Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Exploror Redirect


  • Please log in to reply
24 replies to this topic

#1 Veul

Veul

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 01 July 2013 - 07:33 PM

A lot of my internet explorer searches keep redirecting to spam pages and stuff like download adobe flash player keeps coming up. I am not going to touch anymore links but am I infected?



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 01 July 2013 - 07:49 PM

Hello -

Download Security Check by Screen317 from Here
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

 

I'd like you to scan your machine with ESET OnlineScan
1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

1.Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
2.Double click on the ESET Online Scanner icon on your desktop.

 

 4.Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:

Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual).
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

 

Thank You -



#3 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 01 July 2013 - 08:57 PM

Heres #1

 

 

 Results of screen317's Security Check version 0.99.68 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 10 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 JavaFX 2.1.1   
 Java™ 6 Update 31 
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player 11.7.700.224 
 Adobe Reader XI 
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 WinPatrol winpatrol.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
 BillP Studios WinPatrol WinPatrol.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 01 July 2013 - 09:37 PM

Please visit Java Site and update your Java.
Current version is Version 7 Update 25. Now remove all old versions from Programs and Features.

 

 

Update your Malwarebytes' Anti-Malware and run a Quick Scan only, then post the log back here.

 

 

Download SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, to Show Results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to reboot the computer after you post the log.

 

 

Please download Temp File Cleaner (TFC)  by Old Timer to delete unwanted Temp Files.
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK and reboot your computer to finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

No log is generated so there is nothing to post back -

 

 

 

Thanks -



#5 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 06:42 AM

Heres the ESETScan and wow I am pretty badly infected.

 

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Default\aaggdfgdgedadhddgdgedcgedeggdggc\background.js Win32/TrojanDownloader.Tracur.V trojan cleaned by deleting - quarantined
C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Users\helkcanmnagieadgaboenfllhfbgmoag\background.js Win32/TrojanDownloader.Tracur.AH trojan cleaned by deleting - quarantined
C:\Users\Elena\AppData\Local\Google\Chrome\User Data\Default\Users\helkcanmnagieadgaboenfllhfbgmoag\cs.js Win32/TrojanDownloader.Tracur.AH trojan cleaned by deleting - quarantined
C:\Users\Elena\AppData\Roaming\Mozilla\Firefox\Profiles\miunvj0j.default\extensions\rleajevvxz@rleajevvxz.org.xpi Win32/TrojanDownloader.Tracur.AD trojan deleted - quarantined
C:\Users\Elena\AppData\Roaming\Search Protection\SearchProtection.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Elena\AppData\Roaming\Search Protection\Uninstall.exe probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Elena\Downloads\DTLite4471-0333.exe Win32/OpenCandy application cleaned by deleting - quarantined
Operating memory a variant of Win32/TrojanDownloader.Tracur.AF trojan 
 



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 02 July 2013 - 06:52 AM

Well done -

So far we have cleaned a lot of garbage, and a few infections that needed removal.

 

Please continue with the listed steps and keep me updated with your computers problems -

 

Regards -



#7 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 06:57 AM

MBAM scan

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Elena :: DELL [administrator]

7/2/2013 7:56:00 AM
mbam-log-2013-07-02 (07-56-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226804
Time elapsed: 4 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#8 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 07:00 AM

Should I uninstall google chrome as it seems to be the root of the problem?

 

Do you also recommend I go in my appdata/local folder(which is invisible because I cant find it) and delete the folders on my own?



#9 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 07:03 AM

SAS Scan

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2013 at 08:04 AM

Application Version : 5.6.1020

Core Rules Database Version : 10580
Trace Rules Database Version: 8392

Scan type       : Quick Scan
Total Scan Time : 00:05:15

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 601
Memory threats detected   : 0
Registry items scanned    : 60258
Registry threats detected : 0
File items scanned        : 12359
File threats detected     : 191

Adware.Tracking Cookie
 .imrworldwide.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .imrworldwide.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 bridge.sf.admarketplace.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .admarketplace.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .flagcounter.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .histats.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .histats.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 click.livesearchnow.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediafire.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 click.searchwebresults.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .histats.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 accounts.youtube.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .invitemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .doubleclick.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .xiti.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 wmedia.rotator.hadj7.adjuggler.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .solvemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 uk.sitestat.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 uk.sitestat.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .server.cpmstar.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .server.cpmstar.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .server.cpmstar.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .server.cpmstar.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .accounts.google.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .accounts.google.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .stats.runashop.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .invitemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .findplex.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .findplex.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .care2.112.2o7.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .getclicky.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 in.getclicky.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .bizrate.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .flagcounter.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .2o7.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .adknowledge.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .adknowledge.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .adknowledge.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .adknowledge.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .atdmt.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .atdmt.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .c1.atdmt.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .liveperson.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .liveperson.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 server.iad.liveperson.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 server.iad.liveperson.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 track.prd.inpwrd.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .kontera.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .burstnet.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .247realmedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .burstnet.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 ad.yieldmanager.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 ad.yieldmanager.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .advertising.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .serving-sys.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .saymedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .saymedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .saymedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ru4.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .technoratimedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .technoratimedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .adtechus.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediaplex.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .apmebf.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .statcounter.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .stats.complex.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .stats.complex.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .stats.complex.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .e-2dj6wjmywhdzsfo.stats.esomniture.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .e-2dj6wjnysjcpalo.stats.esomniture.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ad.doubleclick.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .bs.serving-sys.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .saymedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediaplex.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .collective-media.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .collective-media.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .a1.interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .realmedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .zedo.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 statse.webtrendslive.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .media6degrees.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ru4.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .interclick.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .revsci.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .at.atwola.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .tacoda.at.atwola.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .tacoda.at.atwola.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .tacoda.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 a.intentmedia.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ar.atwola.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ads.pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .amazon-adsystem.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .amazon-adsystem.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ru4.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .serving-sys.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .invitemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .fastclick.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ru4.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ad.mlnadvertising.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .hearstmagazines.112.2o7.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .revsci.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .revsci.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .revsci.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .revsci.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .pro-market.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .invitemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .legolas-media.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .legolas-media.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .msnbc.112.2o7.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ads.pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ads.pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ads.pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ads.pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ads.pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .ads.pointroll.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .gntbcstglobal.112.2o7.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .questionmarket.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 accounts.google.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 accounts.google.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .doubleclick.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .gametracker.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 click.sureonlinefind.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 click.sureonlinefind.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .media6degrees.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .media6degrees.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .media6degrees.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .media6degrees.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .media6degrees.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .casalemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .casalemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .casalemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .questionmarket.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .questionmarket.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .realmedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 network.realmedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 ad.yieldmanager.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .at.atwola.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 ad.yieldmanager.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .advertising.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .advertising.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .clickbank.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .clickbank.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .casalemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .casalemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .burstnet.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 stats.adotube.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .solvemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .solvemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .solvemedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediafire.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .collective-media.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .collective-media.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .collective-media.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .collective-media.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .lucidmedia.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediafire.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 track.adform.net [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediafire.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediafire.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .mediafire.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .advertising.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .advertising.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .advertising.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .tribalfusion.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .serving-sys.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .serving-sys.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .serving-sys.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 .serving-sys.com [ C:\USERS\ELENA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]



#10 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 07:08 AM

TFC didn't delete anything. It opened for a few seconds and 0 bytes of temp files were deleted.



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 02 July 2013 - 07:20 AM

TFC didn't delete anything. It opened for a few seconds and 0 bytes of temp files were deleted.

Very odd unless you have run CCleaner twice for Nothing to be removed ??

I run it weekly and remove a bit each time - But ........

 

I have never been a Chrome fan, so if asked, I would say to remove Chrome and use I.E. for a while -

 

SAS removed about the usual amount of Tracking Cookies that you would expect, please re-run it again -

 

How are your problems at this time, and have they inproved at all -

 

Thanks -


Edited by noknojon, 02 July 2013 - 07:22 AM.


#12 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 11:44 AM

TFC deleted 42mb this time around however I am still getting random redirects with IE. That is only with some of the older websites though.


Edited by Veul, 02 July 2013 - 11:46 AM.


#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:58 AM

Posted 02 July 2013 - 05:22 PM

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Download AdwCleaner by Xplode,
NOTE:Close all open programs including your browser while the program runs.
To launch it click on Delete
NOTE : Your computer will be Rebooted after the scan completes.
A log should be generated after reboot ,post it here.

 

 

Please download Junkware Removal Tool by thisisu to your desktop
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

 

Thanks -


Edited by noknojon, 02 July 2013 - 05:28 PM.


#14 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 07:06 PM

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Invalid arguments ignored: InternetFiles\Content.IE5\TOZVOS5B\rkill.exe

Program started at: 07/02/2013 08:08:05 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 07/02/2013 08:08:49 PM
Execution time: 0 hours(s), 0 minute(s), and 43 seconds(s)



#15 Veul

Veul
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:04:58 PM

Posted 02 July 2013 - 07:13 PM

I cant find the ADW log. I recall when a another employee of this forum nasdaq helped, I was instructed to find a log in my C-Drive.

 

Anyway heres JRT.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Elena on Tue 07/02/2013 at 20:17:26.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Elena\appdata\locallow\couponalert_2pei"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/02/2013 at 20:20:34.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

I keep seeing remnants of visualbee is this still on my computer somewhere? 


Edited by Veul, 02 July 2013 - 08:49 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users