Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Posible virus infection need help determining


  • Please log in to reply
16 replies to this topic

#1 vanlierdechad

vanlierdechad

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 14 May 2010 - 05:54 PM

A few days ago I ran into a virus that made my computer go totally out of control I recived dozens of balloon pop ups warning me that my computer was infected with viruses and that i had to buy this anti virus software to get rid of them. I managed to get into the admin account that was created when windows was installed and ran spy bot S&D it found 10 entries of what it called fraud anti virus. spy bot S&D reported it removed them. Q also ran panda online anti virus, trend micro house call and bit defender online anti virus and hijack this and posted the log to hijack this log analyzer V2 but it did not find anything threatening. the only thing that was found after all this was 19 cookies that i got rid of. I did get control of the pop ups and that has stopped. i still have a problem with Internet explorer tho it will not connect to the internet i ran the diagnose connection tool and it says "Windows cannot connect to the internet using HTTP, HTTPS or FTP check the firewall settings for the HTTP port (80) HTTPS port (443) and FTP port (21). You may need to contact your ISP or firewall manufacturer " This has also affected kapersky internet security to it will not update. it says it cannot connect to the server. currently i am using fire fox to access the internet and and also the admin account seems to be unaffected by any of these problems even tho my account is an admin as well.

Edited by Orange Blossom, 14 May 2010 - 05:55 PM.
Move to AII as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 18 May 2010 - 05:43 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 vanlierdechad

vanlierdechad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 29 May 2010 - 02:28 AM

Here is the log file you asked for:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4153

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/29/2010 2:24:46 AM
mbam-log-2010-05-29 (02-24-46).txt

Scan type: Quick scan
Objects scanned: 145226
Time elapsed: 9 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\ihistorycookies.clshistorycookies (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8502d876-f5a4-42cb-8ba7-55413c6cd36f} (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4b5563b7-2353-4c1e-865d-a3c84259d548} (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fe7beebd-7d16-4efc-a204-310ada898c32} (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Advanced Registry Fix\IHistoryCookies.dll (Rogue.ErrorEraser) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 29 May 2010 - 05:34 PM

Please run the Malwarebytes scan again and post the new log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 vanlierdechad

vanlierdechad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 29 May 2010 - 06:18 PM

Here is the new log. I still do not have access to internet explorer or anything else that tries to use internet explorer like Avira anti virus. that i have been updating manually.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4153

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/29/2010 7:12:39 PM
mbam-log-2010-05-29 (19-12-39).txt

Scan type: Quick scan
Objects scanned: 145305
Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:01:16 AM

Posted 29 May 2010 - 06:48 PM

You know, I hate these people who create these blasted programs! I know that you are probably asking yourself, "how in the world did this darn nasty end up on my computer in the first place?" Well, it is so unfortunate that these people who make these things have to be obscure, for the two experiences I've had giving a hand in removing them have never resulted in the user who had it being able to find the culprit. And generic detections by Av firms don't help us out either (sorry guys).

Regards,
Crhomebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 29 May 2010 - 06:50 PM

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 vanlierdechad

vanlierdechad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 30 May 2010 - 10:25 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2010 at 12:06 PM

Application Version : 4.38.1004

Core Rules Database Version : 5007
Trace Rules Database Version: 2819

Scan type : Complete Scan
Total Scan Time : 01:58:58

Memory items scanned : 248
Memory threats detected : 0
Registry items scanned : 9262
Registry threats detected : 0
File items scanned : 201465
File threats detected : 159

Adware.Tracking Cookie
C:\Documents and Settings\chad\Cookies\chad@ad.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.bleepingcomputer[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.bridgetrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pugetsoundsoftware[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.undertone[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@allbritton.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@at.atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cdn4.specificclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@chitika[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@collective-media[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@content.yieldmanager[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@eyewonder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@invitemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ru4[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[3].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@specificmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
C:\Documents and Settings\chad\Cookies\chad@2o7[2].txt
C:\Documents and Settings\chad\Cookies\chad@a1.interclick[2].txt
C:\Documents and Settings\chad\Cookies\chad@ad.wsod[2].txt
C:\Documents and Settings\chad\Cookies\chad@ad.wsod[3].txt
C:\Documents and Settings\chad\Cookies\chad@ad.wsod[4].txt
C:\Documents and Settings\chad\Cookies\chad@ad.yieldmanager[3].txt
C:\Documents and Settings\chad\Cookies\chad@adbrite[1].txt
C:\Documents and Settings\chad\Cookies\chad@adbrite[2].txt
C:\Documents and Settings\chad\Cookies\chad@adbrite[3].txt
C:\Documents and Settings\chad\Cookies\chad@adbrite[5].txt
C:\Documents and Settings\chad\Cookies\chad@adecn[1].txt
C:\Documents and Settings\chad\Cookies\chad@adinterax[1].txt
C:\Documents and Settings\chad\Cookies\chad@ads.associatedcontent[1].txt
C:\Documents and Settings\chad\Cookies\chad@ads.bridgetrack[1].txt
C:\Documents and Settings\chad\Cookies\chad@ads.bridgetrack[2].txt
C:\Documents and Settings\chad\Cookies\chad@ads.bridgetrack[4].txt
C:\Documents and Settings\chad\Cookies\chad@ads.exoticpetcentral[1].txt
C:\Documents and Settings\chad\Cookies\chad@ads.fulldls[2].txt
C:\Documents and Settings\chad\Cookies\chad@ads.gmodules[1].txt
C:\Documents and Settings\chad\Cookies\chad@ads.neudesicmediagroup[1].txt
C:\Documents and Settings\chad\Cookies\chad@ads.undertone[2].txt
C:\Documents and Settings\chad\Cookies\chad@ads.undertone[3].txt
C:\Documents and Settings\chad\Cookies\chad@ads.vrx.adbrite[1].txt
C:\Documents and Settings\chad\Cookies\chad@adserver.adtechus[1].txt
C:\Documents and Settings\chad\Cookies\chad@adserver.seedpeer[1].txt
C:\Documents and Settings\chad\Cookies\chad@allbritton.122.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@associatedcontent.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@at.atwola[1].txt
C:\Documents and Settings\chad\Cookies\chad@bizrate[2].txt
C:\Documents and Settings\chad\Cookies\chad@businessfinder.pennlive[2].txt
C:\Documents and Settings\chad\Cookies\chad@cdn4.specificclick[1].txt
C:\Documents and Settings\chad\Cookies\chad@chitika[1].txt
C:\Documents and Settings\chad\Cookies\chad@click.mediadome[1].txt
C:\Documents and Settings\chad\Cookies\chad@clickshift[1].txt
C:\Documents and Settings\chad\Cookies\chad@clicksor[2].txt
C:\Documents and Settings\chad\Cookies\chad@collective-media[1].txt
C:\Documents and Settings\chad\Cookies\chad@content.yieldmanager[1].txt
C:\Documents and Settings\chad\Cookies\chad@content.yieldmanager[2].txt
C:\Documents and Settings\chad\Cookies\chad@content.yieldmanager[3].txt
C:\Documents and Settings\chad\Cookies\chad@content.yieldmanager[4].txt
C:\Documents and Settings\chad\Cookies\chad@content.yieldmanager[6].txt
C:\Documents and Settings\chad\Cookies\chad@discount-pet-superstore[2].txt
C:\Documents and Settings\chad\Cookies\chad@dmtracker[1].txt
C:\Documents and Settings\chad\Cookies\chad@eas.apm.emediate[1].txt
C:\Documents and Settings\chad\Cookies\chad@easyduplicatefinder[2].txt
C:\Documents and Settings\chad\Cookies\chad@edge.ru4[1].txt
C:\Documents and Settings\chad\Cookies\chad@ext-us.bestofmedia[1].txt
C:\Documents and Settings\chad\Cookies\chad@gecadepaymentinternational.122.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@giftscom.122.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@imrworldwide[2].txt
C:\Documents and Settings\chad\Cookies\chad@insightexpressai[1].txt
C:\Documents and Settings\chad\Cookies\chad@interclick[1].txt
C:\Documents and Settings\chad\Cookies\chad@intermundomedia[2].txt
C:\Documents and Settings\chad\Cookies\chad@invitemedia[1].txt
C:\Documents and Settings\chad\Cookies\chad@invitemedia[2].txt
C:\Documents and Settings\chad\Cookies\chad@invitemedia[3].txt
C:\Documents and Settings\chad\Cookies\chad@kanoodle[2].txt
C:\Documents and Settings\chad\Cookies\chad@kontera[2].txt
C:\Documents and Settings\chad\Cookies\chad@kontera[3].txt
C:\Documents and Settings\chad\Cookies\chad@leeenterprises.112.2o7[2].txt
C:\Documents and Settings\chad\Cookies\chad@lockedonmedia[2].txt
C:\Documents and Settings\chad\Cookies\chad@lockedonmedia[3].txt
C:\Documents and Settings\chad\Cookies\chad@maxmedia.skyegroup[1].txt
C:\Documents and Settings\chad\Cookies\chad@media6degrees[2].txt
C:\Documents and Settings\chad\Cookies\chad@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@microsoftwlcashback.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@msnportal.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@msnportal.112.2o7[2].txt
C:\Documents and Settings\chad\Cookies\chad@myroitracking[1].txt
C:\Documents and Settings\chad\Cookies\chad@myroitracking[2].txt
C:\Documents and Settings\chad\Cookies\chad@myroitracking[4].txt
C:\Documents and Settings\chad\Cookies\chad@network.realmedia[2].txt
C:\Documents and Settings\chad\Cookies\chad@nextag[1].txt
C:\Documents and Settings\chad\Cookies\chad@nextag[2].txt
C:\Documents and Settings\chad\Cookies\chad@oasn04.247realmedia[1].txt
C:\Documents and Settings\chad\Cookies\chad@paypal.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@pointroll[1].txt
C:\Documents and Settings\chad\Cookies\chad@pro-market[1].txt
C:\Documents and Settings\chad\Cookies\chad@pub17.bravenet[1].txt
C:\Documents and Settings\chad\Cookies\chad@rainbowmedia.122.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@revsci[2].txt
C:\Documents and Settings\chad\Cookies\chad@revsci[3].txt
C:\Documents and Settings\chad\Cookies\chad@richmedia.yahoo[1].txt
C:\Documents and Settings\chad\Cookies\chad@richmedia.yahoo[2].txt
C:\Documents and Settings\chad\Cookies\chad@richmedia.yahoo[4].txt
C:\Documents and Settings\chad\Cookies\chad@rotator.adjuggler[1].txt
C:\Documents and Settings\chad\Cookies\chad@sales.liveperson[2].txt
C:\Documents and Settings\chad\Cookies\chad@sales.liveperson[3].txt
C:\Documents and Settings\chad\Cookies\chad@server.iad.liveperson[3].txt
C:\Documents and Settings\chad\Cookies\chad@server.iad.liveperson[4].txt
C:\Documents and Settings\chad\Cookies\chad@server.iad.liveperson[5].txt
C:\Documents and Settings\chad\Cookies\chad@server.iad.liveperson[6].txt
C:\Documents and Settings\chad\Cookies\chad@specificclick[1].txt
C:\Documents and Settings\chad\Cookies\chad@specificmedia[2].txt
C:\Documents and Settings\chad\Cookies\chad@stats.paypal[1].txt
C:\Documents and Settings\chad\Cookies\chad@stats.townnews[2].txt
C:\Documents and Settings\chad\Cookies\chad@synacor.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@t.pointroll[1].txt
C:\Documents and Settings\chad\Cookies\chad@tacoda[2].txt
C:\Documents and Settings\chad\Cookies\chad@thinkgeek.112.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@tracking.vampmarketing[1].txt
C:\Documents and Settings\chad\Cookies\chad@tripod[1].txt
C:\Documents and Settings\chad\Cookies\chad@upclick[1].txt
C:\Documents and Settings\chad\Cookies\chad@user-activity-tracking[1].txt
C:\Documents and Settings\chad\Cookies\chad@viacom.adbureau[1].txt
C:\Documents and Settings\chad\Cookies\chad@wastemanagement.122.2o7[1].txt
C:\Documents and Settings\chad\Cookies\chad@web4.realtracker[1].txt
C:\Documents and Settings\chad\Cookies\chad@www.adxtrack[1].txt
C:\Documents and Settings\chad\Cookies\chad@www.easyduplicatefinder[2].txt
C:\Documents and Settings\chad\Cookies\chad@www.googleadservices[1].txt
C:\Documents and Settings\chad\Cookies\chad@www.googleadservices[2].txt
C:\Documents and Settings\chad\Cookies\chad@www.googleadservices[3].txt
C:\Documents and Settings\chad\Cookies\chad@www.googleadservices[5].txt
C:\Documents and Settings\chad\Cookies\chad@www.googleadservices[6].txt
C:\Documents and Settings\chad\Cookies\chad@www.windowsmedia[2].txt
C:\Documents and Settings\chad\Cookies\chad@yieldmanager[1].txt

Adware.Flash Tracking Cookie
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\MSNTEST.SERVING-SYS.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\ACVS.MEDIAONENETWORK.NET
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\CONVOAD.TECHNORATIMEDIA.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\IA.MEDIA-IMDB.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\MEDIA.NETAPP.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\MEDIA.ONSUGAR.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\MEDIA1.BREAK.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\MEDIAFORGEWS.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\MSNBCMEDIA.MSN.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\STATIC.2MDN.NET
C:\Documents and Settings\chad\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\FZPFJM3K\SECURE-US.IMRWORLDWIDE.COM

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 30 May 2010 - 10:35 PM

How's your computer running now?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 vanlierdechad

vanlierdechad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 30 May 2010 - 10:55 PM

still no change. I still can't get internet access through internet explorer and anything that tries to use internet explorer fails to connect.

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 30 May 2010 - 11:03 PM

Try this and see if it makes any difference:

1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Advanced tab, click Reset.
4. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 vanlierdechad

vanlierdechad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 30 May 2010 - 11:23 PM

yes it worked i have internet explorer back thank you sooo much!!!

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 30 May 2010 - 11:24 PM

If you’re clean, you should create a new Restore Point to prevent possible re-infection from an old one.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Also, go Start > Control Panel and double-click Add or Remove Programs. Post back and report any Java or JS2E entries that you have.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 vanlierdechad

vanlierdechad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 31 May 2010 - 12:02 AM

i cleand out all the old restore points and created a new one. I have two entries in add and remove programs for java they are java™6 update 7 and java™6 update 17

#15 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:16 PM

Posted 31 May 2010 - 12:12 AM

Those Java entries are out of date. You should remove them and then get the latest from here:

http://java.com/en/download/index.jsp
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users