[midnight11]

thank you evilfantasy for helping!

my computer is running fine now. ok, i'm gonna download the link right now. i'll post the log soon after i finish. thanks.

[midnight11]

here is the log:

GooredFix by jpshortstuff (12.07.09)
Log created at 04:05 on 07/09/2009 (USER)
Firefox version 3.5.2 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:12 04/09/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extens ions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program

Files\Real\RealPlayer\browserrecord\firefox\ext" [23:46 05/09/2009]

-=E.O.F=-


is my computer safe now? thanks for your time and help. it's appreciated.

[evilfantasy]

If you aren't getting the redirects the it all looks OK.

Click Start > Run and then copy/paste the following into the box and then click OK

Code:

"%userprofile%\Desktop\GooredFix.exe" /uninstall

If any of your security programs query a new Registry/AutoStart value being added please allow the changes.

----------

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.
Out of date software has security vulnerabilities that malware can exploit.

• Click Start Now
• Check the box next to Enable thorough system inspection.
• Click Start
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

Make sure all of your security programs are up to date and run scans with them regularly.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself safe On The Web for tips and free tools to keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

[midnight11]

still i am getting the redirect and i kept having error updating malwarebyte, and unable to run spybot search & destroy. unable updating windows because i got this message: you may be a victim of software counterfeiting (i used to never get such message) .
OK. i am gonna follow your advices for sure. it may takes several minutes. i'll be right back to post the results. thanks for helping

[evilfantasy]

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
• Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

[midnight11]

sorry for being late to reply. i lost the internet connection. i have no problem with software conterfeiting bar anymore now. i have just reinstall/upgrade my windows os. the bar has dissapeared.

i have tried to download drwebcure. but i kept having trouble to install it to my computer. first, i got the file named m7s6uegc.exe, and the name of the file kept changing everytime i tried to do a new download. then, after it has completed succesfully downloaded, i tried to click install and came up this message:
-error encountered while performing the operation. look at the information window for more details
-the archieve is either unknown format or damaged.

another problem is i kept having trouble to update any anti virus, and also any anti spyware. and i have just uninstall spybot but when i tried to install it ended up to failed again and came ended with this message: "can't download spybot. error sending request. the server name or address could not be resolved."

and also still i have been redirecting. and i coudn't to download mywot.com. eventhough my computer is still fast enough like usual. i'm just thinking probably someone is spying on my screen activities now. . how to do a total cleaning to my infected computer? thanks a lot for helping.

[evilfantasy]

Please do the following:

1. Download this diagnostics tool MGADiag.exe and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

[midnight11]

i'll go for it now. thanks for helping and for the fast reply.

[midnight11]

i have got trouble to download the file. should i change the os or reinstall the windows once again? thanks.

[midnight11]

sorry i am come back again. finally i have just been able to download it but unfortunatelly have trouble to copy the log. thanks