Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SysWow64 trojan


  • This topic is locked This topic is locked
8 replies to this topic

#1 fetrowa

fetrowa

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 10 September 2014 - 11:13 PM

I have tried to run Malwarebites and Superanitvirus tools to remove this continuous pop up and also removed Yahoo from my C drive program folder but cannot get the problem resolved.  Any suggestions?

 



BC AdBot (Login to Remove)

 


#2 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:01:03 PM

Posted 11 September 2014 - 01:56 PM

Hello and :welcome:
My name is Sandra and I will help you with your problem.

  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If you get in trouble or do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run Scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please post all logfiles as a reply instead of attaching them unless I asked you for do so. If the files are too big then use more posts, thanks
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply in within 48 hours, feel free to send me a PM

 

 

Step 1

Please post the logs of Malwarebytes and Superantivirus

 

 

Step 2

Scan with FRST
Please download Farbar Recovery Scan Tool  and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

 

 

 


regards,

 

Sandra


#3 fetrowa

fetrowa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 11 September 2014 - 07:53 PM

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/11/2014 at 01:30 AM

Application Version : 6.0.1130
Database Version : 11490

Scan type       : Complete Scan
Total Scan Time : 02:09:36

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned      : 677
Memory threats detected   : 0
Registry items scanned    : 49470
Registry threats detected : 0
File items scanned        : 14914
File threats detected     : 130

Adware.Tracking Cookie
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\L2HGLD1H.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\L2HGLD1H.txt [ /ads.adpointe.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\RRXPIUD5.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\RRXPIUD5.txt [ /fastclick.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Q2O66MH4.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Q2O66MH4.txt [ /auto.clickdirects.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\7H8P3EDT.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\7H8P3EDT.txt [ /myroitracking.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\3A9BSCZW.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\3A9BSCZW.txt [ /t.pointroll.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\OK3GIZ1K.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\OK3GIZ1K.txt [ /track.adform.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\87LNTPEG.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\87LNTPEG.txt [ /www.visit-tracker.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\YMLLZ1R7.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\YMLLZ1R7.txt [ /11164957-458496.id.clickprotects.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\C2DBJI7B.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\C2DBJI7B.txt [ /ads.cpserve.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\W9MISSFB.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\W9MISSFB.txt [ /doubleclick.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TG7252M7.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TG7252M7.txt [ /ad.360yield.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\MGK2I3NU.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\MGK2I3NU.txt [ /agrbanner.info ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Y1V2A76O.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Y1V2A76O.txt [ /atwola.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\RI82QGHN.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\RI82QGHN.txt [ /revsci.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\UJAEOFFT.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\UJAEOFFT.txt [ /ru4.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Y0L5VW3N.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Y0L5VW3N.txt [ /clickdirects.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TF2FKH2C.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TF2FKH2C.txt [ /smartadserver.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\AGB3517Q.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\AGB3517Q.txt [ /burstnet.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\F7IWYJAZ.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\F7IWYJAZ.txt [ /specificclick.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\R45C1OH2.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\R45C1OH2.txt [ /advertising.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\OKM48XRQ.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\OKM48XRQ.txt [ /pro-market.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\0XE0V729.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\0XE0V729.txt [ /mediaplex.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\ESE31EQX.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\ESE31EQX.txt [ /www.track-visits.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\H3BQN12F.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\H3BQN12F.txt [ /ads.pointroll.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\MC3KWXIP.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\MC3KWXIP.txt [ /ads.pgoamedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\0VMKYBMB.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\0VMKYBMB.txt [ /imrworldwide.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\8PQZ52C8.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\8PQZ52C8.txt [ /adtech.de ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\UNLY7VSD.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\UNLY7VSD.txt [ /uam.rotator.hadj7.adjuggler.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\44M55NMN.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\44M55NMN.txt [ /serving-sys.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9KPLUBCI.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9KPLUBCI.txt [ /eyeviewads.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\7I8ITYGA.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\7I8ITYGA.txt [ /realmedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\L098YO8D.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\L098YO8D.txt [ /ads.yahoo.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\R14ETD21.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\R14ETD21.txt [ /atdmt.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\36B33L0C.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\36B33L0C.txt [ /ads.pubmatic.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\R29D8FGF.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\R29D8FGF.txt [ /tracking.hostgator.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\OZX7GSI1.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\OZX7GSI1.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\2QY8PBJ1.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\2QY8PBJ1.txt [ /pointroll.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\P7W901XU.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\P7W901XU.txt [ /tribalfusion.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\PMEC3NU4.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\PMEC3NU4.txt [ /histats.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CQ13V00T.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CQ13V00T.txt [ /adtechus.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\YHH3WVKO.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\YHH3WVKO.txt [ /ad.mlnadvertising.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9D60WUTY.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9D60WUTY.txt [ /clicksor.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\6KWK8S64.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\6KWK8S64.txt [ /casalemedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\UVORT0G5.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\UVORT0G5.txt [ /adconductor.rotator.hadj7.adjuggler.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\1C8VIX47.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\1C8VIX47.txt [ /c1.adform.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\E410BHF3.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\E410BHF3.txt [ /clickshieldfilter.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\J0K52YR6.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\J0K52YR6.txt [ /in.getclicky.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\KKM2QGYI.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\KKM2QGYI.txt [ /adform.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\824J9PAH.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\824J9PAH.txt [ /server.cpmstar.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CSIYDEL9.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CSIYDEL9.txt [ /interclick.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\AKTJA63Y.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\AKTJA63Y.txt [ /adjuggler.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\PQZRNWHX.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\PQZRNWHX.txt [ /exoclick.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\ZHROS3SO.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\ZHROS3SO.txt [ /network.realmedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\YZJO52JA.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\YZJO52JA.txt [ /c.clickprotects.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\6ZGFUJAQ.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\6ZGFUJAQ.txt [ /www.burstnet.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\SHY1NAK2.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\SHY1NAK2.txt [ /at.atwola.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\01YZBU1I.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\01YZBU1I.txt [ /zedo.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\G2GMRP0D.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\G2GMRP0D.txt [ /clickprotects.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\FS60RX4X.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\FS60RX4X.txt [ /clickbank.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TI8FTRGY.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TI8FTRGY.txt [ /11163556-189244.c.adprotect.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\KWXUKXNS.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\KWXUKXNS.txt [ /www.universal-traffic.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\KTMT6OXN.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\KTMT6OXN.txt [ /statcounter.com ]
 C:\USERS\FETROWA\AppData\Roaming\Microsoft\Windows\Cookies\G68JSTDM.txtC:\USERS\FETROWA\AppData\Roaming\Microsoft\Windows\Cookies\G68JSTDM.txt [ Cookie:fetrowa@trc.taboola.com/trafficengine-familypet101/ ]
 C:\USERS\FETROWA\Cookies\RRXPIUD5.txtC:\USERS\FETROWA\Cookies\RRXPIUD5.txt [ Cookie:fetrowa@fastclick.net/ ]
 C:\USERS\FETROWA\Cookies\3A9BSCZW.txtC:\USERS\FETROWA\Cookies\3A9BSCZW.txt [ Cookie:fetrowa@t.pointroll.com/ ]
 C:\USERS\FETROWA\Cookies\OK3GIZ1K.txtC:\USERS\FETROWA\Cookies\OK3GIZ1K.txt [ Cookie:fetrowa@track.adform.net/ ]
 C:\USERS\FETROWA\Cookies\87LNTPEG.txtC:\USERS\FETROWA\Cookies\87LNTPEG.txt [ Cookie:fetrowa@www.visit-tracker.com/ ]
 C:\USERS\FETROWA\Cookies\W9MISSFB.txtC:\USERS\FETROWA\Cookies\W9MISSFB.txt [ Cookie:fetrowa@doubleclick.net/ ]
 C:\USERS\FETROWA\Cookies\MGK2I3NU.txtC:\USERS\FETROWA\Cookies\MGK2I3NU.txt [ Cookie:fetrowa@agrbanner.info/ ]
 C:\USERS\FETROWA\Cookies\Y0L5VW3N.txtC:\USERS\FETROWA\Cookies\Y0L5VW3N.txt [ Cookie:fetrowa@clickdirects.com/ ]
 C:\USERS\FETROWA\Cookies\TF2FKH2C.txtC:\USERS\FETROWA\Cookies\TF2FKH2C.txt [ Cookie:fetrowa@smartadserver.com/ ]
 C:\USERS\FETROWA\Cookies\AGB3517Q.txtC:\USERS\FETROWA\Cookies\AGB3517Q.txt [ Cookie:fetrowa@burstnet.com/ ]
 C:\USERS\FETROWA\Cookies\F7IWYJAZ.txtC:\USERS\FETROWA\Cookies\F7IWYJAZ.txt [ Cookie:fetrowa@specificclick.net/ ]
 C:\USERS\FETROWA\Cookies\R45C1OH2.txtC:\USERS\FETROWA\Cookies\R45C1OH2.txt [ Cookie:fetrowa@advertising.com/ ]
 C:\USERS\FETROWA\Cookies\OKM48XRQ.txtC:\USERS\FETROWA\Cookies\OKM48XRQ.txt [ Cookie:fetrowa@pro-market.net/ ]
 C:\USERS\FETROWA\Cookies\0XE0V729.txtC:\USERS\FETROWA\Cookies\0XE0V729.txt [ Cookie:fetrowa@mediaplex.com/ ]
 C:\USERS\FETROWA\Cookies\ESE31EQX.txtC:\USERS\FETROWA\Cookies\ESE31EQX.txt [ Cookie:fetrowa@www.track-visits.com/ ]
 C:\USERS\FETROWA\Cookies\H3BQN12F.txtC:\USERS\FETROWA\Cookies\H3BQN12F.txt [ Cookie:fetrowa@ads.pointroll.com/ ]
 C:\USERS\FETROWA\Cookies\0VMKYBMB.txtC:\USERS\FETROWA\Cookies\0VMKYBMB.txt [ Cookie:fetrowa@imrworldwide.com/ ]
 C:\USERS\FETROWA\Cookies\8PQZ52C8.txtC:\USERS\FETROWA\Cookies\8PQZ52C8.txt [ Cookie:fetrowa@adtech.de/ ]
 C:\USERS\FETROWA\Cookies\UNLY7VSD.txtC:\USERS\FETROWA\Cookies\UNLY7VSD.txt [ Cookie:fetrowa@uam.rotator.hadj7.adjuggler.net/ ]
 C:\USERS\FETROWA\Cookies\44M55NMN.txtC:\USERS\FETROWA\Cookies\44M55NMN.txt [ Cookie:fetrowa@serving-sys.com/ ]
 C:\USERS\FETROWA\Cookies\7I8ITYGA.txtC:\USERS\FETROWA\Cookies\7I8ITYGA.txt [ Cookie:fetrowa@realmedia.com/ ]
 C:\USERS\FETROWA\Cookies\R29D8FGF.txtC:\USERS\FETROWA\Cookies\R29D8FGF.txt [ Cookie:fetrowa@tracking.hostgator.com/ ]
 C:\USERS\FETROWA\Cookies\PMEC3NU4.txtC:\USERS\FETROWA\Cookies\PMEC3NU4.txt [ Cookie:fetrowa@histats.com/ ]
 C:\USERS\FETROWA\Cookies\CQ13V00T.txtC:\USERS\FETROWA\Cookies\CQ13V00T.txt [ Cookie:fetrowa@adtechus.com/ ]
 C:\USERS\FETROWA\Cookies\YHH3WVKO.txtC:\USERS\FETROWA\Cookies\YHH3WVKO.txt [ Cookie:fetrowa@ad.mlnadvertising.com/ ]
 C:\USERS\FETROWA\Cookies\UVORT0G5.txtC:\USERS\FETROWA\Cookies\UVORT0G5.txt [ Cookie:fetrowa@adconductor.rotator.hadj7.adjuggler.net/ ]
 C:\USERS\FETROWA\Cookies\1C8VIX47.txtC:\USERS\FETROWA\Cookies\1C8VIX47.txt [ Cookie:fetrowa@c1.adform.net/ ]
 C:\USERS\FETROWA\Cookies\J0K52YR6.txtC:\USERS\FETROWA\Cookies\J0K52YR6.txt [ Cookie:fetrowa@in.getclicky.com/ ]
 C:\USERS\FETROWA\Cookies\CSIYDEL9.txtC:\USERS\FETROWA\Cookies\CSIYDEL9.txt [ Cookie:fetrowa@interclick.com/ ]
 C:\USERS\FETROWA\Cookies\AKTJA63Y.txtC:\USERS\FETROWA\Cookies\AKTJA63Y.txt [ Cookie:fetrowa@adjuggler.net/ ]
 C:\USERS\FETROWA\Cookies\PQZRNWHX.txtC:\USERS\FETROWA\Cookies\PQZRNWHX.txt [ Cookie:fetrowa@exoclick.com/ ]
 C:\USERS\FETROWA\Cookies\ZHROS3SO.txtC:\USERS\FETROWA\Cookies\ZHROS3SO.txt [ Cookie:fetrowa@network.realmedia.com/ ]
 C:\USERS\FETROWA\Cookies\YZJO52JA.txtC:\USERS\FETROWA\Cookies\YZJO52JA.txt [ Cookie:fetrowa@c.clickprotects.com/ ]
 C:\USERS\FETROWA\Cookies\SHY1NAK2.txtC:\USERS\FETROWA\Cookies\SHY1NAK2.txt [ Cookie:fetrowa@at.atwola.com/ ]
 C:\USERS\FETROWA\Cookies\G2GMRP0D.txtC:\USERS\FETROWA\Cookies\G2GMRP0D.txt [ Cookie:fetrowa@clickprotects.com/ ]
 C:\USERS\FETROWA\Cookies\TI8FTRGY.txtC:\USERS\FETROWA\Cookies\TI8FTRGY.txt [ Cookie:fetrowa@11163556-189244.c.adprotect.net/ ]
 C:\USERS\FETROWA\Cookies\G68JSTDM.txtC:\USERS\FETROWA\Cookies\G68JSTDM.txt [ Cookie:fetrowa@trc.taboola.com/trafficengine-familypet101/ ]
 C:\USERS\FETROWA\Cookies\KWXUKXNS.txtC:\USERS\FETROWA\Cookies\KWXUKXNS.txt [ Cookie:fetrowa@www.universal-traffic.com/ ]
 C:\USERS\FETROWA\Cookies\KTMT6OXN.txtC:\USERS\FETROWA\Cookies\KTMT6OXN.txt [ Cookie:fetrowa@statcounter.com/ ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\QPSD7A7K.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\QPSD7A7K.txt [ /fastclick.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\ST51UZV2.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\ST51UZV2.txt [ /t.pointroll.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\85IMW12V.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\85IMW12V.txt [ /revsci.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9GD8Q21E.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9GD8Q21E.txt [ /ru4.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CMX75ZSS.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CMX75ZSS.txt [ /247realmedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\0POD3RZO.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\0POD3RZO.txt [ /ads.pointroll.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\JMGLPJJR.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\JMGLPJJR.txt [ /serving-sys.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\G1WIRR2Z.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\G1WIRR2Z.txt [ /realmedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\7WIJOW0Z.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\7WIJOW0Z.txt [ /ads.yahoo.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TRSSNF6X.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\TRSSNF6X.txt [ /ads.pubmatic.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\SZ4SVNGN.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\SZ4SVNGN.txt [ /pointroll.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\I4MU1436.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\I4MU1436.txt [ /casalemedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\GKT05GKI.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\GKT05GKI.txt [ /click.api.deximedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\46XY5LW4.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\46XY5LW4.txt [ /c1.adform.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CH0BZI1Q.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\CH0BZI1Q.txt [ /adform.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Q3U1AON2.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\Q3U1AON2.txt [ /traffiqexchange.rotator.hadj7.adjuggler.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\HKC8HYP1.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\HKC8HYP1.txt [ /adjuggler.net ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\BT2CIZMI.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\BT2CIZMI.txt [ /network.realmedia.com ]
 C:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9ZVP1T3Q.txtC:\Users\fetrowa\AppData\Roaming\Microsoft\Windows\Cookies\9ZVP1T3Q.txt [ /www.burstnet.com ]
 C:\USERS\FETROWA\Cookies\QPSD7A7K.txtC:\USERS\FETROWA\Cookies\QPSD7A7K.txt [ Cookie:fetrowa@fastclick.net/ ]
 C:\USERS\FETROWA\Cookies\ST51UZV2.txtC:\USERS\FETROWA\Cookies\ST51UZV2.txt [ Cookie:fetrowa@t.pointroll.com/ ]
 C:\USERS\FETROWA\Cookies\CMX75ZSS.txtC:\USERS\FETROWA\Cookies\CMX75ZSS.txt [ Cookie:fetrowa@247realmedia.com/ ]
 C:\USERS\FETROWA\Cookies\0POD3RZO.txtC:\USERS\FETROWA\Cookies\0POD3RZO.txt [ Cookie:fetrowa@ads.pointroll.com/ ]
 C:\USERS\FETROWA\Cookies\JMGLPJJR.txtC:\USERS\FETROWA\Cookies\JMGLPJJR.txt [ Cookie:fetrowa@serving-sys.com/ ]
 C:\USERS\FETROWA\Cookies\G1WIRR2Z.txtC:\USERS\FETROWA\Cookies\G1WIRR2Z.txt [ Cookie:fetrowa@realmedia.com/ ]
 C:\USERS\FETROWA\Cookies\46XY5LW4.txtC:\USERS\FETROWA\Cookies\46XY5LW4.txt [ Cookie:fetrowa@c1.adform.net/ ]
 C:\USERS\FETROWA\Cookies\Q3U1AON2.txtC:\USERS\FETROWA\Cookies\Q3U1AON2.txt [ Cookie:fetrowa@traffiqexchange.rotator.hadj7.adjuggler.net/ ]
 C:\USERS\FETROWA\Cookies\HKC8HYP1.txtC:\USERS\FETROWA\Cookies\HKC8HYP1.txt [ Cookie:fetrowa@adjuggler.net/ ]
 C:\USERS\FETROWA\Cookies\BT2CIZMI.txtC:\USERS\FETROWA\Cookies\BT2CIZMI.txt [ Cookie:fetrowa@network.realmedia.com/ ]

============
 End of Log



#4 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:01:03 PM

Posted 12 September 2014 - 06:20 PM

Hello,

 

please also post the Log of Malwarebytes and perform a scan with FRST as adviced under Step 2 in my previous post, thank you. :)


regards,

 

Sandra


#5 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:01:03 PM

Posted 15 September 2014 - 06:44 PM

Hello,

are you still with me?

Please notice:
If you do not reply within the next 48 hours, I assume that you do not need my help anymore and this topic will be closed.


regards,

 

Sandra


#6 fetrowa

fetrowa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 15 September 2014 - 06:47 PM

I am still here - I cannot get the Malware bites log to copy into this forum.  I have unsuccessfully tried to download that FRST

 



#7 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:01:03 PM

Posted 16 September 2014 - 05:24 PM

Hello,

 

thank you for your response.

 

What did not work with download of FRST, do you have 32 or 64 bit?

Please try these downloadlinks:

 

For 32 bit: FRST.exe

For 64 bit: FRST64.exe

 

What do you have for problems with posting that log of Malwarebytes? :)


Edited by Bootsektor, 16 September 2014 - 05:25 PM.

regards,

 

Sandra


#8 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:01:03 PM

Posted 19 September 2014 - 07:45 PM

Hello,

are you still with me?

Please notice:
If you do not reply within the next 48 hours, I assume that you do not need my help anymore and this topic will be closed.


regards,

 

Sandra


#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:03 PM

Posted 25 September 2014 - 01:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users