[Dimi73]

Hi Cybertech,

I have done my restore point. I have run secunia again which confirmed I'm all patched up 100% up to date. I did disk cleanup, defragmented, etc. downloaded lavasoft's Adaware and ran it. Then did both antivirus and antispyware scans with Virgin PCGuard which came back fine.

Could you advise:

- if you feel there is more scans I should do?
- if you would say that the machine is now secure to use to access sensitive websites?
- if this machine can get infected via a wireless router that allows my flatmate to remotely connect to the internet? (I mean that if my flatmate's pc is infected can it then infect my PC?)

Thanks again for all your help.

Dimi

[cybertech]

I would not use this machine to access "sensitive websites" such as banking, anything were you would use a credit card to purchase, etc.

I would not trust this machine until it has a full format and reload.

I would not share a wireless router with anyone I suspected of having an infected machine. Further I would restrict access to the wireless router using the MAC address of my machine and other machines that I trust.

Check this out: secure your wireless router

When you get to the end of the article I hope you follow the advice given and you can find everything you need to know on the internet or at the website of your router manufacturer.

[Dimi73]

Hi Cybertech,

Re my router - I have it securty enabled and i have an access code that needs to be typed to be able to log on to the internet.

I am trying to work things out on the MAC and found the info on my router provider's website.

The only thing is that in the article they advise to disable the administrator account on my PC. Do you know if I should do that and if so how? and if I do will it mean I will never be able to do a full format and reload of my machine?

thanks again for all your help..

By the way I will run all the scans on my flatmate's machine tomorrow..

Dimi

[Dimi73]

Hi cybertech,

I think I still have problems with my machine. It crashed 3 times today.. I attach a HJT log..

I am wondering what could have caused the problems. Microsoft said it is related to my antivirus software..

Hope you can look at it.. and that I can finally mark this thread as resolved.. :-)

Thanks a lot again for your help.

dimi

[cybertech]

Run HJT again and put a check in the following:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

Close all applications and browser windows before you click "fix checked".


Looks fine.

[Dimi73]

Hi cybertech,

Just did it. I attach the new HJT Log

Thanks

dimi

[cybertech]

Looks fine.

[Dimi73]

Thanks Cybertech.

If you feel this is 100% fine then I am happy that you really helped me out here. Thanks very much!

I will donate via paypal but from my work machine early next week.

Thanks again for all your support and help!

Take care!

dimi

[Dimi73]

Hey Cybertech!

Just donated today!

Thanks again for your help!

Best regards

Dimi

[cybertech]

You're welcome and thank you for your donation to TSG!

[Dimi73]

Hello Cybertech,

A weird thing just happened.. and I will need more of your help I think..

I was away from my computer with a firefox web-browser page opened. when i came back to it I had a firefox dialog box saying it had closed unexpectedly and if I wanted to restore my last session, I clicked ok and was on a page saying infected c:/ etc etc: WEIRD! :-(

then I wanted to engrave a CD with audio files and my whole machine crashed. I did the Microsoft reporting and it said that it was due to Pinnacle systems Instant write and a driver.. anyway I am just scared.. AM I STILL INFECTED?

I attach a HJT log to this reply.. I am currently running a full system scan with malwarebytes.

Please let me know what you think of this HJT if it is normal.. maybe it is just a small localised issue and not malware related..

thanks

Dimi

[Dimi73]

Hi cybertech,

I attached the MBAM log file after doing a full system scan..

I think I panicked but that the machine is ok.. but wanted to run it by you as clearly i am no expert.. :-(

thanks

dimi

[cybertech]

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click GooredFix.exe to run it.
• Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
• A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

[Dimi73]

Hi cybertech,

Here's the goored fix log:

GooredFix v1.92 by jpshortstuff
Log created at 18:42 on 08/05/2009 running Option #1 (Dimitri)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[cybertech]

Seems to be ok.