Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keep finding viruses


  • Please log in to reply
9 replies to this topic

#1 BabylonHoruv

BabylonHoruv

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 28 July 2014 - 12:06 PM

I am running Windows 8 on a laptop.  Periodically AVG will pop up that it has found a virus.  I have run the Malware Bytes scan and found a few things which I removed and an AVG scan but notifications keep popping up.  Any help cleaning my system would be appreciated.  



BC AdBot (Login to Remove)

 


m

#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 PM

Posted 28 July 2014 - 01:02 PM

Hi BabylonHoruv and :welcome:

To see what is it:

Open MalwareBytes Anti-Malware and then click on History.

On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.

Go to the bottom left corner to Export and select Text File (*.txt)

Save it to the desktop and paste the content here.

How To Create An AVG Scan Result Export

Also paste it here.

 

Thank you!



#3 BabylonHoruv

BabylonHoruv
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 28 July 2014 - 02:09 PM

AVG scan results.  THe viruses which AVG found were found in a popup, not by a scan

Spoiler


MalwareBytes Scan result

Spoiler
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 7/28/2014
Scan Time: 12:44:36 PM
Logfile: malwarelog.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.28.04
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: grrrmazing
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 285817
Time Elapsed: 17 min, 39 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
Trojan.Agent, HKU\S-1-5-21-144985651-1984365055-4106849212-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Winlogon, C:\Users\grrrmazing\AppData\Roaming\SubFolder\SubFolder\winlogon.exe, Quarantined, [3ca8eeb66318ec4a006155b6ef145ca4]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 1
Stolen.Data, C:\Users\grrrmazing\AppData\Roaming\Imminent\Logs, Quarantined, [ab39178dc7b4d2649cf2dafc3fc332ce], 
 
Files: 2
PUP.Optional.OpenCandy, C:\Users\grrrmazing\Downloads\DTLite4491-0356.exe, Quarantined, [7470a9fb83f8a393979b4c90758f07f9], 
Stolen.Data, C:\Users\grrrmazing\AppData\Roaming\Imminent\Logs\27-07-2014, Quarantined, [ab39178dc7b4d2649cf2dafc3fc332ce], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 PM

Posted 28 July 2014 - 03:14 PM

Sorry,because you said AVG scan.

Open the AVG program.

On the History menu, click Virus Vault.

May be it is here.Did AVG apply action?

 

Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish

Paste log file:

The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")

 

Please download Sophos Virus Removal Tool HERE and save it to your desktop.
* NOTE : It is a very large file so it may take some time to download.
* Be sure to read and follow the instructions on that same page for installing and performing a scan.
* If anything threats are detected, they will show in the Scan Results with an option to click a Details... button for more information.
* Click on the Start clean up button to allow removal of all threats found and reboot the computer when done.
* A log file should have been created...copy and paste the results in your next reply.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
-- Vista, Windows 7, 2008: C:\Program Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log

 

Thank you!



#5 BabylonHoruv

BabylonHoruv
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 28 July 2014 - 09:54 PM

ESET log

Spoiler


Sophos
Spoiler
2014-07-29 01:12:56.026 Sophos Virus Removal Tool version 2.5.2
2014-07-29 01:12:56.027 Copyright © 2009-2014 Sophos Limited. All rights reserved.
 
2014-07-29 01:12:56.027 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2014-07-29 01:12:56.027 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2014-07-29 01:12:56.028 Checking for updates...
2014-07-29 01:12:56.107 Update progress: proxy server not available
2014-07-29 01:13:19.370 Option all = no
2014-07-29 01:13:19.370 Option recurse = yes
2014-07-29 01:13:19.370 Option archive = no
2014-07-29 01:13:19.371 Option service = yes
2014-07-29 01:13:19.371 Option confirm = yes
2014-07-29 01:13:19.371 Option sxl = yes
2014-07-29 01:13:19.372 Option max-data-age = 35
2014-07-29 01:13:19.372 Option EnableSafeClean = yes
2014-07-29 01:13:21.732 Component SVRTcli.exe version 2.5
2014-07-29 01:13:21.732 Component control.dll version 2.5
2014-07-29 01:13:21.733 Component SVRTservice.exe version 2.5
2014-07-29 01:13:21.734 Component engine\osdp.dll version 1.44.1.2162
2014-07-29 01:13:21.734 Component engine\veex.dll version 3.53.2.2162
2014-07-29 01:13:21.735 Component engine\savi.dll version 8.1.2.2162
2014-07-29 01:13:21.736 Component rkdisk.dll version 1.5.30.0
2014-07-29 01:13:21.736 Version info: Product version 2.5
2014-07-29 01:13:21.739 Version info: Detection engine 3.53.2
2014-07-29 01:13:21.740 Version info: Detection data 5.02
2014-07-29 01:13:21.740 Version info: Build date 6/19/2014
2014-07-29 01:13:21.740 Version info: Data files added 573
2014-07-29 01:13:21.740 Version info: Last successful update (not yet updated)
2014-07-29 01:13:30.012 Downloading updates...
2014-07-29 01:13:30.013 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 
2014-07-29 01:13:30.013 Update progress: [I49502] Found supplement SAVIW32 LATEST 
2014-07-29 01:13:30.013 Update progress: [I49502] Found supplement IDE503 LATEST 
2014-07-29 01:13:30.013 Update progress: [I49502] Found supplement IDE504 LATEST 
2014-07-29 01:13:30.014 Update progress: [I49502] Found supplement IDE505 LATEST 
2014-07-29 01:13:30.014 Update progress: [I49502] Found supplement IDE506 LATEST 
2014-07-29 01:13:30.014 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2014-07-29 01:13:30.014 Update progress: [I19463] Syncing product SAVIW32 41
2014-07-29 01:13:33.188 Update progress: [I19463] Syncing product IDE503 184
2014-07-29 01:13:35.262 Installing updates...
2014-07-29 01:13:36.036 Update progress: [I19463] Syncing product IDE504 178
2014-07-29 01:13:36.036 Update progress: [I19463] Syncing product IDE505 175
2014-07-29 01:13:36.036 Update progress: [I19463] Syncing product IDE506 45
2014-07-29 01:13:49.978 Update successful
2014-07-29 01:14:02.011 Option all = no
2014-07-29 01:14:02.011 Option recurse = yes
2014-07-29 01:14:02.011 Option archive = no
2014-07-29 01:14:02.011 Option service = yes
2014-07-29 01:14:02.011 Option confirm = yes
2014-07-29 01:14:02.011 Option sxl = yes
2014-07-29 01:14:02.014 Option max-data-age = 35
2014-07-29 01:14:02.014 Option EnableSafeClean = yes
2014-07-29 01:14:02.345 Component SVRTcli.exe version 2.5
2014-07-29 01:14:02.345 Component control.dll version 2.5
2014-07-29 01:14:02.345 Component SVRTservice.exe version 2.5
2014-07-29 01:14:02.345 Component engine\osdp.dll version 1.44.1.2162
2014-07-29 01:14:02.346 Component engine\veex.dll version 3.53.2.2162
2014-07-29 01:14:02.346 Component engine\savi.dll version 8.1.2.2162
2014-07-29 01:14:02.346 Component rkdisk.dll version 1.5.30.0
2014-07-29 01:14:02.346 Version info: Product version 2.5
2014-07-29 01:14:02.347 Version info: Detection engine 3.53.2
2014-07-29 01:14:02.348 Version info: Detection data 5.02G
2014-07-29 01:14:02.348 Version info: Build date 6/19/2014
2014-07-29 01:14:02.348 Version info: Data files added 573
2014-07-29 01:14:02.348 Version info: Last successful update 7/28/2014 9:13:49 PM
 
2014-07-29 01:35:25.847 Could not open C:\hiberfil.sys
2014-07-29 01:35:25.956 Could not open C:\pagefile.sys
2014-07-29 02:03:16.407 Could not open C:\swapfile.sys
2014-07-29 02:03:16.989 Could not open C:\System Volume Information\{1ddbcc8d-1099-11e4-beb9-1c3e84adb322}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-29 02:03:16.990 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-29 02:03:16.992 Could not open C:\System Volume Information\{502771af-0b15-11e4-beb6-1c3e84adb322}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-29 02:03:16.993 Could not open C:\System Volume Information\{561df431-12da-11e4-bebb-1c3e84adb322}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-29 02:03:16.994 Could not open C:\System Volume Information\{b48be710-13f5-11e4-bebd-1c3e84adb322}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-29 02:03:16.996 Could not open C:\System Volume Information\{f2743a01-0ca1-11e4-beb8-1c3e84adb322}{3808876b-c176-4e48-b7ae-04046e6cc752}
2014-07-29 02:04:22.507 Could not open C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Current Session
2014-07-29 02:04:22.508 Could not open C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
2014-07-29 02:04:22.760 Could not check C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2014-07-29 02:04:22.797 Could not check C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2014-07-29 02:04:25.039 Could not check C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOCK (virus scan failed)
2014-07-29 02:04:26.168 Could not check C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2014-07-29 02:04:37.320 Could not check C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2014-07-29 02:10:47.666 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.666 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.667 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.667 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.667 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.667 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.667 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.668 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.668 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:10:47.668 >>> Virus 'Mal/Generic-S' found in file C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe
2014-07-29 02:45:15.731 The following items will be cleaned up:
2014-07-29 02:45:15.731 Mal/Generic-S
2014-07-29 02:47:44.887 Threat 'Mal/Generic-S' has been cleaned up.
2014-07-29 02:47:44.898 File "C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe" belongs to malware 'Mal/Generic-S'.
2014-07-29 02:47:44.898 File "C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\mc4dr15.exe" has been cleaned up.
2014-07-29 02:47:44.898 Removal successful
2014-07-29 02:47:45.045 Contents of SafeClean bin directory:
2014-07-29 02:47:45.062 {
2014-07-29 02:47:45.062    RecordID   : "0000000000000001",
2014-07-29 02:47:45.062    ItemType   : "1",
2014-07-29 02:47:45.062    Location   : "C:\Users\grrrmazing\Downloads\Cinema 4D R15\Keygen\",
2014-07-29 02:47:45.062    FileName   : "mc4dr15.exe",
2014-07-29 02:47:45.062    ThreatName : "Mal/Generic-S",
2014-07-29 02:47:45.062    Checksum   : "ff9732d8e469ee69e37222cf529d15eb6278125080d9b1672146a495ca0c1212",
2014-07-29 02:47:45.062    TimeStamp  : "Mon Jul 28 22:47:36 2014"
2014-07-29 02:47:45.062 }


And the AVG vault contains quite a few viruses, I didn't see any way to copy and paste the names of what is in there.


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 PM

Posted 29 July 2014 - 07:53 AM

Ok.Do a full scan with AVG and paste the log.Virus Vault may be as screenshot to post.

 

Thank you!



#7 BabylonHoruv

BabylonHoruv
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 29 July 2014 - 02:00 PM

AVG scan log, nothing found

 

Spoiler
 


#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 PM

Posted 30 July 2014 - 12:26 PM

Hi BabylonHoruv!

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Download HitmanPro x32 or x64 from onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!



#9 BabylonHoruv

BabylonHoruv
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:57 PM

Posted 31 July 2014 - 06:03 PM

screen 317

 

Spoiler
 
mini toolbox
Spoiler
 
hitmanpro
 
 

HitmanPro 3.7.9.221
www.hitmanpro.com
 
   Computer name . . . . : GIR
   Windows . . . . . . . : 6.2.0.9200.X64/2
   User name . . . . . . : gir\grrrmazing
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2014-07-31 18:39:57
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 57s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 97
 
   Objects scanned . . . : 1,582,720
   Files scanned . . . . : 70,251
   Remnants scanned  . . : 486,970 files / 1,025,499 keys
 
Suspicious files ____________________________________________________________
 
   C:\Users\grrrmazing\Downloads\FRST64.exe
      Size . . . . . . . : 2,082,816 bytes
      Age  . . . . . . . : 36.0 days (2014-06-25 18:25:32)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 38E98591B43399431CF250986E616730F342BE74F82C4B5E872F2B67A4D17290
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      References
         C:\Users\grrrmazing\Desktop\FRST64 - Shortcut.lnk
 
   C:\Users\grrrmazing\Downloads\MiniToolBox.exe
      Size . . . . . . . : 401,920 bytes
      Age  . . . . . . . : 0.0 days (2014-07-31 18:35:42)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 55ADA329F40AC0E0F13EC464E56D09C12078ADEF021A934F059BCD3E962EC46E
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\grrrmazing\Downloads\SecurityCheck.exe
      Size . . . . . . . : 854,390 bytes
      Age  . . . . . . . : 0.0 days (2014-07-31 18:34:02)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : 60DDD4804C98003AD6FACA0BC95B6B8F8EC994D4AFC8A05EB07D8CD9845E1EF6
      Running processes  : 200
      Fuzzy  . . . . . . : 22.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is running but currently exposes no human-computer interface (GUI).
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is in use by one or more active processes.
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Wow6432Node\Conduit\ (Conduit)
   HKU\S-1-5-21-144985651-1984365055-4106849212-1001\Software\Conduit\ (Conduit)
 
Cookies _____________________________________________________________________
 
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:a1.interclick.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.afy11.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.auditude.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.adsrvmedia.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bridgetrack.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.clrsrv.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.flingo.tv
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.gamersmedia.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mediade.sk
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pointroll.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.stickyadstv.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.undertone.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:atlanticmedia.122.2o7.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:chitika.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:gntbcstglobal.112.2o7.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleads.g.doubleclick.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:googleadservices.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:leeenterprises.112.2o7.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:network.realmedia.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:oracle.112.2o7.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:pd0.imp.revsci.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:pointroll.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubads.g.doubleclick.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:stats.paypal.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:survey.g.doubleclick.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.net
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:ww251.smartadserver.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\grrrmazing\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\40EMBIO1.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\4617CLME.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\65JRP130.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\7MLCEGM6.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\7X2B1HIE.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\82U1PXYP.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\C9BQK0EA.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\DXGREEOT.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\E3PZ63S7.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\E6TWQ5Q1.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\G3YB2D3R.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\H3TVKEA9.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\HWY6DZ95.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\L4H9FNYH.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\NPUKNVDC.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\OK8U2092.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\RPO282PD.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\VUKEPNBX.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\YWGUQGZL.txt
   C:\Users\grrrmazing\AppData\Roaming\Microsoft\Windows\Cookies\ZDB9R2EZ.txt
 
 
 


#10 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 PM

Posted 01 August 2014 - 03:29 AM

Ok you can delete Minitoolbox,Security chack and FRST manually and apply action fot PUP Conduit and Cookies click Next.

So does this pop up appear again and again.

 

Thank you!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users