Hey People Recently On My Laptop Running Windows Vista (Oh The Joy ) Each And Every Time I Close My Internet Explorer, It Opens Up Several, Sometimes Topping 30 New Internet Explorer Windows, I Cant Stop It They Just Open And Open etc. When I Click Close Group It Starts The Process Again Resulting In Me Having To Restart My Whole Laptop Does Anyone Know Whats Causing This & How I Could Get Rid Of It ? Many Thanks
ROFL. Two ways to find out what you have, being as your antivirus software didn't pick it up. Running Norton (oh the joy) are we? lol. From the Downloads tab at the top of this page, look for Hijackthis. Or click this link from AD. http://www.afterdawn.com/software/desktop_software/desktop_security/hijackthis.cfm Unzip the folder and run. Do not fix anything with Hijack, just post the log it generates. Before posting, manually edit the text to remove serial numbers. The second way is to again, go to Downloads tab and get Trojan remover. This pay for app is a little beaut, run it and it will tell you what it thinks you have and then fix it. Perhaps hijack might be a little safer at this point. On a different note...you could change browsers...let's say too FireFox 3? Cheers.
Hey crazyaces Before we begin the cleanup process, it is important to do a little analysis first. We will analyze your computer with a tool called HijackThis. Please download the HijackThis zip file. Save it onto a convenient place in your computer, and then unzip the file. Rename HijackThis(.exe) to scanner(.exe). Next, run scanner(.exe). A window will pop up. • Click on the button which says Main Menu, then Do a system scan and save a logfile. • Please wait for the scan to be completed. • After the scan has completed, a text window will pop up. Please post the contents of this window here. This will also be located at hijackthis(.txt) in the same folder that HijackThis was originally saved. NOTE:: Do not fix anything using HijackThis, as this may also damage legitimate components of your computer. Best Regards
BTW, onya Even though Trojan Remover may have fixed your problem one time, it will not necessarily deal with every malware out there, as it is a TROJAN remover, not a worm, spyware, a virus remover. Also, in 2006, it only detected 9% of the samples in a test by AV-Comparatives. Not sure how much it has improved, but just letting you know its history. Cheers
Here Is The Hijackthis.txt file you said to post here... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:42:21, on 02/11/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Windows\vVX1000.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe C:\Users\Crazy Aces\Desktop\HiJackThis\Scanner.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.imdb.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://support.thetechguys.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [lxbkbmgr.exe] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.1.4.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: O2Micro Flash Memory (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- End of file - 8948 bytes Am I Doing It Right So Far? .
Hey crazyaces Let's try a scanner to see if we can detect any malicious programs. Please download Superantispyware Free and install it. Follow the prompts and reboot if required. Launch Superantispyware Free either by running C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.exe or right-click on the SuperAntispyware icon in your task bar (it looks like a bug) and click on Scan for Spyware, Adware, Malware... Configuring SuperAntispyware • Click on Preferences. • In the tab General and Startup, make sure the box Start SuperAntispyware when Windows starts is unchecked. This will prevent SuperAntispyware from starting everytime, because it may interfere with other fixes that may be run. • Navigate to the tab Scanning Control. • Make sure only these boxes are checked: Code: Close browsers before scanning Scan for tracking cookies Terminate memory threats before quarantining Scan Alternate Data Streams Use Kernel Direct File Access (recommended) Use Kernel Direct Registry Access (recommended) Use Direct Disk Access (recommended) • Click on Close. Updating SuperAntispyware • At the main window, click on Check for Updates.... • Wait for SuperAntispyware to be fully updated. Scanning Time • Boot into safe mode by repeatedly pressing the F8 key after you press the power button. If safe mode does not work, tell me and do the scan in normal mode. • Launch SuperAntispyware. • At the main window, click on Scan your Computer.... • Make sure all drives (excluding CD drives) are checked, select Perform Complete Scan, and then click on Next. • Wait for the scan to complete, and then click on Next>. This will quarantine and remove all detected items. • Reboot your computer. Post A Log • Launch SuperAntispyware • Click on Preferences • Navigate to the tab Statistics/Logs. • Choose the latest scan log, and the click on View Log.... • Copy and paste the contents of the log here in your next post. Best Regards
Ok did all of that and it said it located & removed 88 threats, heres the copy and paste from the Logbook... SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 11/03/2008 at 09:35 PM Application Version : 4.21.1004 Core Rules Database Version : 3621 Trace Rules Database Version: 1605 Scan type : Complete Scan Total Scan Time : 01:52:44 Memory items scanned : 375 Memory threats detected : 0 Registry items scanned : 6487 Registry threats detected : 0 File items scanned : 98939 File threats detected : 88 Adware.Tracking Cookie C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\crazy_aces@atdmt[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\crazy_aces@ad.yieldmanager[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\crazy_aces@doubleclick[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\crazy_aces@bs.serving-sys[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\crazy_aces@serving-sys[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\crazy_aces@tradedoubler[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@112.2o7[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@2o7[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@ad.associatedcontent[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@ad.yieldmanager[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adbrite[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adecn[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adlegend[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adopt.euroclick[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adrevolver[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@ads.fuzzster[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@ads.ovguide[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@ads.pointroll[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adserveuk[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adtech[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@advertising[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@adviva[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@apmebf[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@atdmt[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@atoc.112.2o7[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@bluestreak[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@bravenet[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@bs.serving-sys[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@casalemedia[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@chitika[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@clickbank[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@collective-media[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@data.coremetrics[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@doubleclick[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@ehg-futurepub.hitbox[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@fastclick[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@hitbox[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@imrworldwide[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@interclick[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@media-convert[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@media.adrevolver[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@media.adrevolver[3].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@media6degrees[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@mediaed[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@mediafire[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@mediaplex[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@metacafe.122.2o7[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@msnportal.112.2o7[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@ordie.adbureau[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@partypoker[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@phg.hitbox[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@questionmarket[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@realmedia[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@reduxads.valuead[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@revsci[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@rotator.adjuggler[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@sales.liveperson[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@sales.liveperson[3].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@serving-sys[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@specificclick[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@statse.webtrendslive[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@tacoda[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@timeoutcommunications.122.2o7[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@tradedoubler[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@tribalfusion[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@w12.media-convert[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@w16.media-convert[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@w5.media-convert[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@www.burstnet[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@www.clash-media[2].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@www.mediaed[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@www.usenext[1].txt C:\Users\Crazy Aces\AppData\Roaming\Microsoft\Windows\Cookies\Low\crazy_aces@zedo[2].txt .mediaplex.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] ad.yieldmanager.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] .doubleclick.net [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] statse.webtrendslive.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] anad.tacoda.net [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ] .ads.addynamix.com [ C:\Users\Crazy Aces\AppData\Roaming\Mozilla\Firefox\Profiles\e8e3liqw.default\cookies.txt ]
Hey crazyaces Now, please download ComboFix. With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it. Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection. • Run Combo-Fix.exe and follow the prompts. **Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later. • Wait for the scan to be completed. • If it requires a reboot, please do it. • After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt) Do not click on the ComoboFix window, as it may cause it to stall. After that, please download Advanced Windowscare Personal. Install it, update it, and then run a scan. Fix everything except Startup Manage. Reboot, and see if your problem is still there. Best Regards
