heatherific
Posts: 6 +0
I had the Google redirect problem that others have mentioned. I completed the steps, & here are my log files. Thanks! 
Was experiencing google redirect, log files attached
- Thread starter heatherific
- Start date
- Status
touch
Posts: 976 +0
Hello heatherific
Uninstall your AVG8 Antivirus
Run the AVGRemove Tool
Reboot.
Run a complete scan with Avira, and attach the log it produce, along with new hijackthis log
Uninstall your AVG8 Antivirus
Run the AVGRemove Tool
Reboot.
Run a complete scan with Avira, and attach the log it produce, along with new hijackthis log
heatherific
Posts: 6 +0
K, here ya go.
touch
Posts: 976 +0
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Run a complete scan with Avira, and see if it find more infections.
Then, please tell how things are running now ?
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ISUSScheduler] \"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe\" -start
O4 - HKLM\..\Run: [TkBellExe] \"C:\Program Files\Common Files\Real\Update_OB\realsched.exe\" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] \"C:\Program Files\Java\jre6\bin\jusched.exe\"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Run a complete scan with Avira, and see if it find more infections.
Then, please tell how things are running now ?
heatherific
Posts: 6 +0
i'm still getting the redirect. it's listed in my browsing history as:
abcjmp.com/jump2/?affiliate=se1&subid=20373&terms=recipes
abcjmp.com/jump1/?affiliate=se1&subid=20373&terms=recipes&sid=Z446044402%40EzXzMDO4AzMz8lM0ATNfRTMfNTNy81M0MDOyIjM0ITM&a=fr5&mr=1&rc=0
3038.20373.simonsearch.com/jump2/?affiliate=3038&subid=20373&terms=vegetarian%20recipes
3038.20373.simonsearch.com/jump1/?affiliate=3038&subid=20373&terms=vegetarian%20recipes&sid=Z055044430%40EzXzYzN2EzMz8FN5cTNflTMflTNx81M0MDOyIjM0ITM&a=fr5&mr=1&rc=0
64.124.222.176/pass/?c=HE40ZK4i6gTZ%2BThdbzmCnrPjDNnCB%2FaXVdcjb7TN%2FYw5SGxhuCGrqyJP4AR77X1QS91ifj6fQRhSzznO4kZXcLzJdlez3sL0MX8XxgLLe0Csvc7yCz%2Bcgx%2FvYDbROjgbsaXr3PEdvxVXZukB7mQeD1xxdbzU72FuM5bapTa1Kx7ZqpUE43%2FBru%2FBe3rZvNTFuUWtmAENyBLO%2Bq4puzdEMmviezRq1LeTCCZJCrOk%2F%2FEu8I8nC6pqLMEPIQHikRFcm7T5%2BPxWW5K7YPt1wU8y7FPDskTeDfApvuvYFAMahrs3A8CJkNC0iCP5MB7gZZarvsKPNtV6%2Byol2SMPu%2FWDDTKI2fciKvOP0Y9ZJ1fFjUw%3D
I don't know if that helps or not.
PS, doesn't seem to be happening in explorer, only in firefox so far.
abcjmp.com/jump2/?affiliate=se1&subid=20373&terms=recipes
abcjmp.com/jump1/?affiliate=se1&subid=20373&terms=recipes&sid=Z446044402%40EzXzMDO4AzMz8lM0ATNfRTMfNTNy81M0MDOyIjM0ITM&a=fr5&mr=1&rc=0
3038.20373.simonsearch.com/jump2/?affiliate=3038&subid=20373&terms=vegetarian%20recipes
3038.20373.simonsearch.com/jump1/?affiliate=3038&subid=20373&terms=vegetarian%20recipes&sid=Z055044430%40EzXzYzN2EzMz8FN5cTNflTMflTNx81M0MDOyIjM0ITM&a=fr5&mr=1&rc=0
64.124.222.176/pass/?c=HE40ZK4i6gTZ%2BThdbzmCnrPjDNnCB%2FaXVdcjb7TN%2FYw5SGxhuCGrqyJP4AR77X1QS91ifj6fQRhSzznO4kZXcLzJdlez3sL0MX8XxgLLe0Csvc7yCz%2Bcgx%2FvYDbROjgbsaXr3PEdvxVXZukB7mQeD1xxdbzU72FuM5bapTa1Kx7ZqpUE43%2FBru%2FBe3rZvNTFuUWtmAENyBLO%2Bq4puzdEMmviezRq1LeTCCZJCrOk%2F%2FEu8I8nC6pqLMEPIQHikRFcm7T5%2BPxWW5K7YPt1wU8y7FPDskTeDfApvuvYFAMahrs3A8CJkNC0iCP5MB7gZZarvsKPNtV6%2Byol2SMPu%2FWDDTKI2fciKvOP0Y9ZJ1fFjUw%3D
I don't know if that helps or not.
PS, doesn't seem to be happening in explorer, only in firefox so far.
touch
Posts: 976 +0
Ok.
Please download http://jpshortstuff.247fixes.com/GooredFix.exe
and save it to your Desktop.
Double-click GooredFix.exe to run it. Select "Find Goored (no fix)" by typing 1 and pressing Enter. You will be presented with a log, please attach the contents of that log in your next reply.
(It can also be found on your desktop
Please download http://jpshortstuff.247fixes.com/GooredFix.exe
and save it to your Desktop.
Double-click GooredFix.exe to run it. Select "Find Goored (no fix)" by typing 1 and pressing Enter. You will be presented with a log, please attach the contents of that log in your next reply.
(It can also be found on your desktop
heatherific
Posts: 6 +0
Here ya go, thanks for the help!
touch
Posts: 976 +0
Please double-click Goored.exe on your Desktop to run it. Select 2.
Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
And tell how things are running ?
Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
And tell how things are running ?
heatherific
Posts: 6 +0
still getting redirected. bummer. so does this mean someone has access to my computer? or is it just more annoying than anything?
touch
Posts: 976 +0
I don´t think any have access to your computer, it´s "just" annoying. Let´s see if combofix find some infections ->
Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix, if you have any
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
Please download Combofix:
http://subs.geekstogo.com/ComboFix.exe
And save to the desktop.
Close all other browser windows.
Please connect all your external hard drive/flash drive before running Combofix, if you have any
Double-click on the combofix icon found on your desktop.
Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post
heatherific
Posts: 6 +0
thought i ran combofix but i can't find the log file. BUT, i uninstalled & reinstalled firefox and am no longer getting redirected! YAY! :grinthumb
touch
Posts: 976 +0
That´s good news
Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.
To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place
Keep safe :wave:
Now your computer problems are solved, it is time for the clean-up procedure
You should Create a New Restore Point to prevent possible reinfection from an old one.
The easiest and safest way to do this is:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
Please download OTCleanIt
Save it to desktop.
This will remove all the tools we used to clean your computer.
Double-click OTCleanIt.exe. Click CleanUp. Say Yes to the "Begin cleanup Process?"
When asked if you want to proceed with the cleanup process, click Yes. Restart your computer when prompted.
Please note. It will NOT remove Mbam, Ccleaner and SuperAntispyware.
To learn more about how to protect yourself while on the internet, please read Tony Klein´s guide:
How did I get infected in the first place
Keep safe :wave:
- Status
Similar threads
Latest posts
-
Nvidia GeForce RTX 3050 6GB Review: Quiet Release, Dodgy Name- petalsofpain replied
-
Fallout TV show secures second season after stellar debut- Vulcanproject replied
