Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect?


  • Please log in to reply
27 replies to this topic

#1 Marshwiggle

Marshwiggle

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 16 April 2011 - 12:56 PM

Hello,
I am new to this site and believe my PC is infected with the Google Redirect Virus.

When I do a Google search, and click on a result, I am redirected to another page other than the result I chose.

I have tried using RKill and MalwareBytes, Symantec's FixTDSS, and TDSSKiller, but nothing is being detected. And now on reboots, I am getting a RunDLL error.

Can anyone help me?

Thanks in advance,
Marshwiggle

BC AdBot (Login to Remove)

 


#2 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 16 April 2011 - 01:00 PM

Sorry, I forgot to add that I am running Windows XP Professional Service Pack 3, and using Internet Explorer 8, and Mozilla Firefox 3.6.16

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 AM

Posted 16 April 2011 - 10:04 PM

Hello, have you updated MBam (MalwareBytes)? I have to ask.

have you run,Rkill/MBAM from Safe Mode?

Are you using a router?

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 06:05 AM

I have updated MBam, but have not tried running RKill and MBam from safe mode. Should I try that?

I do also have a Linksys Router. Do I need to reboot the router?

As far as the ESET scanner is concerned, I have Norton Security Suite (Comcast provides). When I right-click on the icon in the system tray, I get an option that says "disable antivirus auto-protect"... is that sufficient, or do I need to do more to disable before I scan?

Should I try the suggestions in the order you posted (ie safe mode MBam), or go ahead and disable the Norton and try the ESET scanner?

Thanks so much for your help!

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 AM

Posted 17 April 2011 - 12:21 PM

It may be the easiest to do the safe mode scan and see if it clears things up. You should try the "disable antivirus auto-protect"... so we know thats not intererring.

If still not working then.. Your router is hijacked by trojan DNS-hijacker.

  • Please read this: Malware Silently Alters Wireless Router Settings

  • Then reset your router to it's factory default settings:

    "If your machine has been infected by one of these Zlob/DNSchanger Trojans, and your router settings have been altered, I would strongly recommend that you reset the router to its default configuration. Usually, this can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds)"


  • This is the difficult part.
    First get to the routers server. To do that open Internet Explorer and type http:\\192.168.1.1 in the address bar and click Enter. You get the log in window.
    Fill in the password you have already found and you will get the configuration page.
    Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard. But you have to fill in the log in password your ISP has initially given to you.
    You can also call your ISP if you don't have your initial password.
    Don't forget to change the routers default password and set a strong password. Note down the password and keep it somewhere for future reference.


After I would still run the ESER scan... thwn turn Norton back on.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 01:42 PM

Boopme, I have run the RKill and the Malwarebytes in safe mode... showed no infections.... (I forgot to say that the first time I ran Malwarebytes, it found something called "Gamevance", I will paste the MBam log below... But it didn't seem to stop the redirects, although they do not seem to be happening now - maybe shutting down the router and deleting temp files helped?)
Anyway, here is the MBAM log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6370

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/15/2011 6:20:33 PM
mbam-log-2011-04-15 (18-20-33).txt

Scan type: Quick scan
Objects scanned: 153061
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

Then I ran the ESET scan and here is what I got:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=2d1d9dc80d3d2b4d881326d80bbcb308
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-17 06:22:12
# local_time=2011-04-17 02:22:12 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3584 16777191 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=185827
# found=5
# cleaned=0
# scan_time=7417
C:\Documents and Settings\Felder Family\Application Data\Sun\Java\Deployment\cache\6.0\34\c669a2-4c4a34e2 probably a variant of Java/Agent.AF trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Felder Family\Desktop\OldDDriveBackup\Setup2\AudioExtractor.exe Win32/Adware.WhenU.SaveNow application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Felder Family\Desktop\OldDDriveBackup\Setup2\Install_AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I
G:\OldDDriveBackup\Setup2\AudioExtractor.exe Win32/Adware.WhenU.SaveNow application (unable to clean) 00000000000000000000000000000000 I
G:\OldDDriveBackup\Setup2\Install_AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I

PS My computer is suddenly running extremely slow....so many programs run lately to try to get rid of this stuff, seems to have wreaked havoc with my system...

Please let me know if I can do anything more to get things back to normal

Thanks in advance!
Marshwiggle

#7 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 01:46 PM

On second thought, scratch that about it not happening anymore... I just opened Google and got redirected again :(

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 AM

Posted 17 April 2011 - 02:28 PM

Ok, you said you ran TDSS Killer and it found nothing?

Are you still getting a RunDLL error?

Let's run this small tool and if still redirecting then reset the router.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 02:52 PM

Yes, I ran TDSS and found nothing...

The run dll error does not come up anymore because I went into MSConfig and unchecked the file (orahuwud.dll) in the start-up because I couldn't find any info about it anywhere...and it seemed suspicious... I can reproduce the error though by re-checking it... the error was: rundll error, error loading C:\WINDOWS\orahuwud.dll, could not find module. I figured it would speed up the boot process if it didn't keep trying to find it...any idea what it is?

I already reset my router...

I will try the GooredFix...

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 AM

Posted 17 April 2011 - 03:07 PM

Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message.
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 03:13 PM

Here is the GooredFix log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:08 on 17/04/2011 (Felder Family)
Firefox version 3.6.16 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{9DDBD170-E666-4050-8862-A90B44AB94EF} -> Success!
Deleting C:\Documents and Settings\Felder Family\Local Settings\Application Data\{9DDBD170-E666-4050-8862-A90B44AB94EF} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:19 01/08/2008]
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [19:36 18/09/2009]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [17:42 18/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [19:34 31/03/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [19:26 27/11/2009]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [12:58 08/10/2010]
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [16:19 25/12/2010]

C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [23:10 27/04/2010]
{dd3d7613-0246-469d-bc65-2a3cc1668adc} [11:07 25/03/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [22:32 10/08/2009]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\" [13:19 11/05/2010]
"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\" [13:20 11/05/2010]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [19:25 27/11/2009]

-=E.O.F=-
It ran awfully quickly...
Thanks so much for spending so much time helping me, by the way... oh, and I know exactly where the registry entry is for the missing file... although, I am not sure I feel comfortable deleting it...
I will try the Autoruns...

#12 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 03:38 PM

Well, the autoruns helped, and it did stop the error... thank you!

Computer is still running slowly though... hopefully as I do some maintenance and Windows updates it will get back into shape...

Still don't know if the redirects are happening though... it only happens randomly throughout the day anyway... did you see anything in the GooredFix log that indicates it removed any malware?

Again, I can't tell you how much I appreciate your time... this is such a great site!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:31 AM

Posted 17 April 2011 - 04:38 PM

Ok, run another tool. You can remove them after we are done, Ialso have another step but want to wait to see if the redirects stop.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

NOTE: There have been reported problems with FireFox not loading pages properly after running ATF to clean the Firefox cache and download history. The glitch occurs if you have Firefox opened to Bleepingcomputer or other web sites while clearing the Firefox cache with ATF Cleaner. Close FF before running ATF. If ATF was run while the browser was open and OP reports problems, have them use FF itself afterwards to clear the cache.

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
Close all open browsers before using, especially FireFox. <-Important!!!
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 06:06 PM

boopme,

I am posting from my laptop because the Super scan is going on my desktop. It may be a while, so I may just let it run and check it in the morning. I have 2 drives on that PC and both are large and pretty full... and I have 4 grueling 13 hour work days coming up, so I may not be able to address this any further until Thursday, but if the scan is done this evening before I turn in, I will post the log... but amazingly it has found 119 threats already!

2 trojans and 117 adware tracking cookies!

I was not able to run the scan in safe mode... a message came up saying "you cannot run this in safe mode" LOL

At any rate, it is running... and I will post the log when it is done, and then follow up with you in a few days if that is okay...

Thanks soooooooooooo much again!

#15 Marshwiggle

Marshwiggle
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:01:31 AM

Posted 17 April 2011 - 07:07 PM

Here is the log from Super:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/17/2011 at 07:49 PM

Application Version : 4.50.1002

Core Rules Database Version : 6858
Trace Rules Database Version: 4670

Scan type : Complete Scan
Total Scan Time : 01:28:28

Memory items scanned : 589
Memory threats detected : 0
Registry items scanned : 8981
Registry threats detected : 0
File items scanned : 120424
File threats detected : 138

Adware.Tracking Cookie
a.ads2.msads.net [ C:\Documents and Settings\Felder Family\Application Data\Macromedia\Flash Player\#SharedObjects\H6GK6S7G ]
.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.bizzclick.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.mm.chitika.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.specificmedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.technoratimedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
www.googleadservices.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.steelhousemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.eset.122.2o7.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
bridge2.admarketplace.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.admarketplace.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.theclickcheck.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.theclickcheck.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
pixel.invitemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.microsoftsto.112.2o7.net [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Felder Family\Application Data\Mozilla\Firefox\Profiles\jrjfx5dt.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Documents and Settings\Felder Family\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Trojan.Unclassified/Dropper-IExplorer
C:\DOCUMENTS AND SETTINGS\FELDER FAMILY\DESKTOP\IEXPLORER.EXE

Trojan.Agent/Gen-Cryptor[Egun]
C:\DOCUMENTS AND SETTINGS\FELDER FAMILY\DESKTOP\OLDDDRIVEBACKUP\SETUP2\MOVIE PLAYER\TMD_MOVIE_PLAYER.EXE

The last two listed as Trojans, are programs... in fact IExplorer is actually RKill... I read somewhere that you should rename it....
Anyway, the rest were removed.

I guess it did not scan my extra drive, maybe I didn't have it checked...still, it took over an hour just to do C

Anyway, I will keep you posted as I can, and I will definitely check back as I can to see if you replied. And I will post if I am redirected again, and let you know right when it happens....
Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users