Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect problem


  • Please log in to reply
7 replies to this topic

#1 Trick3x

Trick3x

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 14 June 2011 - 06:55 PM

Hello all! I am new to this forum and i came here because im having a very annoying and worrysome problem. the problem is that i get redirected all the time when using google to browse the web. this first started happening a couple days ago to my knowledge. I have avast! malwarebytes and spybot search and destroy on my computer. I just finished a spybot scan and it came up with one spybot "double click" i promptly fixed that problem. i also ran a malware scan which detected a few things which i fixed i guess. my avast scan came up clean. i uninstalled firefox and reinstalled the latest version but im still getting redirected. help me get this annoying bug out of my system. thanks in advance. I use a windows 7 OS.
edit: the strange thing is it doesn't redirect sites that i visit frequently andso far it only happens on google. It redirects me once then when i back out and try again it lets me through.

Edited by Trick3x, 14 June 2011 - 08:23 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:50 PM

Posted 18 June 2011 - 09:03 PM

Hello and welcome. sorry for your wait.
We need to disable Spybot S&D's "TeaTimer" if running.
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy



Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.4.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, [color="#8B0000"]Post new scan log
and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Trick3x

Trick3x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 18 June 2011 - 10:26 PM

tdds killer detected nothing. i opened it with firefox did that effect anything? regardless, it still detected nothing and this is extremly worrying.the PC seems to be running about the same as it was the speed and everything is exactly the same. is it possible this might be a trojan? god i hope not as I DO NOT want to format my hardrive. that would suck.

malwarebytes log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6893

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/18/2011 10:34:11 PM
mbam-log-2011-06-18 (22-34-11).txt

Scan type: Quick scan
Objects scanned: 171993
Time elapsed: 5 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Trick3x, 18 June 2011 - 10:36 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:50 PM

Posted 18 June 2011 - 10:32 PM

MBAM also came up clean?
Are you on a router? Are there others on it and do they redirect?

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


I'll look back in the morning.

Edited by boopme, 18 June 2011 - 10:33 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Trick3x

Trick3x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 18 June 2011 - 11:04 PM

goored log:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:59 on 18/06/2011 (Sean)
Firefox version 4.0.1 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Sean\Application Data\Mozilla\Firefox\Profiles\j3bhosn1.default\extensions\{6f2f17b6-17d4-4fdb-8fe2-d76936ac9d09}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:35 14/06/2011]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [22:17 21/01/2011]
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [19:00 20/07/2010]

C:\Users\Sean\Application Data\Mozilla\Firefox\Profiles\j3bhosn1.default\extensions\
{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [04:58 25/12/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext" [19:21 05/08/2010]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [03:53 15/06/2010]

-=E.O.F=-

before i scan with SAS i need to be certain about the precise instructions you gave me. when you say to make sure to check :
Close browsers before starting
scan for tracking cookies
terminate memory threats before quarentining

did you mean to uncheck all of the other options under scanning controls? i need to know this as i am unfamiliar with SAS and i don't want to do damage i can avoid. call me paranoid.

also i did a few searches on google and out of 20 searches i got redirected 0 times fixed? usually it would hijack me everytime...except to places i went to often.
and: what do i do with these programs after i use them? do i delete them? save them? will they run with my current software setup? (anti virus/ anti malware/ anti spyware?)
one more thing...i was looking at your tutorials for identifying hackers and how to tell if you have been hack....are those still viable? i would like to know more about these things so i can be prepared in the future





edit: here's my sas log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/19/2011 at 02:35 AM

Application Version : 4.54.1000

Core Rules Database Version : 7287
Trace Rules Database Version: 5099

Scan type : Complete Scan
Total Scan Time : 02:36:54

Memory items scanned : 751
Memory threats detected : 0
Registry items scanned : 13752
Registry threats detected : 0
File items scanned : 201967
File threats detected : 165

Adware.Tracking Cookie
.pro-market.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pro-market.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.game-advertising-online.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.videoegg.adbureau.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.insightexpressai.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
comedians.jokes.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.viacom.adbureau.net [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adxpose.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstbeacon.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstbeacon.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.media.medhelp.org [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.legolas-media.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adecn.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.specificmedia.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
user.lucidmedia.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
wstat.wibiya.com [ C:\Users\Sean\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
C:\Users\Sean\AppData\Local\Temp\Low\Cookies\sean@ad.wsod[2].txt
C:\Users\Sean\AppData\Local\Temp\Low\Cookies\sean@apmebf[1].txt
C:\Users\Sean\AppData\Local\Temp\Low\Cookies\sean@atdmt[2].txt
C:\Users\Sean\AppData\Local\Temp\Low\Cookies\sean@doubleclick[1].txt
C:\Users\Sean\AppData\Local\Temp\Low\Cookies\sean@mediaplex[2].txt
C:\Users\Sean\AppData\Local\Temp\Low\Cookies\sean@msnportal.112.2o7[1].txt
ads2.msads.net [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
cdn.insights.gravity.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
cdn2.themis-media.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
cdn4.specificclick.net [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
content.oddcast.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
convoad.technoratimedia.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
convoad.technoratimedia.net [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
crackle.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
crackvids.smartvideochannel.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
i.adultswim.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
ia.media-imdb.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
img-cdn.mediaplex.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
media.ign.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
media.kmov.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
media.mtvnservices.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
media.noob.us [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
media.scanscout.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
media1.break.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
media10.washingtonpost.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
msnbcmedia.msn.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
objects.tremormedia.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
s0.2mdn.net [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
secure-us.imrworldwide.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
spe.atdmt.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
www.naiadsystems.com [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
www.vomedia.tv [ C:\Users\Sean\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\XDD3FA3K ]
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@2o7[4].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@a1.interclick[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ad.bodybuilding[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ad.wsod[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ad.wsod[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ad.wsod[4].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adinterax[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adinterax[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adlegend[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.addynamix[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.adultswim[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.associatedcontent[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.gmodules[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.good[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.intergi[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.pointroll[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.pointroll[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.pubmatic[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ads.undertone[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adserving.contextualmarketplace[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adtech[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adultfriendfinder[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adultswim[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@advertising.sheknows[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@adxpose[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@atdmt[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@bannertgt[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@blogtrafficexchange[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@burstnet[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@cdn1.trafficmp[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@collective-media[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@collective-media[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@collective-media[4].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@dc.tremormedia[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@doubleclick[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@eas.apm.emediate[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@ext-us.bestofmedia[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@eyewonder[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@fastclick[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@game-advertising-online[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@games.adultswim[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@gr.burstnet[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@hpi.rotator.hadj7.adjuggler[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@imrworldwide[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@imrworldwide[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@imrworldwide[4].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@imrworldwide[5].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@interclick[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@interclick[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@interclick[4].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@invitemedia[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@invitemedia[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@invitemedia[4].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@invitemedia[5].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@invitemedia[6].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@invitemedia[7].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@invitemedia[8].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@kanoodle[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@legolas-media[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@lfstmedia[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@lucidmedia[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@lucidmedia[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@media.adfrontiers[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@media.photobucket[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@media6degrees[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@media6degrees[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@media6degrees[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@mediabrandsww[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@mediabrandsww[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@mediabrandsww[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@mediabrandsww[4].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@mediaplex[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@metroleap.rotator.hadj7.adjuggler[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@mm.chitika[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@overture[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@pointroll[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@pointroll[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@pro-market[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@pro-market[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@pro-market[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@rotator.hadj7.adjuggler[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@server.cpmstar[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@sesamestats[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@smartadserver[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@specificmedia[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@specificmedia[3].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@teennick[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@themis-media[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@traffic.outbrain[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@trafficmp[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@twistysexposed[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@user.lucidmedia[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@www.blogtrafficexchange[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@www.googleadservices[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\Low\sean@www.twistysexposed[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\sean@ad.wsod[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\sean@ads.pointroll[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\sean@atdmt[2].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\sean@media6degrees[1].txt
C:\Users\Sean\AppData\Roaming\Microsoft\Windows\Cookies\sean@pointroll[2].txt

Edited by Trick3x, 19 June 2011 - 11:34 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:50 PM

Posted 20 June 2011 - 07:48 PM

OK, I lost this email...
This looks good now. So if there are no other issues ... Yes you can remove all. Tho I suggest keeping MBAm and updating and scanning at least once a week.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Trick3x

Trick3x
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 21 June 2011 - 01:06 AM

ok i have windows 7 and i am not seeing the option to create a new restore point. however after cleaning my system i did install a windows update that created a new restore point and I backed up all of my files on a couple dvds. is that sufficent?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:50 PM

Posted 21 June 2011 - 10:30 AM

That will be OK.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users