Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm perplexed


  • This topic is locked This topic is locked
45 replies to this topic

#1 jaysnzees

jaysnzees

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 14 July 2011 - 10:36 PM

I am trying to do some cleaning...MBAM...SAS and every time the programs will freeze in a few hours, in and out of safe mode. I can't finish them. I don't think its the software...my kids like the gaming sites, Club Penguin and Runescape and I am alwys thinking they"ll pick up virus' there...anyway the computer will run sluggish and not being able to finish those programs above leads me to believe I have bigger issues.


Plus, everything I try to look at on Google directs me to hxxp://www.searchjokes.net/cc.php?id=22738986 or something like it.

what the hell???
Help please??

Edited by Orange Blossom, 14 July 2011 - 11:22 PM.
Deactivated link. ~ OB

What is thy bidding? My Master?

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:21 PM

Posted 14 July 2011 - 11:10 PM

Hello and welcome. Try running an Online scan first then SAS and MBAM.. Post all the scan logs when done.
I am leaving now but will look back.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 15 July 2011 - 09:54 PM

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jk2djxvb.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jk2djxvb.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jacob Schumacher\Application Data\Mozilla\Firefox\Profiles\gbfv4s2a.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jacob Schumacher\Application Data\Mozilla\Firefox\Profiles\gbfv4s2a.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jacob Schumacher\Application Data\Mozilla\Firefox\Profiles\gbfv4s2a.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jamie Schumacher\Application Data\Mozilla\Firefox\Profiles\7ekbctna.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jamie Schumacher\Application Data\Mozilla\Firefox\Profiles\7ekbctna.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jamie Schumacher\Application Data\Mozilla\Firefox\Profiles\7ekbctna.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jamie Schumacher\Application Data\OpenCandy\OpenCandy_4DF0B15F4F5A4357A9EA914164C7E8AC\DLMgr_3_1.6.87.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Jamie Schumacher\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\fgefajjachappndgmmekmamnbnfddgjp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jayden Schumacher\Application Data\Mozilla\Firefox\Profiles\emhlnjgn.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jayden Schumacher\Application Data\Mozilla\Firefox\Profiles\emhlnjgn.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jayden Schumacher\Application Data\Mozilla\Firefox\Profiles\emhlnjgn.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\jayden101\Application Data\Mozilla\Firefox\Profiles\5v2ts243.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\jayden101\Application Data\Mozilla\Firefox\Profiles\5v2ts243.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\jayden101\Application Data\Mozilla\Firefox\Profiles\5v2ts243.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\jayden101\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\fgefajjachappndgmmekmamnbnfddgjp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\jayden101\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\nefpfnaibefcockmiepdjpidcdcgliem\contentscript.js Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jennifer Schumacher\Application Data\Mozilla\Firefox\Profiles\4g48yb1d.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jennifer Schumacher\Application Data\Mozilla\Firefox\Profiles\4g48yb1d.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jennifer Schumacher\Application Data\Mozilla\Firefox\Profiles\4g48yb1d.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Zoey Angel\Application Data\Mozilla\Firefox\Profiles\p8jpef7x.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Zoey Angel\Application Data\Mozilla\Firefox\Profiles\p8jpef7x.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Zoey Angel\Application Data\Mozilla\Firefox\Profiles\p8jpef7x.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP1\A0004062.exe a variant of Win32/Kryptik.QFB trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP2\A0016138.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028166.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028167.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028168.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028169.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028170.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028171.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028172.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028173.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028174.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028175.exe Win32/OpenCandy application deleted - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028176.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028177.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028178.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028179.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028180.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028181.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028182.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028183.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028184.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028185.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028186.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028187.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028188.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028189.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/15/2011 at 09:24 PM

Application Version : 4.55.1000

Core Rules Database Version : 7411
Trace Rules Database Version: 5223

Scan type : Quick Scan
Total Scan Time : 00:32:23

Memory items scanned : 429
Memory threats detected : 0
Registry items scanned : 1608
Registry threats detected : 0
File items scanned : 40321
File threats detected : 420

Adware.Tracking Cookie
convoad.technoratimedia.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\98B7JG3S ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\98B7JG3S ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\98B7JG3S ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\98B7JG3S ]
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@247realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@2o7[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.wsod[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbrite[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@adbureau[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adlegend[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.10click[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.10click[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.ask[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bighealthtree[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.blogtalkradio[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bridgetrack[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bridgetrack[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bridgetrack[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.bridgetrack[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.financialcontent[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.intergi[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.lycos[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pointroll[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pubmatic[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.pureleads[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.redorbit[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ads.undertone[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adserver.adtechus[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertise[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@advertising[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@adx.bidsystem[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@adxpose[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@andomedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@anrtx.tacoda[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@anrtx.tacoda[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@anrtx.tacoda[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@apmebf[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@ar.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@at.atwola[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@atdmt[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@beacon.dmsinsights[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bizzclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@bs.serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstbeacon[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@burstnet[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@businessfind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@CADXGFDF.txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn.jemamedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@cdn1.trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@citi.bridgetrack[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbank[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickbooth[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clicks.thespecialsearch[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@clickthrough.kanoodle[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@collective-media[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@content.yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@counter.hitslink[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@d3.zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@dc.tremormedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@dealtime[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@eas.apm.emediate[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@educationcom.112.2o7[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@entrepreneur[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@eqtracking[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@eyewonder[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@fastclick[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@findology[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@getclicky[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@gotacha.rotator.hadj7.adjuggler[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@groupamagan.solution.weborama[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@homestore.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@homestore.122.2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@hpi.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@in.getclicky[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@indieclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@inside.rotator.hadj1.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@interchangecorporation.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@interclick[8].txt
C:\Documents and Settings\NetworkService\Cookies\system@intermundomedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@jmp.clickbooth[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@kanoodle[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@kontera[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@legolas-media[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@lfstmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@linksynergy[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@liveperson[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@local-discount-shopping[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@lucidmedia[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@madethecut.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@madethecut.112.2o7[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@martiniadnetwork[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.adfrontiers[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media.contextweb[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediabrandsww[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mediatraffic[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@miva.cinomedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@miva.cinomedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@miva.cinomedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@miva.cinomedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@mm.chitika[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@momfinds[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@msnbc.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@msnportal.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@mtvn.112.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@optimize.indieclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@overture[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@p216t1s4838190.kronos.bravenetmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pointroll[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@pops.green-find[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pops.scarletfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pops.therainbowfind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@pro-market[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@questionmarket[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@r1-ads.ace.advertising[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@r1-ads.ace.advertising[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@r1-ads.ace.advertising[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@r1-ads.ace.advertising[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@rainbowmedia.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@realmedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@revsci[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@ru4[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.321findit[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.amazeclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.amazeclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.boltfind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clickbowl[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clickbowl[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clickbowl[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksare[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksare[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksfind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksthe[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksthe[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.clicksthis[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.findsmy[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.hippofind[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.seekfinds[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@search.toseeking[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@server.cpmstar[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@server.cpmstar[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@server.iad.liveperson[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@server.iad.liveperson[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@smartfindonline[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@specificclick[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@stat.dealtime[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@statcounter[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@static.getclicky[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@statse.webtrendslive[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@t.pointroll[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@t.pointroll[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tacoda.at.atwola[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@technoratimedia[6].txt
C:\Documents and Settings\NetworkService\Cookies\system@theclickcheck[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@track.clickpayz[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tracking.godatafeed[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficking.nabbr[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@traveladvertising[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@tribalfusion[7].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@viacom.adbureau[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@viewablemedia[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@weborama[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstbeacon[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.businessfind[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.campusexplorer[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-fast-answers[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.find-fast-answers[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.mediaquantics[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.tomtracker[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.trackimizer[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@www.trackimizer[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.prostreammedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@xml.trafficengine[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@yieldmanager[5].txt
C:\Documents and Settings\NetworkService\Cookies\system@z.blogads[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@z.blogads[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@z.blogads[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[3].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[4].txt
C:\Documents and Settings\NetworkService\Cookies\system@zedo[5].txt
What is thy bidding? My Master?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:21 PM

Posted 15 July 2011 - 10:18 PM

Better,, tell me how it is after MBAM.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 16 July 2011 - 10:46 AM

MBAM info to follow...but I get redirected to search-enjoy.com when I click on Google or Bing results. This was fixed yesterday by that ESET scan.

I noticed a lot of Google Chrome talk in that first list, and this morning there is a Google Chrome shortcut on my desktop. My son says he downloaded nothing after I went to sleep, but I had updated my CCleaner and thought I read something about Google Chrome in the language of that.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7156

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/15/2011 10:25:52 PM
mbam-log-2011-07-15 (22-25-52).txt

Scan type: Quick scan
Objects scanned: 298050
Time elapsed: 21 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
What is thy bidding? My Master?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:21 PM

Posted 16 July 2011 - 06:26 PM

We may have a TDSS infection.. at least now the scans finish.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 16 July 2011 - 08:38 PM

2011/07/16 20:31:08.0234 0608 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/16 20:31:08.0640 0608 ================================================================================
2011/07/16 20:31:08.0640 0608 SystemInfo:
2011/07/16 20:31:08.0640 0608
2011/07/16 20:31:08.0640 0608 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/16 20:31:08.0640 0608 Product type: Workstation
2011/07/16 20:31:08.0640 0608 ComputerName: DELLMAR
2011/07/16 20:31:08.0640 0608 UserName: Jamie Schumacher
2011/07/16 20:31:08.0640 0608 Windows directory: C:\WINDOWS
2011/07/16 20:31:08.0640 0608 System windows directory: C:\WINDOWS
2011/07/16 20:31:08.0640 0608 Processor architecture: Intel x86
2011/07/16 20:31:08.0640 0608 Number of processors: 2
2011/07/16 20:31:08.0640 0608 Page size: 0x1000
2011/07/16 20:31:08.0640 0608 Boot type: Normal boot
2011/07/16 20:31:08.0640 0608 ================================================================================
2011/07/16 20:31:08.0937 0608 Initialize success
2011/07/16 20:31:14.0609 1176 Deinitialize success

2011/07/16 20:32:04.0343 2984 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/16 20:32:04.0921 2984 ================================================================================
2011/07/16 20:32:04.0921 2984 SystemInfo:
2011/07/16 20:32:04.0921 2984
2011/07/16 20:32:04.0921 2984 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/16 20:32:04.0921 2984 Product type: Workstation
2011/07/16 20:32:04.0921 2984 ComputerName: DELLMAR
2011/07/16 20:32:04.0921 2984 UserName: Jamie Schumacher
2011/07/16 20:32:04.0921 2984 Windows directory: C:\WINDOWS
2011/07/16 20:32:04.0921 2984 System windows directory: C:\WINDOWS
2011/07/16 20:32:04.0921 2984 Processor architecture: Intel x86
2011/07/16 20:32:04.0921 2984 Number of processors: 2
2011/07/16 20:32:04.0921 2984 Page size: 0x1000
2011/07/16 20:32:04.0921 2984 Boot type: Normal boot
2011/07/16 20:32:04.0921 2984 ================================================================================
2011/07/16 20:32:05.0078 2984 Initialize success
2011/07/16 20:32:45.0031 2732 ================================================================================
2011/07/16 20:32:45.0031 2732 Scan started
2011/07/16 20:32:45.0031 2732 Mode: Manual;
2011/07/16 20:32:45.0031 2732 ================================================================================
2011/07/16 20:32:45.0375 2732 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/16 20:32:45.0437 2732 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/16 20:32:45.0531 2732 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/16 20:32:45.0609 2732 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/07/16 20:32:45.0671 2732 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/16 20:32:45.0953 2732 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/16 20:32:46.0000 2732 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/07/16 20:32:46.0187 2732 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/16 20:32:46.0453 2732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/16 20:32:46.0609 2732 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/16 20:32:46.0781 2732 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/16 20:32:46.0875 2732 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/16 20:32:46.0953 2732 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/16 20:32:47.0046 2732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/16 20:32:47.0140 2732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/16 20:32:47.0281 2732 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/16 20:32:47.0437 2732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/16 20:32:47.0515 2732 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/16 20:32:47.0640 2732 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/16 20:32:47.0703 2732 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/07/16 20:32:48.0171 2732 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/16 20:32:48.0296 2732 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/16 20:32:48.0640 2732 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/07/16 20:32:48.0750 2732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/16 20:32:48.0812 2732 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/16 20:32:48.0921 2732 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/16 20:32:49.0015 2732 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/16 20:32:49.0093 2732 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/16 20:32:49.0234 2732 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/16 20:32:49.0390 2732 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/16 20:32:49.0453 2732 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/16 20:32:49.0515 2732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/16 20:32:49.0578 2732 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/16 20:32:49.0671 2732 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/16 20:32:49.0750 2732 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/16 20:32:49.0828 2732 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/16 20:32:49.0984 2732 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/07/16 20:32:50.0203 2732 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/16 20:32:50.0390 2732 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/16 20:32:50.0468 2732 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
2011/07/16 20:32:50.0593 2732 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/16 20:32:50.0750 2732 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/16 20:32:50.0796 2732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/16 20:32:50.0875 2732 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/16 20:32:50.0953 2732 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/16 20:32:51.0062 2732 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/16 20:32:51.0125 2732 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/16 20:32:51.0203 2732 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/16 20:32:51.0234 2732 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/16 20:32:51.0375 2732 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/16 20:32:51.0453 2732 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/16 20:32:51.0687 2732 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/16 20:32:51.0828 2732 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/16 20:32:51.0968 2732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/16 20:32:52.0015 2732 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/16 20:32:52.0078 2732 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/16 20:32:52.0109 2732 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/16 20:32:52.0187 2732 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/16 20:32:52.0203 2732 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/16 20:32:52.0421 2732 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/07/16 20:32:52.0515 2732 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/07/16 20:32:52.0593 2732 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/16 20:32:52.0656 2732 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/16 20:32:52.0703 2732 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/16 20:32:52.0734 2732 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/16 20:32:52.0765 2732 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/16 20:32:52.0812 2732 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/16 20:32:52.0843 2732 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/16 20:32:52.0875 2732 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/16 20:32:52.0906 2732 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/16 20:32:52.0953 2732 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/16 20:32:53.0000 2732 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/16 20:32:53.0062 2732 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/16 20:32:53.0062 2732 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/16 20:32:53.0109 2732 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/16 20:32:53.0156 2732 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/16 20:32:53.0187 2732 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/16 20:32:53.0250 2732 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/16 20:32:53.0296 2732 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/16 20:32:53.0359 2732 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/16 20:32:53.0390 2732 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/16 20:32:53.0437 2732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/16 20:32:53.0625 2732 nv (449220e13e94b64ebfdc788e97ec9222) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/16 20:32:53.0828 2732 nvgts (a0b3f3a5049931657164f0ffcf0b208e) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/07/16 20:32:53.0937 2732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/16 20:32:53.0968 2732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/16 20:32:54.0015 2732 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/07/16 20:32:54.0031 2732 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/16 20:32:54.0062 2732 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/16 20:32:54.0078 2732 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/16 20:32:54.0140 2732 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/16 20:32:54.0265 2732 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/16 20:32:54.0281 2732 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/16 20:32:54.0296 2732 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/16 20:32:54.0328 2732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/16 20:32:54.0343 2732 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/07/16 20:32:54.0453 2732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/16 20:32:54.0500 2732 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/16 20:32:54.0515 2732 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/16 20:32:54.0546 2732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/16 20:32:54.0562 2732 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/16 20:32:54.0609 2732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/16 20:32:54.0640 2732 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/16 20:32:54.0671 2732 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/16 20:32:54.0687 2732 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/16 20:32:54.0828 2732 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/16 20:32:54.0875 2732 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/07/16 20:32:54.0937 2732 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/07/16 20:32:54.0968 2732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/16 20:32:55.0000 2732 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/07/16 20:32:55.0046 2732 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/16 20:32:55.0093 2732 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/16 20:32:55.0140 2732 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/16 20:32:55.0171 2732 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/16 20:32:55.0218 2732 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/16 20:32:55.0281 2732 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/16 20:32:55.0390 2732 STHDA (8990440e4b2a7ca5a56a1833b03741fd) C:\WINDOWS\system32\drivers\sthda.sys
2011/07/16 20:32:55.0437 2732 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/16 20:32:55.0468 2732 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/16 20:32:55.0500 2732 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/16 20:32:55.0609 2732 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/16 20:32:55.0671 2732 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/16 20:32:55.0734 2732 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/16 20:32:55.0750 2732 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/16 20:32:55.0796 2732 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/16 20:32:55.0843 2732 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/16 20:32:55.0937 2732 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/16 20:32:56.0000 2732 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/07/16 20:32:56.0046 2732 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/16 20:32:56.0093 2732 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/16 20:32:56.0125 2732 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/16 20:32:56.0156 2732 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/16 20:32:56.0187 2732 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/16 20:32:56.0203 2732 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/16 20:32:56.0218 2732 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/16 20:32:56.0250 2732 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/16 20:32:56.0296 2732 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/16 20:32:56.0343 2732 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/16 20:32:56.0375 2732 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/16 20:32:56.0406 2732 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/16 20:32:56.0484 2732 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/16 20:32:56.0625 2732 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/07/16 20:32:56.0671 2732 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/16 20:32:56.0718 2732 WsAudio_DeviceS(1) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys
2011/07/16 20:32:56.0750 2732 WsAudio_DeviceS(2) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys
2011/07/16 20:32:56.0765 2732 WsAudio_DeviceS(3) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys
2011/07/16 20:32:56.0796 2732 WsAudio_DeviceS(4) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys
2011/07/16 20:32:56.0812 2732 WsAudio_DeviceS(5) (4160cbe59d9b5be22e4c3897e8db9d56) C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys
2011/07/16 20:32:56.0843 2732 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/16 20:32:56.0875 2732 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/16 20:32:56.0906 2732 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/16 20:32:56.0984 2732 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/16 20:32:56.0984 2732 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/16 20:32:56.0984 2732 Boot (0x1200) (b3b80785a3a28cdaa4c595319f0534f5) \Device\Harddisk0\DR0\Partition0
2011/07/16 20:32:57.0000 2732 ================================================================================
2011/07/16 20:32:57.0000 2732 Scan finished
2011/07/16 20:32:57.0000 2732 ================================================================================
2011/07/16 20:32:57.0000 3216 Detected object count: 1
2011/07/16 20:32:57.0000 3216 Actual detected object count: 1
2011/07/16 20:33:14.0125 3216 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/16 20:33:14.0125 3216 \Device\Harddisk0\DR0 - ok
2011/07/16 20:33:14.0125 3216 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/16 20:33:19.0437 2968 Deinitialize success
What is thy bidding? My Master?

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:21 PM

Posted 16 July 2011 - 09:35 PM

Thar she blows... Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4)
Please reboot if you have not.

Now lets see if anything is left so we can mop up.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Finally
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 18 July 2011 - 08:10 PM

There was a bunch of stuff taken care of by ESET, but my daughter clicked Finished without Exporting to Text. So I ran it again and got no log, so it must have been taken care....MBAM to follow.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7190

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/18/2011 10:19:57 AM
mbam-log-2011-07-18 (10-19-57).txt

Scan type: Quick scan
Objects scanned: 285769
Time elapsed: 12 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\EDITED\local settings\Temp\0.5740917740494021.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.



BTW - This as done something to my sound...I can listen to music offline, but not online. If I download a video, I can hear it, just not while streaming I guess. It works on our other users in the house, just not mine.

Edited by boopme, 18 July 2011 - 08:20 PM.

What is thy bidding? My Master?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:21 PM

Posted 18 July 2011 - 08:31 PM

Hello, these Exploit infections entered by exploiting an outed application(likely acrobat reader and/or JRE) was exploited and the detections in your log are the initial executable files dropped and executed as a result of this successful exploit.

EDIT:
Good ESET did remove whatever it found.
We may get lucky

The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start >> Run dialog box from the Start Menu on the desktop.



Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Now let do a system restore to a date prior to the infecttion and see if the sound is fixed.
Windows XP System Restore Guide


Rerun MBAM (MalwareBytes) like this to be sure we did not put any malware back:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Edited by boopme, 18 July 2011 - 08:34 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 19 July 2011 - 09:02 AM

Here's the log from yesterday's ESET scan and from July 15th. I notice similar files, so does that mean they were not removed the first time, or were put back on in the three days between scans? Also, the "volume" problem has been quite a while, but I don't know an exact date, so I don't know how far back to actually go for a system restore.

# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=c2eb88749c748f4d8758afaf0ccfbaf6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-04-11 09:03:31
# local_time=2011-04-11 04:03:31 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775165 100 100 0 77325900 0 0
# compatibility_mode=8192 67108863 100 0 24014864 24014864 0 0
# scanned=67496
# found=8
# cleaned=8
# scan_time=4075
C:\Documents and Settings\All Users\Application Data\aHf06511iIbAn06511\aHf06511iIbAn06511.exe a variant of Win32/Kryptik.MMZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Common Files\ZugoInstaller.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\WebfettiEI\Installr\8.bin\7dEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP408\A0199840.exe a variant of Win32/Kryptik.MMZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP408\A0199841.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP408\A0199842.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP408\A0199843.dll a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c2eb88749c748f4d8758afaf0ccfbaf6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-16 12:35:32
# local_time=2011-07-15 07:35:32 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775165 100 100 0 85543960 0 0
# compatibility_mode=8192 67108863 100 0 32232924 32232924 0 0
# scanned=140674
# found=53
# cleaned=53
# scan_time=6728
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jk2djxvb.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jacob\Application Data\Mozilla\Firefox\Profiles\jk2djxvb.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jacob Schumacher\Application Data\Mozilla\Firefox\Profiles\gbfv4s2a.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jacob Schumacher\Application Data\Mozilla\Firefox\Profiles\gbfv4s2a.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jacob Schumacher\Application Data\Mozilla\Firefox\Profiles\gbfv4s2a.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jamie Schumacher\Application Data\Mozilla\Firefox\Profiles\7ekbctna.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jamie Schumacher\Application Data\Mozilla\Firefox\Profiles\7ekbctna.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jamie Schumacher\Application Data\Mozilla\Firefox\Profiles\7ekbctna.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jamie Schumacher\Application Data\OpenCandy\OpenCandy_4DF0B15F4F5A4357A9EA914164C7E8AC\DLMgr_3_1.6.87.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jamie Schumacher\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\fgefajjachappndgmmekmamnbnfddgjp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jayden Schumacher\Application Data\Mozilla\Firefox\Profiles\emhlnjgn.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jayden Schumacher\Application Data\Mozilla\Firefox\Profiles\emhlnjgn.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jayden Schumacher\Application Data\Mozilla\Firefox\Profiles\emhlnjgn.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Application Data\Mozilla\Firefox\Profiles\5v2ts243.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Application Data\Mozilla\Firefox\Profiles\5v2ts243.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Application Data\Mozilla\Firefox\Profiles\5v2ts243.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\fgefajjachappndgmmekmamnbnfddgjp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\nefpfnaibefcockmiepdjpidcdcgliem\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jennifer Schumacher\Application Data\Mozilla\Firefox\Profiles\4g48yb1d.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jennifer Schumacher\Application Data\Mozilla\Firefox\Profiles\4g48yb1d.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jennifer Schumacher\Application Data\Mozilla\Firefox\Profiles\4g48yb1d.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Zoey Angel\Application Data\Mozilla\Firefox\Profiles\p8jpef7x.default\extensions\{417cd696-b794-4c5f-96e5-e5f7d9620cb7}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Zoey Angel\Application Data\Mozilla\Firefox\Profiles\p8jpef7x.default\extensions\{5b5cea53-74a4-48d3-954f-b61022c29349}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Zoey Angel\Application Data\Mozilla\Firefox\Profiles\p8jpef7x.default\extensions\{9aa3170f-7ba3-4e1f-a260-77c21c0a7670}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP1\A0004062.exe a variant of Win32/Kryptik.QFB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP2\A0016138.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028166.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028167.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028168.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028169.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028170.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028171.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028172.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028173.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028174.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028175.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028176.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028177.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028178.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028179.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028180.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028181.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028182.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028183.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028184.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028185.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028186.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028187.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028188.dll Win32/Toolbar.Zugo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP3\A0028189.dll Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c2eb88749c748f4d8758afaf0ccfbaf6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-18 05:25:26
# local_time=2011-07-18 12:25:26 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775165 100 100 0 85777444 0 0
# compatibility_mode=8192 67108863 100 0 32466408 32466408 0 0
# scanned=139957
# found=22
# cleaned=22
# scan_time=6645
C:\Documents and Settings\Jacob Schumacher\Application Data\Mozilla\Firefox\Profiles\gbfv4s2a.default\extensions\{3de8f7f8-639f-4527-95ef-99b7ad5264dc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jacob schumacher.DELLMAR\Application Data\Mozilla\Firefox\Profiles\006ruqet.default\extensions\{3de8f7f8-639f-4527-95ef-99b7ad5264dc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jamie Schumacher\Application Data\Mozilla\Firefox\Profiles\7ekbctna.default\extensions\{3de8f7f8-639f-4527-95ef-99b7ad5264dc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jayden Schumacher\Application Data\Mozilla\Firefox\Profiles\emhlnjgn.default\extensions\{3de8f7f8-639f-4527-95ef-99b7ad5264dc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Application Data\Mozilla\Firefox\Profiles\5v2ts243.default\extensions\{3de8f7f8-639f-4527-95ef-99b7ad5264dc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\agdgkmipmegnbdbcbofedaofppmkhkdn\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\jayden101\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\fgefajjachappndgmmekmamnbnfddgjp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Jennifer Schumacher\Application Data\Mozilla\Firefox\Profiles\4g48yb1d.default\extensions\{3de8f7f8-639f-4527-95ef-99b7ad5264dc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Zoey Angel\Application Data\Mozilla\Firefox\Profiles\p8jpef7x.default\extensions\{3de8f7f8-639f-4527-95ef-99b7ad5264dc}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP4\A0034169.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP4\A0034170.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP4\A0034171.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP4\A0034172.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP4\A0034173.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP4\A0034174.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP6\A0036291.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP6\A0036292.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP6\A0036293.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP6\A0036294.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP6\A0036295.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP6\A0036296.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{C9310BAB-2254-4653-BBC3-3589F4BE1297}\RP6\A0036297.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c2eb88749c748f4d8758afaf0ccfbaf6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-18 09:28:13
# local_time=2011-07-18 04:28:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775165 100 100 0 85792385 0 0
# compatibility_mode=8192 67108863 100 0 32481349 32481349 0 0
# scanned=139892
# found=0
# cleaned=0
# scan_time=6272




Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log````````````
What is thy bidding? My Master?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,534 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:21 PM

Posted 19 July 2011 - 09:49 AM

Ok, is the box referrred to in line 7 checked?
The C:\System Volume Information\_restore items we will remove later.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 19 July 2011 - 10:21 AM

Windows x86 Kernel...Windows x86 Online...Windows x86 Offline...Windows Intel Itanium... Windows x64

I'm sorry, I don't know which one to choose.
What is thy bidding? My Master?

#14 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 19 July 2011 - 10:48 AM

NM- you said 32 or 64 bit...so I picked the 64 bit options. game on
What is thy bidding? My Master?

#15 jaysnzees

jaysnzees
  • Topic Starter

  • Members
  • 310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Illinois
  • Local time:07:21 PM

Posted 19 July 2011 - 11:08 AM

Okay, I am trying to remove the only Java on my list which is Jave 6 Update 23...I get "Error 1719.The Windows Installer Service could not be accessed. This can occur ifyou are running Windows in safe mode [I am not] or if the Windows Installer is not correctly installed. [wtf?]

Contact Boopme for assistance. he he
What is thy bidding? My Master?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users