Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Yes, I have a problem

  • Please log in to reply
6 replies to this topic

#1 dudewillabide


  • Members
  • 30 posts
  • Local time:02:10 PM

Posted 05 May 2011 - 09:09 PM

Greetings Bleeping Computer!

I know something is wrong with my pc, and this is the first time I have ever experienced this particular situation.

I was on a forum I go to all the time, and suddenly AVG had a pop up that it detected something. I should have paid

more attention to it, but selected it to fix it. That is when it all started. I am struggling trying to get this

message to you now..

Running XP Pro, SP 3, AVG Free version and installed and ran MalwareBytes once I realized something was wrong.

Both AVG and MB detected Trojans and registry issues. But, the programs also informed me that the issues were

deleted or whatever the programs do.

Upon re-boot, the problem continued. Regardless of running IE or FireFox, I get redirected once I select a search


I noticed that mss appears in the AVG search toolbar, which is weird.

So, I search for Bleeping Computer and the results show up and there you guys are!

I select your site, but the pc immediately redirects to the following:

and when I get it all to stop it ends up on

I rebooted to try to get to you guys, then the pc displayed that I don't have a firewall on.. I checked the Windows

Firewall and sure enough it is on.

So, my PC is compromised. The only thing on this PC that I really care about is the family pics from vacations

etc.. I will now burn DVDs from here on out.

Any ideas?

The Dude
Oceanside, Ca

BC AdBot (Login to Remove)


#2 dudewillabide

  • Topic Starter

  • Members
  • 30 posts
  • Local time:02:10 PM

Posted 08 May 2011 - 10:20 AM

I see the BC crew is busy as always.

I was considering pulling the hard drive, and scanning it with another PC.

Is this a viable way to clean up a hard drive? I was thinking at least this way, the PC is not starting the OS so whatever is on the hard drive should not start?

I'm gonna read how to set up my PCs too...

Still have the problem.

#3 dudewillabide

  • Topic Starter

  • Members
  • 30 posts
  • Local time:02:10 PM

Posted 08 May 2011 - 09:56 PM

Tonight I scanned the hard drive in question with it connected via USB adapter to another PC.

I ran MalwareBytes, nothing found.

I ran AVG Free, found one digital certificate from Pinnacle Studio out of date.

I'll go re-install it now and fire it up and see what happens.

I apologize for jumping the gun, you folks are VERY busy and I was hoping to eliminate the issue myself.

We will see.

Dude abiding..

#4 dudewillabide

  • Topic Starter

  • Members
  • 30 posts
  • Local time:02:10 PM

Posted 09 May 2011 - 01:35 PM

Well, my feeble attempt to solve the issue appears to have failed.

I re-installed the hard drive, fired up the rig and went on the internet.

I think I was using Firefox, and bango I get redirected to Walmart survey site.

I did update to the latest FireFox, and I believe I am running IE8.


#5 Computerproblem101


  • Members
  • 140 posts
  • Local time:04:10 PM

Posted 09 May 2011 - 01:50 PM

Hi Dudewillabide, I'm very sorry for the slow response to your request for assistance, please note that we don't overlook topics, but we do get very busy at times. I'm going to ask you to run Superantispyware. Please try to manage to get yourself to Http://www.superantispyware.com - download and update the program, boot the PC into safe mode and run the full scan. Remove any infections found, reboot the PC and show me the log. Thank you for your cooperation

- CP101

#6 dudewillabide

  • Topic Starter

  • Members
  • 30 posts
  • Local time:02:10 PM

Posted 10 May 2011 - 09:58 PM

Scanned NOT in Safe Mode first by accident: found 131 adware
Then Scanned in Safe Mode: found 18

Rebooted, went to IE8 and typed in bleepingcomputer and got IMMEDIATELY redirected.

First scan results: NOT IN SAFE MODE (by accident)

SUPERAntiSpyware Scan Log

Generated 05/10/2011 at 06:21 PM

Application Version : 4.52.1000

Core Rules Database Version : 7029
Trace Rules Database Version: 4841

Scan type : Complete Scan
Total Scan Time : 00:21:35

Memory items scanned : 434
Memory threats detected : 0
Registry items scanned : 6013
Registry threats detected : 0
File items scanned : 17914
File threats detected : 131

Adware.Tracking Cookie
C:\Documents and Settings\General Shop\Cookies\general_shop@ad.yieldmanager[2].txt
C:\Documents and Settings\General Shop\Cookies\general_shop@ads.bleepingcomputer[2].txt
C:\Documents and Settings\General Shop\Cookies\general_shop@doubleclick[1].txt
C:\Documents and Settings\General Shop\Cookies\general_shop@collective-media[1].txt
C:\Documents and Settings\General Shop\Cookies\general_shop@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\General Shop\Cookies\general_shop@atdmt[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\VYT8C3K7 ]
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickkick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@g-pixel.invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.boltfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksthis[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.321findit[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clickbowl[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@segment-pixel.invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt

Second Scan in Safe Mode:

SUPERAntiSpyware Scan Log

Generated 05/10/2011 at 07:34 PM

Application Version : 4.52.1000

Core Rules Database Version : 7029
Trace Rules Database Version: 4841

Scan type : Complete Scan
Total Scan Time : 00:39:44

Memory items scanned : 218
Memory threats detected : 0
Registry items scanned : 6007
Registry threats detected : 0
File items scanned : 18086
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@solvemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt

I know you folks are really busy. I am thinking of how I can really get away from this mess of getting hijacked/hacked/tracked...

Maybe just turn it all off, and live life...??? NO.....

Thanks for the help... I gotto go get some beauty sleep,,,, I need it..


#7 dudewillabide

  • Topic Starter

  • Members
  • 30 posts
  • Local time:02:10 PM

Posted 14 May 2011 - 01:31 AM

Close this Post please...

I decided to pull the hard drive and replace it. The files on the original hard drive that I want are family photos and some CAD stuff. I'll pull them off of the hard drive using a USB type connection device. Scan it and move on

I am very bummed toward those that work so hard to make using the Internet so risky.. I don't get it.. Sure, hate Microsoft.. but don't hate me... I'm just trying to live a life...

You guys are very busy... too busy IMHO....

Bleeping Computer Folks... I trust you guys..

I am thinking about joining the fight for FREE internet usage without retaliation...

I just don't get it...

The Dude will abide...................

Edited by dudewillabide, 14 May 2011 - 01:31 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users