Google redirect problem

[ellert]

attached is hijack log - google redirect problem described by other users...

 

[Bobbye]

You need to follow the Steps here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

The HijackThis log alone is not enough. But before you run those programs, you need to do the following:

Disable Teatimer

* Right click the Image (Spybot -SD Resident Icon) located in your system tray
* This will bring up the Spybot options menu, uncheck Resident Protection
* Launch Spybot S&D Program
* Click on Mode at the top and make sure that Advanced is checked
* Expand the Tools tab in the left pane
* Single click on the Resident Icon also in the left pane
* Uncheck Resident "TeaTimer" (Protection of over-all system settings) Active
* Close Spybot

You also need to take Chkdsk off of Startup: You have all the following entries:

O4 - S-1-5-21-1214440339-602162358-725345543-1005 Startup: ChkDisk.dll (User 'Jarrett')
O4 - S-1-5-21-1214440339-602162358-725345543-1005 Startup: ChkDisk.lnk = ? (User 'Jarrett')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?

Go to the Control Panel> Scheduled Task> find ChkDisk and remove it from Startup.

Once done, follow the Steps- you can ignore Step 1 since you have Symantec functioning.

Please attach all three logs when through for review.

 

[KaiserSosay]

hey i had this problem, what fixed it for me what a program someone created called GooredFix.exe . hopefully this helps you.

 

[ellert]

Got all logs now

attached all logs from full process.

Thanks!

 

[Bobbye]

Okay, we're going to do some cleaning up and maintenance first. I found the following users on this machine:

jarrett, Kiera, Sean,Nolan, Bruce, Bridget

Each of you needs to do same things on your account:

1. Step 2: Run CCleaner> kiera and sean, you have a lot of trash in your temporary internet files.

2. Reset Cookies: all of you have every Tracking Cookies on the internet!

For Firefox: Open Firefox> Tools> Options> Privacy section> Cookies> UNCHECK 'allow third party Cookies'> CHECK 'accept Cookies from sites'> Close

For Internet Explorer:
Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

3. EACH of you, put the following add-on for Firefox on your account:
AdBlock Plus: https://addons.mozilla.org/en-US/firefox/addon/1865
Easy List: http://easylist.adblockplus.org/
Get all three lists. These act as filters for AdBlock Plus

4. Remove ad.yieldmanager: ad.yieldmanager.com basic removal and prevention:

Ad.yieldmanager.com is a known adware site and it places itself in your Trusted Zone. You can remove this entry from your Trusted Site list and Restrict the Domain:

Internet Options> Security tab> Trusted sites> Sites> A window will open with the trusted sites...allowing you to add or remove entries> Remove the Ad.yieldmanager entry from the list> Apply> OK.

Then go to the Restricted Sites> Sites> type in *ad.yieldmanager > click on Add> Apply> OK.

Some of the above is basic maintenance and it doesn't appear that any of you are doing this. It includes: disc cleanup to remove temporary internet files, temp files. deleting Cookies and History, Error Checking and defrag.

5. You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player.
How to Remove Viewpoint Media Player, Toolbar, or Manager

1) Right-click on the clock in your taskbar and choose Task Manager
2) Click on the Processes tab and search for VIEWMGR.EXE, if its found, click on it and then click End Task to close it
3) Click on Start, Control Panel, Add/Remove Programs
4) Uninstall any of the following programs associated with Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
5) Close the Add/Remove Programs and Control Panel
6) Restart your computer

Warning: If you install AOL © Instant Messenger, Adobe Atmosphere plugin, or another program that requires Viewpoint, it will download and install again.

The HijackThis log is clean,. If the system is running slow after the malware removal, it is because of poor maintenance and too may unnecessary startups.

6. Due to the multitude of malware found by Malwarebytes and SuperAntispyware, Please run ComboFix:
Please download ComboFix.: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.

Please disable all security programs, such as antiviruses, antispywares, and firewalls.
Also disable your internet connection.

• Run Combo-Fix.exe and follow the prompts.

**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
• Wait for the scan to be completed.
• If it requires a reboot, please do it.
• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Do not click on the ComoboFix window, as it may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please rescan with HijackThis and attach new log and ComboFix report.