Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect – morphing into no search engine capacity at all


  • Please log in to reply
3 replies to this topic

#1 HKP2

HKP2

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 18 October 2010 - 01:22 PM

The problem started in July when I foolishly got tricked into starting to download what I believe was “My Security Master AV,” thinking it was my AVG warning me about something. My husband and I then ran “rkill” and that seemed to get rid of the problem for a while.

Then I started getting the random google redirect problem. Sometimes a google utility screen asking me to prove I was human (by entering a password) would pop up in place of google. Also the google home page developed weird add-ons like “Go to Google Canada.” These add-ons weren’t on my husband’s computer.

We downloaded, updated and have repeatedly tried both Hitman Pro and Malwarebytes, but most of the time they turned up nothing – if anything, maybe just a few tracking cookies.

We went away for a month and in this last week back, the problem has deepened – it’s not just redirect. Yesterday, I couldn’t bring up google at all. Or use yahoo search. Or access Bing. Or open my gmail. Neither Firefox or IE could open those web pages.

Today, they are working again – lulling me into a false sense of security.

We were ready to just re-install Windows and start all over from scratch until I read about combofix. Both sound like “scorched earth” type of solutions. What would you recommend?

Further information: I’m on Windows XP.

On one of the malware forums, I found the following instructions:

1) Click START > RUN > and type in "C:\windows\system32\drivers\etc\hosts"
(2) When prompted, open the HOSTS file in either Notepad or Wordpad
(3) Delete all the lines of IP addresses in the text document except for "127.0.0.1 localhost".

I do have a TON of suspicious crud in this file (below), but can’t alter it in any way:

127.0.0.1 localhost
::1 localhost
??????????????? browser-security.microsoft.com
??????????????? antiwareprotect.com
??????????????? www.antiwareprotect.com
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 safebrowsing-cache.google.com
74.125.45.100 urs.microsoft.com
74.125.45.100 www.securesoftwarebill.com
74.125.45.100 secure.paysecuresystem.com
74.125.45.100 paysoftbillsolution.com
74.125.45.100 protected.maxisoftwaremart.com
67.230.163.203 www.google.com
67.230.163.203 google.com.au
67.230.163.203 www.google.com.au
67.230.163.203 google.be
67.230.163.203 www.google.be
67.230.163.203 google.com.br
67.230.163.203 www.google.com.br
67.230.163.203 google.ca
67.230.163.203 www.google.ca
67.230.163.203 google.ch
67.230.163.203 www.google.ch
67.230.163.203 google.de
67.230.163.203 www.google.de
67.230.163.203 google.dk
67.230.163.203 www.google.dk
67.230.163.203 google.fr
67.230.163.203 www.google.fr
67.230.163.203 google.ie
67.230.163.203 www.google.ie
67.230.163.203 google.it
67.230.163.203 www.google.it
67.230.163.203 google.co.jp
67.230.163.203 www.google.co.jp
67.230.163.203 google.nl
67.230.163.203 www.google.nl
67.230.163.203 google.no
67.230.163.203 www.google.no
67.230.163.203 google.co.nz
67.230.163.203 www.google.co.nz
67.230.163.203 google.pl
67.230.163.203 www.google.pl
67.230.163.203 google.se
67.230.163.203 www.google.se
67.230.163.203 google.co.uk
67.230.163.203 www.google.co.uk
67.230.163.203 google.co.za
67.230.163.203 www.google.co.za
67.230.163.203 www.google-analytics.com
67.230.163.203 www.bing.com
67.230.163.203 search.yahoo.com
67.230.163.203 www.search.yahoo.com
67.230.163.203 uk.search.yahoo.com
67.230.163.203 ca.search.yahoo.com
67.230.163.203 de.search.yahoo.com
67.230.163.203 fr.search.yahoo.com
67.230.163.203 au.search.yahoo.com


Thanks in advance!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:52 PM

Posted 18 October 2010 - 03:05 PM

Hello,Your Hosts File may be corrupted or blocking them.
Restore your default hosts file

Download the HostsXpert,

Unzip HostsXpert to your desktop

Open up the HostsXpert program.

* Make sure that the "make hosts writable?" button in the upper left corner is enabled.
* Click back up Host files
* then click "Restore MS Hosts File"
* close program

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 HKP2

HKP2
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:52 PM

Posted 20 October 2010 - 04:22 PM

Thanks so much for your help!

First, when we ran HostsXpert, we had some trouble writing over anything, backing up and restoring. After some trouble-shooting, we went to Explorer in Safe Mode, were able to access the Hosts security tab, and change the attributes - removing the R (read only) attribute. (we hadn't been able to do this using DOS commands.) Then we edited the Hosts file (it had LAST been modified the day the malware struck), and ran Hosts Xpert again.

At that point, everything was already 100% better - internet running faster again, the weird "go to Google Canada" was gone.

I ran ATF, fine.

I ran SuperAntispyware - 107 tracking cookies found.

As requested, here's the scan log.

So, so far so good! We'll see :thumbsup:) Thanks again!!

Heather


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/20/2010 at 02:02 PM

Application Version : 4.44.1000

Core Rules Database Version : 5719
Trace Rules Database Version: 3531

Scan type : Complete Scan
Total Scan Time : 02:27:17

Memory items scanned : 238
Memory threats detected : 0
Registry items scanned : 6011
Registry threats detected : 0
File items scanned : 69671
File threats detected : 107

Adware.Tracking Cookie
adsatt.espn.go.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
broadcast.piximedia.fr [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
cdn4.specificclick.net [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
core.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
ia.media-imdb.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
interclick.com [ C:\Documents and Settings\HP\Application Data\Macromedia\Flash Player\#SharedObjects\FC89SW2Y ]
m1.2mdn.net [ C:\Documents and Settings\HP\Application Data\Macromedia\Flash Player\#SharedObjects\FC89SW2Y ]
macromedia.com [ C:\Documents and Settings\HP\Application Data\Macromedia\Flash Player\#SharedObjects\FC89SW2Y ]
media-ti.pictela.net [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
media.kofytv.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
media.mtvnservices.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
media.scanscout.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
media1.break.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
mi.adinterax.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
msnbcmedia.msn.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
objects.tremormedia.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
oddcast.com [ C:\Documents and Settings\HP\Application Data\Macromedia\Flash Player\#SharedObjects\FC89SW2Y ]
s0.2mdn.net [ C:\Documents and Settings\HP\Application Data\Macromedia\Flash Player\#SharedObjects\FC89SW2Y ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
spe.atdmt.com [ C:\Documents and Settings\HP\Application Data\Macromedia\Flash Player\#SharedObjects\FC89SW2Y ]
static.2mdn.net [ C:\Documents and Settings\HP\Application Data\Macromedia\Flash Player\#SharedObjects\FC89SW2Y ]
udn.specificclick.net [ C:\Documents and Settings\Heather HP\Application Data\Macromedia\Flash

Player\#SharedObjects\FC89SW2Y ]
.liveperson.net [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.liveperson.net [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.tacoda.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.tacoda.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.tacoda.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.at.atwola.com [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.revsci.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
adserver.oneboxnet.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.advertise.com [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
counter.surfcounters.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
ads.smartadx.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.adbrite.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.adbrite.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.adbrite.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.yieldmanager.net [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
www.burstnet.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
www.burstbeacon.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.burstbeacon.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
in.getclicky.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.eyewonder.com [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.eyewonder.com [ C:\Documents and Settings\HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.adecn.com [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.revsci.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
.revsci.net [ C:\Documents and Settings\HP\Application Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite

]
pixel.invitemedia.com [ C:\Documents and Settings\Heather HP\Application

Data\Mozilla\Firefox\Profiles\b2eti2pe.default\cookies.sqlite ]

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:52 PM

Posted 20 October 2010 - 06:10 PM

Hi Heather ,looks much better.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

I want it to come back clean too.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users