Google redirect and other stuff

[djphilos]

Hello, first post so wish me luck

Got that google redirect thing. I followed the eight step plan and have attached relevent logs.

Basically it all started when i got xp antivrus 2009 virus and thought I had got rid of it with the software advised in the 8 step plan

I had to download said software on another pc because google chrome stopped working all together ( and still won`t work ) and google redirected all of my searches for them

Avira is the only one that will update and the rest will not

I have done the renaming hjt exe to something else too

Hope that all made sense

Game on

 

[Bobbye]

You need to go back and run Malwarebytes again- following the directions for checking for removal. Please follow that with SuperAntispyware, then a new HijackThis log. Directions:
https://www.techspot.com/vb/post645589-1.html

But you need to handle the 'two AV' problem now. IT appears you may have once has the Symantec/Norton security program, but there are still processes loading for it, so we can handle some of this now. Before running HijackThis again, download the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Save to your desktop. DO NOT run yet.

Temporarily disable these Real Time programs before the scans: See
http://wiki.castlecops.com/Malware_Removal:_Temporarily_Disable_Real_Time_Monitoring_Programs
Real Time:

C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Your Java is also out of date:
Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

Symantec/Norton Entries:

C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Symantec Event Manager (ccEv
Mgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - E:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

Have HijackThis remove these entries also:

O4 - HKLM\..\Run: [RemHelp] remhelp.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DMX 6fire 2496 ControlPanel.lnk = ?
O24 - Desktop Component 0: Privacy Protection - (no file)

Now close all windows other than HiJackThis, then click Fix Checked.Close HiJackThis and reboot into Safe Mode:
Start> Run> type in ''msconfig' without the quotes> Selective Start-up> Startup tab> uncheck everything EXCEPT the AV and Firewall, touchpad for laptop> Apply> OK.
Start> Run> type in services.msc> Change the Startup type for ALL Symantec Services to Disable using right click> Propereties on each Service> Change the Startup typpe for the Java Quick Start to Disabled> Apply> OK

Control Panel> Add/Remove Programs> uninstall Java v6 and any other programs you don't use.
Reboot into Normal Mode> Close the nag message after checking 'don't show this message again.' Stay in Selective Startup.

Double click and Run the Norton Removal Tool.

Install current Java version-v6u7- from here: http://java.com/en/download/manual.jsp

Now proceed with running the additional programs, followed with HijackThis scan. Attach all three logs.

 

[djphilos]

Thank you

I am on the case and get back to you asap

 

[Bobbye]

Okay. Attach logs when through.

 

[djphilos]

Ok, here goes

Did everything to the letter and it all seems to be ok now

Don`t want to speak too soon, but Google is not redirecting, mbam just updated and sas has just updated too.
Even Google chrome is working.

Here are the logs anyway to see if you can see anything else

Cannot thank you enough for your help

Whats the best way to prevent this in the future?

I take it that I should keep Avira running and updated all of the time? Should I have a Firewall? and should I keep sas or mbam running all the time or just periodical scan

 

[Bobbye]

Okay, just a few entries to clean up:
Please re-open HiJackThis and scan.*Check* the boxes next to all the entries listed below:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O24 - Desktop Component 0: Privacy Protection - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis and reboot.

I don't see a PDF reader- usually Adobe. You can either download the latest Adobe v9, or better, get FoxIt instead. It is free, does the same thing as Adobe, but doesn't have the bloat:
So: Either/Or:
http://www.download.com/Adobe-Reader/3000-2378_4-10000062.html
OR
http://www.foxitsoftware.com/pdf/rd_intro.php > click on 'Get it Free.'

You can remove the cleaning tools:
*OTCleanit! by Oldtimer*
* Download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe)
* Click the CleanUp! button.
* It will go thorough the list and remove all of the tools it finds and then delete itself (requiring a reboot).

Clear your existing System Restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore> Select Create a restore point> OK.
Next, go to Start > Run and type in cleanmgr> Select the More options tab> Choose the option to clean up System Restore and OK it.
This will remove all restore points except the new one you just created.

Whats the best way to prevent this in the future?

Security:
1. Keep one antivirus program updated. Scan often.
2. Get a Firewall: Recommended Free Firewall:
Comodo> http://www.personalfirewall.comodo.com/
Zonealarm> http://www.zonealarm.com/store/content/catalog/products/zonealarm_free_firewall.jsp

3. Keep at least two spyware/adware programs on the system. Update and scan often. Recommendations:
SpywareBlaster to keep off: http://www.javacoolsoftware.com/spywareblaster.html
Spyware Doctor: https://www.techspot.com/downloads/176-spyware-doctor.html
Spybot Search & Destroy:
https://www.techspot.com/downloads/149-spybot-search-and-destroy-detection-update.html

SpywareBlaster: https://www.techspot.com/downloads/568-spywareblaster.html

And it goes without saying that you, the user, is the first line of security. Where you go, what you click on, what you open....it begins there.

IT was a pleasure helping you. Please let us know if you need additional information.

 

[djphilos]

Not out of the woods

Looks like maybe I have been a tad premature

Hijack this got rid of
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :

But not
O24 - Desktop Component 0: Privacy Protection - (no file)

I have attached the new hjt log

And, system restore said, quote
System restore is not able to create a restore point.
Please restart the computer, and then run system restore again.

I tried this a couple of times with no joy

hmm

 

[djphilos]

Curiouser and curiouser

After posting my last reply i ran the now updated Malwarebytes which in turn found some stuff

I wake up this morning, and my pc has returned to its sorry state of google redirect and no chrome

HELP

I am going to redo all of the previous steps and post logs asap

 

[djphilos]

Here they are

sas found nothing

 

[djphilos]

IT GETS WORSE

About an hour ago my pc just totally froze! I hit the reset button

Now my pc will not start in any mode other than safe mode

AAHHHHHHHHHH

I looked in the device manager and couldn`t see any probs there

I think my pc maybe takin a very fast exit strategy out of the window so

 

[Bobbye]

Remove 024 Desktop from HijackThis:

The following is the only removal that has worked:
Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.

Your logs don't indicate a cause of the current problem, so it appears to be either mechanical or the OS itself. Boot into Safe Mode and check the Event Viewer:

Description of the Event Viewer: The Event Viewer has logs for everything that happens on the computer. There are three sets of logs: System, Applications and Security. By opening the first two to display the Events, you can look for Errors that correspond to the time of the problem.

There are three types of Events in the System and Apps logs:
1. Information (white circle w/blue i): this is just basic documentation of the normal working of the System or Apps.
2. Warnings (yellow triangle w/black exclamation mark) noting some problem at that moment. Warnings usually resolve on their own. If they do not, they become>>>
3. Errors (red circle w/white X- they document something that didn't work or isn't happening as it should. Each Errors has three parts: an ID#, a Source and a Description. By doing a right click> Properties, the Error will open to a screen that can be copied. These three parts taken together can usually lead to cause and resolution.

Do this on each the System and the Applications logs:
Click to open the log> look for the Error> right click on the Error> Properties> Click on Copy button, top right, below the down arrow and Paste here (Ctrl V)

You can ignore the Categories 1 and 2. If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed. You don't need to include the lines of code in the box below the Description, if any.

Please do not copy the entire Event Log. Look for thee last Error- when the system froze. This can be done in Safe Mode. Maybe we can turn up a cause for the problems.

 

[djphilos]

Ok, I think I have finally messed up BIG TIME

In my eagerness (stupidness) to try and get my pc started. I read a post about repairing xp with the setup disc

So I tried it, it didn`t work and now when I try to boot in safe mode it tells me that setup cannot start in safe and that my pc will restart. Then it just loops between trying to restart with no joy.

Give it to me straight, did I finally kill it?

If so I take it that I can just put the HD into another pc to get my photos,music etc

what a DIK i am

 

[Bobbye]

Ok, I think I have finally messed up BIG TIME

Well, apparently you hadn't read my previous post before you decided to repair. Trying to do something when you don't know how usually causes consequences. Did you kill it? I don't know. You may be able to get into the BIOS, change Boot order to CD first and boot from the Windows CD setup.

The only other suggestion I have at this point is to reformat. I hope you backed up what you didn't want to lose.Too bad- we wasted a lot of time!

 

[djphilos]

Sorry about the waste of time, I live and learn.

I can get into the bios, so how would i boot from the disc?

I take it that I can try and put my HD into another pc and get the stuff off right?

Once again

THANK YOU

 

[Bobbye]

Sorry- guess I shouldn't show my frustration! But tit takes a while to go through all the logs, verify entries, etc. I wasn't expecting the repair attempt in the middle of it.

Go into the BIOS> use the arrow keys to access Boot section> set Boot order to CD first, hard drive second, Save an Exit. Press any key, insert Windows OS CD, boot from the Startup. If you're lucky, you will just boot into the OS and not lose anything. But good possibility is having to do a Recovery and possibly lose it all.