Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

something is redirecting my internet pages


  • Please log in to reply
28 replies to this topic

#1 jeffw11

jeffw11

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 13 May 2011 - 08:54 PM

I had a "XP Home Security 2011" virus and used malwarebytes to remove it. My computer seems to run good again except that:

1.) alot of my web pages are redirected somewhere else.
2.) I have automatic updates turned on but I have a red shield stating that automatic updates is turned off.

Is there something I can do to correct these problems and do I have any other problems lurking that I'm not aware of?

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 PM

Posted 13 May 2011 - 08:58 PM

Can you post the logs from Malwarebytes?

#3 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 13 May 2011 - 09:15 PM

I ran superantispyware first and that cleaned up alot and then ran malwarebytes. Here are the logs.



SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2011 at 06:56 AM

Application Version : 4.52.1000

Core Rules Database Version : 7036
Trace Rules Database Version: 4848

Scan type : Complete Scan
Total Scan Time : 00:33:12

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 7105
Registry threats detected : 4
File items scanned : 24146
File threats detected : 286

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\erik tri\Cookies\erik_tri@burstnet[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@pointroll[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@lfstmedia[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@a1.interclick[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@specificclick[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@content.yieldmanager[5].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ru4[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@e-2dj6wnloghc5igp.stats.esomniture[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.burstnet[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@mediaplex[6].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@trafficmp[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@stats.townnews[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@doubleclick[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.burstbeacon[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@advertising[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@liveperson[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@liveperson[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@adxpose[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@eyewonder[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@server.cpmstar[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@adserving.autotrader[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@casalemedia[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@tacoda.at.atwola[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@adbrite[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@media6degrees[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@bassproshops.122.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@adserver.adtechus[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@banners.archerytalk[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@kitaramedia.122.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@educationcom.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@collective-media[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@viacom.adbureau[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@apmebf[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@at.atwola[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@foxinteractivemedia.122.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@gandermountain.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@bs.serving-sys[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@imrworldwide[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@invitemedia[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@burstbeacon[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@kontera[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@zedo[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.gamesbannernet[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@tribalfusion[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@insightexpressai[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@liveperson[6].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@zedo[6].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@knowledgeadventure.122.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@atdmt[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@zedo[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@msnbc.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@questionmarket[5].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@citi.bridgetrack[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@adtech[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@leeenterprises.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ad.wsod[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@lucidmedia[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.pointroll[8].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@fastclick[7].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@counters.gigya[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@rotator.adjuggler[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@serving-sys[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@media.mtvnservices[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@pro-market[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@atdmt[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ad.yieldmanager[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@forum.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@network.realmedia[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@statse.webtrendslive[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@atdmt.combing[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@invitemedia[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.intergi[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@user.lucidmedia[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@e-2dj6wgl4qkcjibo.stats.esomniture[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@liveperson[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@hpi.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.qsstats[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@insightexpressai[5].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@cdn4.specificclick[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@doubleclick[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@revsci[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@target.db.advertising[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@specificclick[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@realmedia[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@legolas-media[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@specificmedia[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@atdmt[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.addynamix[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@msnportal.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@traffic.prod.cobaltgroup[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.googleadservices[5].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.cartoonnetwork[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@liveperson[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@electronicarts.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@statcounter[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@mediabrandsww[4].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@mm.chitika[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.undertone[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ads.pubmatic[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@roiservice[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@paypal.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.find-quick-results[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@hitbox[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@walmart.112.2o7[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.useekufind[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@clickbank[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@stats.paypal[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@in.getclicky[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@dc.tremormedia[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.useekufind[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@sales.liveperson[3].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@content.yieldmanager[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@interclick[6].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@richmedia.yahoo[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@gsicace.112.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@www.googleadservices[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@liveperson[7].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@dmtracker[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@bridge2.admarketplace[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@advertise[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@account.live[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@admarketplace[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@server.iad.liveperson[6].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@ehg-verizon.hitbox[2].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@liveperson[9].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@interchangecorporation.122.2o7[1].txt
C:\Documents and Settings\erik tri\Cookies\erik_tri@burstbeacon[1].txt
.doubleclick.net [ C:\Documents and Settings\erik tri\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
bridge2.admarketplace.net [ C:\Documents and Settings\erik tri\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.admarketplace.net [ C:\Documents and Settings\erik tri\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
www.find-quick-results.com [ C:\Documents and Settings\erik tri\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.advertise.com [ C:\Documents and Settings\erik tri\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WW3MD9P4 ]
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WW3MD9P4 ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WW3MD9P4 ]
msnbcmedia.msn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WW3MD9P4 ]
objects.tremormedia.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WW3MD9P4 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\WW3MD9P4 ]
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\LocalService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@media2.legacy[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.bighealthtree[1].txt
C:\Documents and Settings\LocalService\Cookies\system@p221t1s4356054.kronos.bravenetmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@www.findeven[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertise[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ru4[2].txt
C:\Documents and Settings\LocalService\Cookies\system@momfinds[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.react2media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@beacon.dmsinsights[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.blogtalkradio[1].txt
C:\Documents and Settings\LocalService\Cookies\system@urlmediasuite--multicastmedia--com.rtrk[1].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficengine[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@d.mediaforge[2].txt
C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@cdn.eyewonder[2].txt
C:\Documents and Settings\LocalService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaforge[1].txt
C:\Documents and Settings\LocalService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising.sheknows[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.momfinds[1].txt
C:\Documents and Settings\LocalService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@clickbank[2].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@trafficking.nabbr[1].txt
C:\Documents and Settings\LocalService\Cookies\system@advertising[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.cpxadroit[2].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[1].txt
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\K4F5ASSB ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\K4F5ASSB ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\K4F5ASSB ]
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.seekfinds[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@madethecut.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.finditch[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.trackimizer[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.trackimizer[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@sales.liveperson[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@click.fastpartner[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.findstuff[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficengine[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertisefirst[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.boltfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertisefirst[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksthe[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizrate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@discountofficeitems[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lzjl[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@upperadvertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@solvemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@vehicletrackingdevice[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fleettrackingdirect[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@network.realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@microsoftwlsearchcrm.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficneeds[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@segment-pixel.invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt

Rogue.AntiMalwareDoctor
HKU\S-1-5-21-2712590741-3750482822-1513552895-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor
C:\Documents and Settings\erik tri\Application Data\A9429B98AA709B6CF09BBD7188355F91

Disabled.TaskManager
HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR







Malwarebytes log:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6560

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/12/2011 4:35:01 PM
mbam-log-2011-05-12 (16-35-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 221434
Time elapsed: 23 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\CMVideoPlugin (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 PM

Posted 13 May 2011 - 10:06 PM

Follow this: http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor

#5 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 May 2011 - 08:51 AM

downloaded rkill but nothing happens when I run it. No black box showing what is going on. I can only run it in safemode. do I go ahead in safe mode?

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 PM

Posted 15 May 2011 - 08:54 AM

better yer follow this guide: http://www.bleepingcomputer.com/virus-removal/remove-antimalware-doctor

#7 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 May 2011 - 10:16 AM

Followed the guide but had to do it in safe mode. I had 1 infected file after running malwarebytes, removed it and rebooted. Automatic Updates still is showing that it is not turned on but it really is on. Anything else I need to do?

web pages haven't been redirected yet.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 PM

Posted 15 May 2011 - 10:21 AM

Run the scans in regular mode.

#9 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 May 2011 - 10:24 AM

This is the last mbam log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6585

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/15/2011 10:04:04 AM
mbam-log-2011-05-15 (10-04-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 232690
Time elapsed: 12 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\erik tri\my documents\downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.




Still have problems. When I do a google search and click on the link, I do not get to the search page that I want, I get redirected elsewhere.

Is it time to wipe the computer and start from scratch or do I have other options?

Thanks.

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 PM

Posted 15 May 2011 - 10:30 AM

Run the scans in regular mode please.

#11 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 May 2011 - 11:27 AM

here is my mbam log run in regular mode:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6585

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2011 11:23:45 AM
mbam-log-2011-05-15 (11-23-45).txt

Scan type: Full scan (C:\|)
Objects scanned: 226028
Time elapsed: 24 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Was unable to run rKill first as it will not run in regular mode.

As for web pages, something is still redirecting some of them. Not sure what.

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 PM

Posted 15 May 2011 - 11:36 AM

Can you rerun super anti-spyware?

#13 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 May 2011 - 11:44 AM

when i do google searches, I seem to be redirected to STOPzilla website alot.

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:02:14 PM

Posted 15 May 2011 - 11:50 AM

What browser are you using?

#15 jeffw11

jeffw11
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 May 2011 - 11:56 AM

chrome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users