Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirects


  • Please log in to reply
No replies to this topic

#1 bneff

bneff

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:09 AM

Posted 20 June 2010 - 02:40 PM

First off thanks in advance for your help. Like others here, I've been hit with the search engine redirect bug/trojan/PIA.

I'm running Windows XP Pro Service Pack 3. On the advice from other links I've downloaded (to my desktop), installed and updated Malwarebytes' AntiMalware. I ran the quick scan and here is the log...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4219

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/20/2010 2:20:55 PM
mbam-log-2010-06-20 (14-20-55).txt

Scan type: Quick scan
Objects scanned: 133116
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Then I ran SuperAntiSpyware and here is the log for that scan.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2010 at 02:38 PM

Application Version : 4.39.1002

Core Rules Database Version : 5061
Trace Rules Database Version: 2873

Scan type : Quick Scan
Total Scan Time : 00:10:01

Memory items scanned : 588
Memory threats detected : 0
Registry items scanned : 1815
Registry threats detected : 0
File items scanned : 8255
File threats detected : 124

Adware.Tracking Cookie
C:\Documents and Settings\Ours\Cookies\ours@invitemedia[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ads.monster[2].txt
C:\Documents and Settings\Ours\Cookies\ours@tribalfusion[3].txt
C:\Documents and Settings\Ours\Cookies\ours@banner.adchemy[1].txt
C:\Documents and Settings\Ours\Cookies\ours@msnportal.112.2o7[1].txt
C:\Documents and Settings\Ours\Cookies\ours@atwola[1].txt
C:\Documents and Settings\Ours\Cookies\ours@bravenet[1].txt
C:\Documents and Settings\Ours\Cookies\ours@realmedia[2].txt
C:\Documents and Settings\Ours\Cookies\ours@uclick[2].txt
C:\Documents and Settings\Ours\Cookies\ours@liveperson[1].txt
C:\Documents and Settings\Ours\Cookies\ours@adbrite[2].txt
C:\Documents and Settings\Ours\Cookies\ours@network.realmedia[1].txt
C:\Documents and Settings\Ours\Cookies\ours@advertising[3].txt
C:\Documents and Settings\Ours\Cookies\ours@2o7[3].txt
C:\Documents and Settings\Ours\Cookies\ours@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Ours\Cookies\ours@viacom.adbureau[2].txt
C:\Documents and Settings\Ours\Cookies\ours@atdmt[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ar.atwola[4].txt
C:\Documents and Settings\Ours\Cookies\ours@ads2.ljworld[1].txt
C:\Documents and Settings\Ours\Cookies\ours@collective-media[2].txt
C:\Documents and Settings\Ours\Cookies\ours@citi.bridgetrack[1].txt
C:\Documents and Settings\Ours\Cookies\ours@burstnet[3].txt
C:\Documents and Settings\Ours\Cookies\ours@ar.atwola[1].txt
C:\Documents and Settings\Ours\Cookies\ours@specificclick[2].txt
C:\Documents and Settings\Ours\Cookies\ours@serving-sys[2].txt
C:\Documents and Settings\Ours\Cookies\ours@statse.webtrendslive[2].txt
C:\Documents and Settings\Ours\Cookies\ours@ads.bridgetrack[1].txt
C:\Documents and Settings\Ours\Cookies\ours@specificmedia[3].txt
C:\Documents and Settings\Ours\Cookies\ours@ad.yieldmanager[3].txt
C:\Documents and Settings\Ours\Cookies\ours@pointroll[1].txt
C:\Documents and Settings\Ours\Cookies\ours@mediaplex[1].txt
C:\Documents and Settings\Ours\Cookies\ours@beacon.dmsinsights[2].txt
C:\Documents and Settings\Ours\Cookies\ours@247realmedia[1].txt
C:\Documents and Settings\Ours\Cookies\ours@www.accountonline[1].txt
C:\Documents and Settings\Ours\Cookies\ours@yieldmanager[1].txt
C:\Documents and Settings\Ours\Cookies\ours@a1.interclick[2].txt
C:\Documents and Settings\Ours\Cookies\ours@content.yieldmanager[4].txt
C:\Documents and Settings\Ours\Cookies\ours@doubleclick[2].txt
C:\Documents and Settings\Ours\Cookies\ours@qnsr[1].txt
C:\Documents and Settings\Ours\Cookies\ours@intermundomedia[1].txt
C:\Documents and Settings\Ours\Cookies\ours@cdn4.specificclick[2].txt
C:\Documents and Settings\Ours\Cookies\ours@trafficmp[2].txt
C:\Documents and Settings\Ours\Cookies\ours@revenue[2].txt
C:\Documents and Settings\Ours\Cookies\ours@media6degrees[1].txt
C:\Documents and Settings\Ours\Cookies\ours@eyewonder[1].txt
C:\Documents and Settings\Ours\Cookies\ours@stpetersburgtimes.122.2o7[1].txt
C:\Documents and Settings\Ours\Cookies\ours@at.atwola[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ads.undertone[1].txt
C:\Documents and Settings\Ours\Cookies\ours@bs.serving-sys[2].txt
C:\Documents and Settings\Ours\Cookies\ours@zedo[2].txt
C:\Documents and Settings\Ours\Cookies\ours@revsci[1].txt
C:\Documents and Settings\Ours\Cookies\ours@overture[1].txt
C:\Documents and Settings\Ours\Cookies\ours@content.yieldmanager[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ads.pointroll[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ads.gmodules[1].txt
C:\Documents and Settings\Ours\Cookies\ours@imrworldwide[2].txt
C:\Documents and Settings\Ours\Cookies\ours@www.burstnet[1].txt
C:\Documents and Settings\Ours\Cookies\ours@casalemedia[1].txt
C:\Documents and Settings\Ours\Cookies\ours@kontera[1].txt
C:\Documents and Settings\Ours\Cookies\ours@tacoda[1].txt
C:\Documents and Settings\Ours\Cookies\ours@interclick[1].txt
C:\Documents and Settings\Ours\Cookies\ours@oasn04.247realmedia[3].txt
C:\Documents and Settings\Ours\Cookies\ours@adxpose[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ad.wsod[2].txt
C:\Documents and Settings\Ours\Cookies\ours@questionmarket[2].txt
C:\Documents and Settings\Ours\Cookies\ours@cdn1.trafficmp[1].txt
C:\Documents and Settings\Ours\Cookies\ours@fastclick[2].txt
C:\Documents and Settings\Ours\Cookies\ours@bluestreak[1].txt
C:\Documents and Settings\Ours\Cookies\ours@adecn[1].txt
C:\Documents and Settings\Ours\Cookies\ours@adserver.adtechus[1].txt
C:\Documents and Settings\Ours\Cookies\ours@sales.liveperson[1].txt
C:\Documents and Settings\Ours\Cookies\ours@videoegg.adbureau[2].txt
C:\Documents and Settings\Ours\Cookies\ours@walmart.112.2o7[1].txt
C:\Documents and Settings\Ours\Cookies\ours@webstat[1].txt
C:\Documents and Settings\Ours\Cookies\ours@apmebf[2].txt
C:\Documents and Settings\Ours\Cookies\ours@liveperson[2].txt
C:\Documents and Settings\Ours\Cookies\ours@twc.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\Ours\Cookies\ours@adinterax[2].txt
C:\Documents and Settings\Ours\Cookies\ours@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Ours\Cookies\ours@clickbank[1].txt
C:\Documents and Settings\Ours\Cookies\ours@adbureau[1].txt
C:\Documents and Settings\Ours\Cookies\ours@data.coremetrics[1].txt
C:\Documents and Settings\Ours\Cookies\ours@www.hrsaccount[2].txt
C:\Documents and Settings\Ours\Cookies\ours@liveperson[3].txt
C:\Documents and Settings\Ours\Cookies\ours@cb.adbureau[2].txt
C:\Documents and Settings\Ours\Cookies\ours@accountonline[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Ours\Cookies\ours@bizzclick[1].txt
C:\Documents and Settings\Ours\Cookies\ours@ad.adopm[1].txt
C:\Documents and Settings\Ours\Cookies\ours@centralmediaserver[2].txt
C:\Documents and Settings\Ours\Cookies\ours@ru4[1].txt
C:\Documents and Settings\Ours\Cookies\ours@cdn.at.atwola[1].txt
C:\Documents and Settings\Ours\Cookies\ours@advertise[1].txt
C:\Documents and Settings\Ours\Cookies\ours@myweather.112.2o7[1].txt
C:\Documents and Settings\Ours\Cookies\ours@statcounter[2].txt
C:\Documents and Settings\Ours\Cookies\ours@liveperson[5].txt
convoad.technoratimedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
core.insightexpressai.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
media-glam.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
spe.atdmt.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\YXLUVP8M ]
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.adfrontiers[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tracking.admarketplace[1].txt
cdn.insights.gravity.com [ C:\Documents and Settings\Ours\Application Data\Macromedia\Flash Player\#SharedObjects\KPK7ERFF ]
core.insightexpressai.com [ C:\Documents and Settings\Ours\Application Data\Macromedia\Flash Player\#SharedObjects\KPK7ERFF ]
picayune.uclick.com [ C:\Documents and Settings\Ours\Application Data\Macromedia\Flash Player\#SharedObjects\KPK7ERFF ]
spe.atdmt.com [ C:\Documents and Settings\Ours\Application Data\Macromedia\Flash Player\#SharedObjects\KPK7ERFF ]
www.uclick.com [ C:\Documents and Settings\Ours\Application Data\Macromedia\Flash Player\#SharedObjects\KPK7ERFF ]

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users