42701
# found=0
# cleaned=0
# scan_time=1621
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=178eac58f8e2aa4aadf507c4443cac5d
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-18 01:02:47
# local_time=2010-11-17 06:02:47 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 282213 282213 0 0
# compatibility_mode=3587 16777174 85 76 536921 108109691 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=2130
# found=0
# cleaned=0
# scan_time=264
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=178eac58f8e2aa4aadf507c4443cac5d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-18 01:34:49
# local_time=2010-11-17 06:34:49 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 282521 282521 0 0
# compatibility_mode=3587 16777174 85 76 537229 108109999 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=42835
# found=0
# cleaned=0
# scan_time=1881
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 18th, 2010, 6:42 am

Hi,

still redirect to those web?
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 18th, 2010, 12:37 pm

Still pop ups.
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby Kennyco » November 18th, 2010, 2:21 pm

but "few and far between"
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm

Re: ok, one more time

Unread postby xixo_12 » November 19th, 2010, 9:48 am

Hi,
Let's proceed.

I need to check on something. Current log seem to be clean.

IpConfig
  • Go Start > Run
  • Type in cmd > Click OK
  • At command prompt, type in ipconfig /all (<-----watch for "space" after "ipconfig")
  • Press Enter.
    Image
  • Click the icon on the menubar on the left and then Edit > Select all.
  • Click the icon in the menubar again then Edit > Copy
  • This copies all the text to the clipboard.
  • Paste the output into your next reply.

What you need to post
Checklist.
  • Content of Ipconfig log
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: ok, one more time

Unread postby Kennyco » November 19th, 2010, 1:50 pm

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Preston>ipconfic /all
'ipconfic' is not recognized as an internal or external command,
operable program or batch file.

C:\Documents and Settings\Preston>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : badonkadonk
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1395 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1F-E1-2B-B1-6A
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.74
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.1
Lease Obtained. . . . . . . . . . : Friday, November 19, 2010 10:18:30 A
M
Lease Expires . . . . . . . . . . : Saturday, November 20, 2010 10:18:30
AM

C:\Documents and Settings\Preston>
Kennyco
Regular Member
 
Posts: 24
Joined: November 4th, 2010, 2:58 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 86 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware