Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engines (google & yahoo) redirecting


  • This topic is locked This topic is locked
2 replies to this topic

#1 cmbcne

cmbcne

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 25 April 2010 - 07:35 PM

This is my first post. I have read the guide, but I have not yet done the DDS script or run GMER. That's because it's weekend and the infected(?) machine is not the mchine I'm at. I have done other things and I wondered if it might help if I posted the results of that first.

I need help in diagnosing a problem on a friend's computer. The computer is in an office, so I can only get at it intermittently. I went there after office hours on Wednesday and Thursday and did some diagnostics and ran various tools.

Problem: Browser hijacker that redirects Google and Yahoo searches. www.searchresultsdirect.com takes me to www.cars4all.biz whenever I do a search. Curiously, Hotbot, which uses Yahoo, does not redirect. Neither does Dogpile, which uses Google.

What I've done:
* I checked the hosts file and it's absolutely stock condition (just the loopback)

* Ran cwshredder. Machine is clean.

* Ran MBAM and Spybot S&D. Removed some cookies.

* Checked to make sure the DNS entries were not affected. They are still as I originally set them (hardwired to the Telus DNS numbers)

* Ran Firefox in safemode (FF safemode, not Windows safe mode). No redirection. In normal mode it redirects.

* Uninstalled all Java. Rebooted. Installed Java 6 U20. Rebooted. Same problem

* Ran ATF Cleaner. Same problem

* Tried manually disabling plug ins in FF but problem persists.

* Created new FF profile. Same problem

* Uninstalled FF completely. Reboot. Install latest FF. Import only bookmarks. Same problem

* Ran Hijackthis, Trend Micro RootkitBuster, and SUPERAntiSpyware. Logs of each follow:
NOTE: The Hijackthis was downloaded from Trend Micro on Wednesday, April 21st, but I had to remove the log from this post because your system sees it as being out of date or "unauthorized". I don't understand why that would happen, but I just deleted it so I could start the process. I have now downloaded a new copy from the link your system provides and will run it the next time I'm able to get at the machine involved.



<<Trend Micro RootkitBuster>>

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.80.0.1077
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
[FILE_STREAM]:
FullPath : C:\Data\Signatures\Thumbs.db:encryptable:$DATA
FullPathLength: 28
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data:extended:$DATA
FullPathLength: 0
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x30
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable:$DATA
FullPathLength: 83
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Documents and Settings\Veronica\Application Data\Microsoft\Internet Explorer\Quick Launch\ShowMyPC2963.exe:Zone.Identifier:$DATA
FullPathLength: 109
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Documents and Settings\Veronica\Desktop\Jessica's cover.doc:Zone.Identifier:$DATA
FullPathLength: 62
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Documents and Settings\Veronica\Desktop\Resume.doc:Zone.Identifier:$DATA
FullPathLength: 53
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Documents and Settings\Veronica\Desktop\ShowMyPC3010.exe:Zone.Identifier:$DATA
FullPathLength: 59
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Install Stuff\AdAware SE\aawsepersonal.exe:Zone.Identifier:$DATA
FullPathLength: 45
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Install Stuff\Spyboy S&D\spybotsd14.exe:Zone.Identifier:$DATA
FullPathLength: 42
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Install Stuff\ZoneAlarm\zlsSetup_65_722_000_en.exe:Zone.Identifier:$DATA
FullPathLength: 53
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x20
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\Old Master\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable:$DATA
FullPathLength: 94
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
[FILE_STREAM]:
FullPath : C:\WINDOWS\Web\Wallpaper\Thumbs.db:encryptable:$DATA
FullPathLength: 34
DesiredAccess : 0x0
Options : 0x0
Attributes : 0x26
ShareAccess : 0x0
Type : 0x0
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

<<SUPERAntiSpyware>>
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/22/2010 at 07:14 PM

Application Version : 4.35.1002

Core Rules Database Version : 4840
Trace Rules Database Version: 2652

Scan type : Complete Scan
Total Scan Time : 00:31:47

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 5198
Registry threats detected : 0
File items scanned : 29649
File threats detected : 183

Adware.Tracking Cookie
C:\Documents and Settings\Veronica\Cookies\veronica@msnportal.112.2o7[1].txt
C:\Documents and Settings\Veronica\Cookies\veronica@atdmt[1].txt
statse.webtrendslive.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.yadro.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.www.zanox-affiliate.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.adtech.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
.doubleclick.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.atdmt.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.valueclick.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.bluestreak.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.tribalfusion.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.tribalfusion.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.atwola.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
ad.yieldmanager.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
ad.yieldmanager.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.maxserving.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.maxserving.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
ads.revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.zedo.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.zedo.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.zedo.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
media.adrevolver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.adrevolver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.fastclick.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.burstnet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.adcentriconline.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.usatoday1.112.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.kanoodle.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
statse.webtrendslive.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.questionmarket.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.questionmarket.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.questionmarket.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.247realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.247realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.mediaplex.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.casalemedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.casalemedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.casalemedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.ehg-yellowpages.hitbox.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.hitbox.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.amazonsearsca.122.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.apmebf.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.apmebf.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.as-us.falkag.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.belnk.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.bizrate.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.bizrate.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.bravenet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.bravenet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.bravenet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.bs.serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.cbs.112.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wfkoapd5who.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wfligmcjcdp.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wflioncpodp.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wjk4anazclo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wjkokic5ilo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wjkygiczwaq.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wjkyukczoeo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wjlichd5gbo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wjlywkcjodp.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.e-2dj6wjnyqnajgfo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.edge.ru4.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.kontera.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.kontera.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.kontera.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.msnportal.112.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.nextag.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.nextag.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.perf.overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.qksrv.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.qksrv.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.superstats.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.trafficmp.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.trafficmp.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.tripod.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.z1.adserver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.z1.adserver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
banners.nbcupromotes.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
images.crossmediaservices.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
media101.sitebrand.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
media101.sitebrand.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
pt.crossmediaservices.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
web4.realtracker.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
www1.addfreestats.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
www6.addfreestats.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
.2o7.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
.2o7.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
.doubleclick.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
.as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
.as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
.as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
.as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
.mediaplex.com [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
C:\Old Slave\Documents and Settings\veronica\Cookies\veronica@2o7[2].txt





BC AdBot (Login to Remove)

 


#2 cmbcne

cmbcne
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 27 April 2010 - 08:47 PM

Please close this question. The problem has been solved. I posted my query on Experts Exchange as well and got this reply:

"
I found this:
http://support.mozilla.com/no/forum/1/652924

Quote:


After checking out his hosts file, dns, proxy info, etc, and running a MalwareBytes quick scan, I noticed something strange in his extensions.ini:
Extension2=C:\Documents and Settings\usernameremoved\Local Settings\Application Data\{EA3AA2E9-BCBF-481A-B198-8E7D100D2FC4} Extensions aren't stored in Local Settings\Application Data! Removing that line from extensions.ini fixed him right up.

End Quote.
"

Removed the line from the INI file and also removed the whole folderunder Application Data and searches no longer redirect.


#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:35 PM

Posted 27 April 2010 - 08:49 PM

Topic closed at member request.

Please send me a PM if you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users