Malicious URL Blocked

Whenever I load a webpage, be it through Crome, Firefox or IE, avast blocks the following url:
i.trkjmp.com/kwd?c=Q0E6T046V2F0ZXJsb286Zm9ydW0uYXZhc3QuY29tOnotMTA2My0xNTIyNA%3D%3D&cb=_GPL.items.a652c.displayKeywords

This just started happening today.

I’ve been following the steps in: http://forum.avast.com/index.php?topic=53253.0
to try and remove the malware

So far, I’ve run AdwCleaner and MBAM. Attached is the MBAM scan log

Removing these files has not resolved the problem, so the the thread recommended that I start a new topic for my problem.

I will proceed to run OTL and aswMBR

OTL logs…

aswMBR log…

So, does anyone have any suggestions as to how I should proceed? :-\

yes …be patient as all the removers are in bed now, so check back later today

It’s quite late here… You can imagine in Europe :slight_smile:

I realize it’s likely too late for people to post responses to this, but this Is the first chance I’ve had to use the computer all day.

Just an Update: Today when I booted up my computer, the avast popup no longer appears when I load webpages. However, When I check my real-time shields, the “i.trkjmp.com/kwd?c=…” etc. connection is still happening and is being scanned, but is no longer being flagged as an infected connection.

Should I be worried?

You do have some bad redirectors on the system

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.3.0.1
FF - prefs.js..extensions.enabledItems: info@allpremiumplay.info:1.0
FF - prefs.js..extensions.enabledItems: 5042c63c02e6f@5042c63c02ea8.info:1.0
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@allpremiumplay.info: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\37kqkebc.default\extensions\info@allpremiumplay.info
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5042c63c02e6f@5042c63c02ea8.info: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\37kqkebc.default\extensions\5042c63c02e6f@5042c63c02ea8.info [2012/09/01 22:42:33 | 000,000,000 | ---D | M]
[2012/09/01 22:42:33 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\37kqkebc.default\extensions\5042c63c02e6f@5042c63c02ea8.info
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (CodecC Class) - {36461866-1CED-4E5E-A0D6-92694E052B4B} - C:\ProgramData\CodecC\bhoclass.dll File not found
O2 - BHO: (Codecv Class) - {45B3F777-6442-ADD7-2BE2-82DD30B018EB} - C:\ProgramData\Codecv\bhoclass.dll ()
O3 - HKU\S-1-5-21-3879206052-2342617554-1751574852-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
[2012/09/01 22:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
[2012/09/01 22:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv

:Files
C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\37KQKEBC.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\37KQKEBC.DEFAULT\EXTENSIONS\INFO@ALLPREMIUMPLAY.INFO
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Ran the fix. The i.trkjmp redirect doesn’t seem to be happening anymore, so that’s good.

Attached is the log for the quick scan.

If there are no further problems then run OTL and press the cleanup button ;D

Great! Thank you very much for the help! :slight_smile: