The same trkjmp.com/kwd?c Problem

Well, i was checking if people were having the same problem and looks like bunch of people are having that “hxxp://trkjmp.com/kwd?c” problem. Everytime i open a new tab it apears to me. http://img826.imageshack.us/img826/4175/avastb.png

Checking pc with my OTL and i will paste the log after it finishes !

That is my log.
Scanning with aswMBR now

Please ‘modify’ your post change the URL from http to hXXp, to break the link and avoid accidental exposure to suspect sites, thanks.

My aswMBR just crashed twice and i printed.
http://img405.imageshack.us/img405/5809/crashfp.png

A malware removal specialist has been informed of your topic.

You only need to modify URLs pointing at suspect sites, the image links are fine.

Ok, thanks

Hope they can fix it =)

Monitoring 8)

edit: added USB scan

Hi,

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851643
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=14672
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes\{AB97B91E-82AD-4764-B948-C25B2E9FF3F7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU2&o=14670&src=crm&q={searchTerms}&locale=&apn_ptnrs=T8&apn_dtid=YYYYYYYYBR&apn_uid=63f10340-6e8f-4b73-8d12-215cd417d790&apn_sauid=989B8A1B-6F92-40FA-8BA4-272731E269F7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851643
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://br.ask.com/?l=dis&o=14672"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ATU2&o=14670&locale=pt_BR&apn_uid=63f10340-6e8f-4b73-8d12-215cd417d790&apn_ptnrs=T8&apn_sauid=989B8A1B-6F92-40FA-8BA4-272731E269F7&apn_dtid=YYYYYYYYBR&&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Guilherme\AppData\Local\RewardsArcade\498\Firefox
[2012/08/06 15:17:14 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Guilherme\AppData\Roaming\mozilla\Firefox\Profiles\dpgrsp17.default\extensions\toolbar@ask.com
[2012/08/06 15:17:14 | 000,002,324 | ---- | M] () -- C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\dpgrsp17.default\searchplugins\askcom.xml
CHR - homepage: http://www.ask.com/?l=dis&o=14672cr
CHR - Extension: Ask Toolbar = C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaapoomnboffjcgcebabolakmhbblbk\7.15.4.24116_0\
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O33 - MountPoints2\{81f6c131-3031-11e1-8b2f-f46d0472e004}\Shell - "" = AutoRun
O33 - MountPoints2\{81f6c131-3031-11e1-8b2f-f46d0472e004}\Shell\AutoRun\command - "" = E:\Autorun.exe
@Alternate Data Stream - 208 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

:files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.


[]Download AdwCleaner (by Xplode) on your desktop.
[*]Launch it, click on [Search] and wait for the scan.
[
]When the scan ends, notepad with the report will appears.

[*] Click on the [Delete] Wait for the programme completes his work.
The program will close all active programs. Click OK to confirm that.
On the next two windows that open ( Informations and Restart required ) click OK

[*] The computer will restart and open a notepad ( C:\AdwCleaner[S1].txt ) with the report.
[*] Save the notepad report on the Desktop
[*] Please attach here C:\AdwCleaner[S1].txt

Note: The report will also be stored on C:\AdwCleaner[S1].txt


Re-run OTL, click on QuickScan and attach here fresh OTL.txt log

Check USB storage devices / removable drives

Download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

[*] Double click MCShield-Setup to install the application.
[*] Wait a few seconds to MCShield finish initial scan.
Recommendation to under General and Scanner tab you click on Defaults button to choose recommended options.
[*] Connect your USB storage devices to the computer one at a time. Scanning will be done automatically.

When all scanning is done, you need to attach a logreport that has made MCShield.

Start → All Programs → MCShield → Logs

Attach here → AllScans.txt

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC,
e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras,
memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

This is the fresh OTL log.
I will try the mcShield now

Btw, the problem still happening when i open/refresh the Facebook page.

And this is MCShield log !

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Guilherme\AppData\Local\RewardsArcade\498\Firefox

:files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c
ipconfig /release /c
ipconfig /renew /c

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.


How is your computer running now?

THe last Log

Problem still happening with facebook but i believe it’s only with facebook !

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:files
C:\Users\Guilherme\AppData\Local\RewardsArcade\498
C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl
C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\kimookemnclbgcfihcioedbilooolnlj

:commands
[Reboot]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.


If problem still occur, re-run OTL, click on QuickScan and attach here fresh OTL.txt log.
Oslo, tell me in witch browsers you have redirect?

This is the fix log.

Stil happening with facebook and i believe only with facebook

Scanning again and posting

Btw, using Google Chrome

This is the new Scan Log

[b]Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Guilherme\AppData\Local\RewardsArcade\498\Firefox

:files
C:\Users\Guilherme\AppData\Local\RewardsArcade

:commands
[CREATERESTOREPOINT]
[emptytemp]


[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.


Re-run OTL, click on RunScan and attach here fresh OTL.txt log