TechSpot

Was experiencing google redirect, log files attached

By heatherific
May 11, 2009
  1. I had the Google redirect problem that others have mentioned. I completed the steps, & here are my log files. Thanks! :)
     
  2. touch

    touch TS Rookie Posts: 978

    Hello heatherific

    Uninstall your AVG8 Antivirus
    Run the AVGRemove Tool

    Reboot.

    Run a complete scan with Avira, and attach the log it produce, along with new hijackthis log
     
  3. heatherific

    heatherific TS Rookie Topic Starter

    K, here ya go. :)
     
  4. touch

    touch TS Rookie Posts: 978

    Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
    O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)



    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.
    This will remove all restore points except the new one you just created.

    Run a complete scan with Avira, and see if it find more infections.

    Then, please tell how things are running now ?
     
  5. heatherific

    heatherific TS Rookie Topic Starter

    i'm still getting the redirect. it's listed in my browsing history as:
    abcjmp.com/jump2/?affiliate=se1&subid=20373&terms=recipes

    abcjmp.com/jump1/?affiliate=se1&subid=20373&terms=recipes&sid=Z446044402%40EzXzMDO4AzMz8lM0ATNfRTMfNTNy81M0MDOyIjM0ITM&a=fr5&mr=1&rc=0

    3038.20373.simonsearch.com/jump2/?affiliate=3038&subid=20373&terms=vegetarian%20recipes

    3038.20373.simonsearch.com/jump1/?affiliate=3038&subid=20373&terms=vegetarian%20recipes&sid=Z055044430%40EzXzYzN2EzMz8FN5cTNflTMflTNx81M0MDOyIjM0ITM&a=fr5&mr=1&rc=0

    64.124.222.176/pass/?c=HE40ZK4i6gTZ%2BThdbzmCnrPjDNnCB%2FaXVdcjb7TN%2FYw5SGxhuCGrqyJP4AR77X1QS91ifj6fQRhSzznO4kZXcLzJdlez3sL0MX8XxgLLe0Csvc7yCz%2Bcgx%2FvYDbROjgbsaXr3PEdvxVXZukB7mQeD1xxdbzU72FuM5bapTa1Kx7ZqpUE43%2FBru%2FBe3rZvNTFuUWtmAENyBLO%2Bq4puzdEMmviezRq1LeTCCZJCrOk%2F%2FEu8I8nC6pqLMEPIQHikRFcm7T5%2BPxWW5K7YPt1wU8y7FPDskTeDfApvuvYFAMahrs3A8CJkNC0iCP5MB7gZZarvsKPNtV6%2Byol2SMPu%2FWDDTKI2fciKvOP0Y9ZJ1fFjUw%3D

    I don't know if that helps or not.

    PS, doesn't seem to be happening in explorer, only in firefox so far.
     
  6. touch

    touch TS Rookie Posts: 978

    Ok.

    Please download http://jpshortstuff.247fixes.com/GooredFix.exe
    and save it to your Desktop.
    Double-click GooredFix.exe to run it. Select "Find Goored (no fix)" by typing 1 and pressing Enter. You will be presented with a log, please attach the contents of that log in your next reply.
    (It can also be found on your desktop
     
  7. heatherific

    heatherific TS Rookie Topic Starter

    here ya go, thanks for the help!
     

    Attached Files:

  8. touch

    touch TS Rookie Posts: 978

    Please double-click Goored.exe on your Desktop to run it. Select 2.
    Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again.
    A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

    And tell how things are running ?
     
  9. heatherific

    heatherific TS Rookie Topic Starter

    still getting redirected. bummer. so does this mean someone has access to my computer? or is it just more annoying than anything?
     
  10. touch

    touch TS Rookie Posts: 978

    I don´t think any have access to your computer, it´s "just" annoying. Let´s see if combofix find some infections ->

    Please download Combofix:
    http://subs.geekstogo.com/ComboFix.exe

    And save to the desktop.

    Close all other browser windows.

    Please connect all your external hard drive/flash drive before running Combofix, if you have any

    Double-click on the combofix icon found on your desktop.

    Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

    Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
     
  11. heatherific

    heatherific TS Rookie Topic Starter

    thought i ran combofix but i can't find the log file. BUT, i uninstalled & reinstalled firefox and am no longer getting redirected! YAY! :grinthumb
     
  12. touch

    touch TS Rookie Posts: 978

    That´s good news :D

    Now your computer problems are solved, it is time for the clean-up procedure
    You should Create a New Restore Point to prevent possible reinfection from an old one.
    The easiest and safest way to do this is:
    Go to Start > All Programs > Accessories > System Tools > System Restore
    Select Create a restore point, and Ok it.
    Next, go to Start > Run and type in cleanmgr
    Select the More options tab
    Choose the option to clean up system restore and OK it.

    This will remove all restore points except the new one you just created.

    Please download OTCleanIt
    Save it to desktop.
    This will remove all the tools we used to clean your computer.
    Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
    When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
    Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.

    To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
    How did I get infected in the first place


    Keep safe :wave:
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...