Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser is redirected while in Yahoo or Google to gillimp...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Stovowhotocro » November 23rd, 2008, 8:48 pm

Kaspersky at end reported no malware found.

Jotti would not allow me to submit. The submit button stayed grayed out. So used VirusTotal.

File missouri.dll received on 11.24.2008 01:25:47 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/37 (0%)
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 38 and 55 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.11.21.0 2008.11.23 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.24 -
Avast 4.8.1281.0 2008.11.23 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.24 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.24 -
DrWeb 4.44.0.09170 2008.11.24 -
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6222 2008.11.22 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.24 -
F-Secure 8.0.14332.0 2008.11.24 -
Fortinet 3.117.0.0 2008.11.23 -
GData 19 2008.11.24 -
Ikarus T3.1.1.45.0 2008.11.23 -
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.24 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.24 -
NOD32 3633 2008.11.24 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.24 -
Rising 21.04.62.00 2008.11.23 -
SecureWeb-Gateway 6.7.6 2008.11.23 -
Sophos 4.35.0 2008.11.24 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.24 -
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.23 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
Additional information
File size: 217088 bytes
MD5...: 68e89ad40576779f067931bdb4a06712
SHA1..: 22ac7aeea0490f58372097315b367c5b1f697db9
SHA256: 534328337e07d57db05dde2c1d7c22041ec1d4c2266b70ae903fb8847c6e41f2
SHA512: ef709d1fdceef9b3af00ccf168849c02a23f2b4ad63a71bc32e727fff886508e
b4e0e898f52bbcbec0ed5ae8d6fc476df2c653c8864cc6cf324e7d2a3ae45ad8
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1001e0eb
timedatestamp.....: 0x4549fce3 (Thu Nov 02 14:12:51 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x277c6 0x28000 6.61 da01abdf5869f753e9ba1530460b86b0
.rdata 0x29000 0x1a89 0x2000 4.93 7e934ae81afeeb051d4211e38d874a37
.data 0x2b000 0x7c4c 0x6000 3.23 2e8fddabaeacc0c25c568d80bf43818a
.rsrc 0x33000 0x4e8 0x1000 1.30 8b2bc5f7faa299a9e5d71d6cb2f06f67
.reloc 0x34000 0x2bea 0x3000 5.83 46b5d9f165768eed8b14cc2639ca9486

( 2 imports )
> KERNEL32.dll: lstrcpyA, GlobalAlloc, GlobalLock, GlobalUnlock, VirtualFree, HeapFree, HeapAlloc, InterlockedDecrement, InterlockedIncrement, GetLastError, GetFileAttributesA, GetCommandLineA, GetVersion, GetProcAddress, GetModuleHandleA, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, CloseHandle, RtlUnwind, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, GlobalFree, VirtualAlloc, HeapReAlloc, DeleteCriticalSection, ExitProcess, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, SetFilePointer, ReadFile, FlushFileBuffers, WriteFile, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, CreateFileA, SetStdHandle, GetCPInfo, GetStringTypeA, GetStringTypeW, CompareStringA, CompareStringW, GetACP, GetOEMCP, SetEnvironmentVariableA, LoadLibraryA, RaiseException, SetEndOfFile
> GDI32.dll: GetDIBits, StretchBlt, SetBrushOrgEx, GetSystemPaletteEntries, CreateHalftonePalette, GetObjectType, RestoreDC, SaveDC, DeleteObject, GetPaletteEntries, GetObjectA, GetBitmapBits, DeleteDC, SelectPalette, SelectObject, CreateDCA, CreateCompatibleBitmap, RealizePalette, GetDeviceCaps, CreateBitmap, CreateCompatibleDC, CreatePalette, SetBitmapBits, SetStretchBltMode, StretchDIBits, SetDIBits, BitBlt

( 25 exports )
GetExtendedTag, GetExtendedTag2, GetExtendedTagX, PhotoCopyImage, PhotoCopyImage2, SafetyPalette, SafetyPalette2, SaveMe, SaveMe2, SaveMeX, ShareMe, ShareMe2, ShowMe, ShowMe2, ShowMeX, TargetGamma, TargetGamma2, TellMe, TellMe2, TellMeX, UniformPalette, UniformPalette2, jddriver, jddriver2, jddriverX



End of VirusTotal Report

HyjackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:59 PM, on 11/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP7310\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Alltel\QuickLink Mobile\QuickLink Mobile.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP7310\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: http://*.marmls.com
O15 - Trusted Zone: http://*.mlxchange.com
O15 - Trusted Zone: http://*.rapmls.com
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mfr.mlxchange.com/4.2.10.33/Cont ... ruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mfr.mlxchange.com/4.2.10.33/Control/Specfile.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} (Keynote Connector Launcher 2) - http://webeffective.keynote.com/applica ... uncher.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} (WWHearts Control) - http://www.worldwinner.com/games/v52/ww ... hearts.cab
O16 - DPF: {6DE617B8-49C0-40F8-8118-D2C3741F1C28} (SetTrustedSitesControl.clsReg) - http://medialaxh.rapmls.com/tools/MlsTo ... ontrol.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1067659828
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLS Client Utils) - http://mfr.mlxchange.com/4.2.10.33/Cont ... tUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mfr.mlxchange.com/4.2.10.33/Control/LiteGrid.cab
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} (IRCWwwPrint Class) - http://mfr.mlxchange.com/4.2.10.33/Cont ... bPrint.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mfr.mlxchange.com/4.3.07.83/Control/IRCSharc.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://mfr.mlxchange.com/4.2.10.33/Control/WebDog.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v53/ww ... spades.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mfr.mlxchange.com/4.2.10.33/Cont ... mCtrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{87AAC410-01CA-4EF1-9D27-D9F0F924DB40}: NameServer = 166.102.165.11 166.102.165.13
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 11431 bytes

Computer is faster and it doesn't get redirected to those websites as noted in problem from before.

I have lost the Icon for Avast in the tray, and don't know if my antivirus protection is on or not. When you give me the all clear, can you recommend how to set computer up to be protected from this happening again? I'm not sure what security programs that I should have running at start up and would appreciate your suggestions.
Stovowhotocro
Active Member
 
Posts: 11
Joined: November 18th, 2008, 12:53 pm
Advertisement
Register to Remove

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Bob4 » November 24th, 2008, 8:31 am

+++++++++++++++++++++++++++++++++
Open notepad up and copy everything exactly in the box below into it.

Code: Select all
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"




make sure to have no lines before
REGEDIT4

and

One (1) space before the end.
Now click on save and save TO YOUR DESKTOP

as "File Name" fix.reg

Save as File type "all files" NOT TXT DOCUMENT

Once saved double click the file you just made and when asked to merge with the registry click yes.

Now delete that file.


Restart and tell me if avast Icon is back.

_________________________________









Great news ! Image

Your log now appears to be clean.

Lets do a few things to tidy up.
Please do these in the order I suggest!


_______________________________________________
Go to start > run and copy and paste this in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the
system/hidden files and resets System Restore again.







A few things to help with possible threats

These are optional . But will help protect you further.
___________________________________

SpywareBlaster

Install SpywareBlaster

SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs.
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.


______________________________
SiteHound

http://www.firetrust.com/firetrustsitehound.html

This tool bar will help protect you from.

Over 4,000 fake bank and credit sites.
Tens of thousands of pornographic
and adult sites.
The never ending fake phishing sites.
Malicious sites, which can infect you
with spyware and adware if you visit
them.
Sites to download software which
may infect your computer with
spyware, a virus or adware


___________________________________
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from connecting to malware and spyware sites by redirecting the connection request to 127.0.0.1, which is your local address. If you use a proxy server, or if you are on AOL, be sure to read the special instructions.
You can download the MVPS Hosts File and see a HOSTS file tutorial here :
This website also contains useful tips, and links to other resources and utilities.


___________________________________
Make your Internet Explorer more secure
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

6. Next press the Apply button and then the OK to exit the Internet Properties page.


Here's a site with great advise on how to AVOID malware. Much easier to do than removing it.


___________________________________
If your anything like me you should be mad these people have done this to you.
Please take the time to tell us what you would like to be done to these idiots!
We can only get something done about this if the people that we help, like you, are prepared to complain.
We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.

The infections you had was Vundo


Safe and Happy Surfing. :)

______________________________
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Stovowhotocro » November 25th, 2008, 3:05 am

I copied the fix.reg file to notepad like you said:
Made sure there no lines before REGEDIT4
and I assume that you wanted (1) space after
....\\ashDisp.exe"

Saved as all file types.

When I clicked on the fix.reg file I got the following error message window:

Registry Editor
(X) Cannot import C:\Documents and Settings\Steve Whitacre\Desktop\fix.reg:Not all data was successfully written to the registry. Some keys are open by the system or other processes.

I rebooted and tried to use that file again and got the same error message.

I will assume that I can work on getting the other things tidied up while I am waiting for you to get back to me on this one.
Stovowhotocro
Active Member
 
Posts: 11
Joined: November 18th, 2008, 12:53 pm

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Bob4 » November 25th, 2008, 5:06 pm

I have been looking into that error message:
Not all data was successfully written to the registry. Some keys are open by the system or other processes.


Nothing rock solid coming from my queries yet. So let's try these 3 things.

First.
Click start/all programs /avast anti virus

Now on the top left should be a small tab (triangle) above the large knob.
By clicking that you should see settingsthen click appearance and choose show Avast try Icon Click OK and close avast. These setting may need to have you reboot to take effect.

If that doesn't work


Second try booting to safe mode and try running that .reg file we made.

___________________________________
Safe mode:
Please reboot to safe mode:
After the very first black screen start tapping the
F8 key untill prompted with a list.... choose safe
mode.
Be sure it's on the desktop for easy finding .


________________________________

Third try. Always a charm :roll:

Open control panel /add / remove programs and choose avast.
Then click change ( should already be highlighted) then next
Except the default setting and continue with next and it will begin reinstalling/repairing the application. If it asks you to reboot please do so.


___________________________________


Let me know if one of these helps.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Bob4 » November 25th, 2008, 5:12 pm

I should also ask. 8)
Are you logged in as an administrator ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Stovowhotocro » November 25th, 2008, 11:50 pm

Using the fix.reg from the Safe Mode worked! Thanks.

Now, I notice I have a problem with plugging in my camera through the USB. I used to get a window to automatically pop up that would allow me to choose and run the Scanner & Camera Wizard.

Remember, that when you mentioned to me that running ComboFix would do the following?:

"Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security."

I really want to get that ability back. I need to have that Wizard to run. I use a feature in the Wizard that saves me a lot of steps and time in uploading and naming my pictures into different folders, which I do a lot in my work.

How do I get this feature back?
Stovowhotocro
Active Member
 
Posts: 11
Joined: November 18th, 2008, 12:53 pm

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Bob4 » November 29th, 2008, 8:55 pm

Hello again,
Sorry for the delay. I was away for a couple of days for the Holiday.


To try and fix the Autorun issue..


Go to http://www.microsoft.com/downloads/deta ... oContainer and download autorun fix to your desktop.

Click on it to open. Follow the prompts by clicking next. It will probably prompt you to log off and log back on to finish. Do so. Once that is finished :

Go to
start/my computer and right click on the drive in question choose properties then AutoPlay..
Stovowhotocro wrote:camera through the USB


Click on the pull down menu and choose ,one at a time music ,pics, ,video and mixed content.
Each time choosing "Prompt me each time to perform an action"

Click apply and OK.
Remove and reinsert the drive. This should take care of that.
Please let me know.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Bob4 » December 2nd, 2008, 6:25 pm

Still with me ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Stovowhotocro » December 2nd, 2008, 8:36 pm

I am with you! I was busy over the weekend and I wanted to be sure there were no more issues left to handle. Everything is working fine and I can't tell you how much I am thankful to you for getting me out of the jam I was in with that Vundo thing! You guys rock! Thanks!!!
Stovowhotocro
Active Member
 
Posts: 11
Joined: November 18th, 2008, 12:53 pm

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby Bob4 » December 2nd, 2008, 8:56 pm

I'm glad it all worked out.
Have a great Christmas.
Bob4
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Browser is redirected while in Yahoo or Google to gillimp...

Unread postby NonSuch » December 3rd, 2008, 1:40 am

As this issue is resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 146 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware