Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

iexplore.exe starts in background and consumes 900mb+


  • This topic is locked This topic is locked
18 replies to this topic

#1 b.groves

b.groves

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 June 2014 - 08:48 AM

I have a W7 pc with 8gb RAM, TrendMicro WFS Standard AV.  The pc was infected with something.  I have cleaned the pc with:

1. Malwarebytes ( knocked out the infection and did the bulk of the work)

 

Since that point I have used the tools below to try and fix the run away iexplorer.exe issue.  iexplore.exe will start up one or two copies of itself .  There will not be any evidence that it is running because there is no UI present, you only see this in Task Manager.  Each of the iexplore.exe instances grow and grow consuming memory.  The largest I have seen is 1.3gb.  Thinking there is still an infection, I have used:

2. Kaspersky Rescue Disk (1 item found)

3. SuperAntiSpyware ( mostly tracking cookies found)

4. Microsoft Removal Tool (0 found)

5. Malwarebytes Root Kit Cleaner Beta (o found)

6. System Restore to a date prior to original infection

 

I still have the problem and would appreciate some suggestions from the group here.

 

Thanks,

b.groves

 



BC AdBot (Login to Remove)

 


#2 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 June 2014 - 08:50 AM

Note:  Subsequent runs of Malwarebytes found 0 issues.

Thanks,

Brian



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:47 AM

Posted 10 June 2014 - 08:59 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi


cXfZ4wS.png


#4 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 10 June 2014 - 08:56 PM

FRST64.exe ran.  The logs are attached.

Attached Files


Edited by b.groves, 10 June 2014 - 08:59 PM.


#5 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 11 June 2014 - 09:59 AM

I installed Google Chrome.  Set it as default browser.  End Task on both instances of iexplore.exe that were running.  iexplore.exe does not reappear automatically.  Hope this helps narrow things down.  Thanks, b.groves



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:47 AM

Posted 11 June 2014 - 12:16 PM

Hello,

 

I don't see any evidence of an active infection in the logs. Did you run the scan from the affected user account?

Also do you recognize these folders? What is their content?

 

 

C:\Users\reception\AppData\Roaming\Mahumur
C:\Users\reception\AppData\Local\tcfbxftl

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:47 AM

Posted 14 June 2014 - 04:13 PM

Hi,

 

Are you still there?

 

 

Regards,

Georgi


cXfZ4wS.png


#8 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 15 June 2014 - 12:47 PM

C:\Users\reception\AppData\Roaming\Mahumur - this was a folder where the virus lived before the Malwarebytes cleaned it.  It is empty now.
C:\Users\reception\AppData\Local\tcfbxftl - Literally contained Chines writing symbols.  I deleted it.  

 

I believe that making Chrome the default browser is a work around for my issue because I have not see the issue again.

If you do not see any remaining infection we can mark this resolved.

Thank you very much for your assistance.

b.groves



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:47 AM

Posted 16 June 2014 - 04:39 PM

Hello,

 

I don't believe that setting the Chrome as default browser resolved the issue. There are a few well known infections (like Medfos, Tracur and Rootkit.Boot.Cidox.B) which are responsible for the multiple iexplorer.exe processes running in the background so I guess that you removed the active components of the trojan and the folders mentioned above are only remnants.

 

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - click here
  • This is the mirror - click here
  • For 64-bit Operating System - click here
  • This is the mirror - click here

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 5

 

 

I'd like us to scan your machine with ESET OnlineScan

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png

 

 

 

STEP 6

 

And finally let's check for outdated and vulnerable software on your pc.

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#10 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 June 2014 - 07:49 AM

I put the box back in service and wanted to see what happened.  There was an email account issue that looked like a hack and there was 1 blue screen overnight.  I agree that there may still be an infection.  Starting you second inoculation list now.  Thx, B.groves



#11 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 June 2014 - 07:56 AM

Rkill Log---
Rkill 2.6.6 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 06/19/2014 08:52:01 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * C:\Windows\csasvc.exe (PID: 1736) [WD-HEUR]
 * C:\Windows\csifcsvc.exe (PID: 1788) [WD-HEUR]
 * C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PID: 3316) [WD-HEUR]
 
3 proccesses terminated!
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 06/19/2014 08:52:20 AM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)


#12 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 June 2014 - 08:09 AM

RougeKiller Log
I know what these are.  User specific apps.
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CSAPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FCPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CSAPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FCPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CSAPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FCPrintService -> FOUND
 
Thx, b.groves
---
 
RogueKiller V9.0.3.0 (x64) [Jun 17 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Reception [Admin rights]
Mode : Scan -- Date : 06/19/2014  09:01:52
 
¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess] coreServiceShell.exe -- [x] -> KILLED [TermProc]
 
¤¤¤ Registry Entries : 18 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CSAPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FCPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CSAPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FCPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CSAPrintService -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FCPrintService -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 166.102.165.13 207.91.5.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 166.102.165.13 207.91.5.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.3 68.94.156.1 68.94.157.1  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{BE276F2E-ECAC-44AD-A84A-5380C992A78E} | DhcpNameServer : 166.102.165.13 207.91.5.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{BE276F2E-ECAC-44AD-A84A-5380C992A78E} | DhcpNameServer : 166.102.165.13 207.91.5.20  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{BE276F2E-ECAC-44AD-A84A-5380C992A78E} | DhcpNameServer : 192.168.1.3 68.94.156.1 68.94.157.1  -> FOUND
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3589203007-2329141725-1520025617-1157\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3589203007-2329141725-1520025617-1157\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ HOSTS File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA DT01ACA200 +++++
--- User ---
[MBR] e7f270b9cbfc9659bff893a918b56034
[BSP] df90eb1471cb62e625a9bfee7c1661b5 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 417690 | Size: 1907524 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


#13 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 June 2014 - 11:56 AM

HitMan Pro log

I manually deleted or altered the two registry entries that were identified as Hijacks using regedit.

--------

HitmanPro 3.7.9.216
www.hitmanpro.com
 
   Computer name . . . . : B358-FRONT
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : DAVIS-LOCAL\Reception
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-06-19 12:23:53
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 1s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 37
 
   Objects scanned . . . : 2,158,456
   Files scanned . . . . : 150,540
   Remnants scanned  . . : 916,163 files / 1,091,753 keys
 
Malware remnants ____________________________________________________________
 
   HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\Start Page (Hijacker)
   HKU\S-1-5-21-2100818865-2655177468-690674759-1003\Software\Microsoft\Internet Explorer\MAIN\Start Page (Hijacker)
 
Potential Unwanted Programs _________________________________________________
 
   ask.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Web Data
 
 
Cookies _____________________________________________________________________
 
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.afy11.net
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserve.postrelease.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:dmtracker.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\reception\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
 
 


#14 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 June 2014 - 03:58 PM

Eset Online scanner did not find anything so there was no log file to save that I could see.



#15 b.groves

b.groves
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:09:47 PM

Posted 19 June 2014 - 04:03 PM

 Security Check results.
 
Results of screen317's Security Check version 0.99.85  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Trend Micro Security Agent   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Reader 10.0.1 Adobe Reader out of Date!  
 Google Chrome 35.0.1916.153  
````````Process Check: objlist.exe by Laurent````````  
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro Security Agent tmlisten.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users