Page 6 of 11 FirstFirst ... 2345678910 ... LastLast
Results 51 to 60 of 105

Thread: Persistent Warning

  1. #51
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    2018-01-26 23:26 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    Hosts:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    Emptytemp:
    End::


    Press the Fix button.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  2. #52
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    Fix result of Farbar Recovery Scan Tool (x86) Version: 27.01.2018
    Ran by Ed (31-01-2018 15:54:48) Run:1
    Running from C:\Users\Ed\Desktop
    Loaded Profiles: Ed (Available Profiles: Ed)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    CreateRestorePoint:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    2018-01-26 23:26 - 2017-12-31 21:02 - 001310528 _____ (Microsoft Corporation) C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll
    ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
    Hosts:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully.
    C:\Users\Ed\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
    HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset all =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= netsh int ipv4 reset =========

    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= netsh int ipv6 reset =========

    Reseting Interface, OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 12582912 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14705992 B
    Java, Flash, Steam htmlcache => 1236 B
    Windows/system/drivers => 245942825 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 382393278 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 0 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 0 B
    LocalService => 0 B
    NetworkService => 260 B
    Ed => 453879822 B

    RecycleBin => 0 B
    EmptyTemp: => 1 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 15:56:43 ====

  3. #53
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Any more pop ups?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #54
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I'll let you know after my browser has been open for a little while.

  5. #55
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    It didn't take long for the popup/audio "warning" to appear.

    By the way, it calls itself: "Internet Security Alert! Code 055BCCAC9FEC" and gives a dire audio warning about doing anything other than calling the phone number it provides. Don't worry. I didn't.

  6. #56
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    It truly is scam and your computer is not at risk.

    Zemana AntiMalware - Fix
    • Download and install Zemana AntiMalware
    • Open Zemana AntiMalware, and click on the Scan button
    • Wait for the scan to complete
    • Once done, click on any threats it detected, then select Apply to all and Quarantine to quarantine all threats, and click on the Next button

    • If it asks you to reboot your computer to finish the clean-up, do so
    • After that, click on the most upper right button to go to the Reports tab, select the latest System Scan entry and click on the Open Report button
    • A log will open in Notepad
    • Copy/paste the content of that log in your next reply

    created by Aura
    ~~~~~~~~~~~~~~~`

    Please download HitmanPro
    • For 32-bit Operating System - .
    • For 64-bit Operating System -

    2.Launch the program by double clicking on the icon.

    Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

    3.Click on the next button. You must agree with the terms of EULA. (if asked)

    4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

    5.Click on the next button.

    6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes.

    7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

    8.Click on the next button.

    9.Click on the "Save Log" button.

    10.Save that file to your desktop and post the content of that file in your next reply.

    Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro



    Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply.

    ~~

    Also, please read over these 2 links with further information
    https://forums.malwarebytes.com/topi...-055bccac9fec/

    https://www.bleepingcomputer.com/vir...h-support-scam
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #57
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    Zemana wiped out my wallpaper. The image was a Georgia Tech "GT" logo I found somewhere (don't recall where) and started using a couple of years ago.

    Here's the Zemana log:

    Zemana AntiMalware 2.74.2.150 (Installed)

    -------------------------------------------------------
    Scan Result : Completed
    Scan Date : 2018/2/2
    Operating System : Windows 7 32-bit
    Processor : 2X Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz
    BIOS Mode : Legacy
    CUID : 129372FD922810D98B2369
    Scan Type : System Scan
    Duration : 15m 28s
    Scanned Objects : 72967
    Detected Objects : 2
    Excluded Objects : 0
    Read Level : SCSI
    Auto Upload : Enabled
    Detect All Extensions : Disabled
    Scan Documents : Disabled
    Domain Info : WORKGROUP,0,2

    Detected Objects
    -------------------------------------------------------

    Suspicious Wallpaper
    Status : Scanned
    Object : HKCU\Control Panel\Desktop\Wallpaper
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Potentially Unwanted Modification
    Cleaning Action : Delete
    Related Objects :
    Registry Entry - HKCU\Control Panel\Desktop\Wallpaper = C:\Users\Ed\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

    Firefox Homepage
    Status : Scanned
    Object : https://www.toast.net/start/
    MD5 : -
    Publisher : -
    Size : -
    Version : -
    Detection : Suspicious Browser Setting
    Cleaning Action : Repair
    Related Objects :
    Browser Setting - Firefox Homepage

    FP4AWEC.DLL
    Status : Failed
    Object : %commonprogramfiles%\microsoft shared\web server extensions\40\bin\fp4awec.dll
    MD5 : 4B9B586FA57E590369754A113B189839
    Publisher : -
    Size : 450669
    Version : 4.0.2.2611
    Detection :
    Cleaning Action : Quarantine
    Related Objects :
    File - %commonprogramfiles%\microsoft shared\web server extensions\40\bin\fp4awec.dll
    Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A0F-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
    Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A0E-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
    Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A13-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
    Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A11-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
    Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A01-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL
    Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{F6FD0A00-43F0-11D1-BE58-00A0C90A4335}\InprocServer32\@ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\FP4AWEC.DLL


    Cleaning Result
    -------------------------------------------------------
    Cleaned : 2
    Reported as safe : 0
    Failed : 0

    ***

    After HitmanPro 3.8.0 ran, I found no C:\ProgramData\HitmanPro\Logs but had saved this log:

    Code:
    HitmanPro 3.8.0.292
    www.hitmanpro.com
    
       Computer name . . . . : ED-PC
       Windows . . . . . . . : 6.1.1.7601.X86/2
       User name . . . . . . : Ed-PC\Ed
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Free
    
       Scan date . . . . . . : 2018-02-02 07:55:46
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 6m 46s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
       Threats . . . . . . . : 0
       Traces  . . . . . . . : 91
    
       Objects scanned . . . : 1,312,873
       Files scanned . . . . : 35,994
       Remnants scanned  . . : 266,873 files / 1,010,006 keys
    
    Suspicious files ____________________________________________________________
    
       C:\Users\Ed\Desktop\FRST.exe
          Size . . . . . . . : 1,754,112 bytes
          Age  . . . . . . . : 3.1 days (2018-01-30 04:22:06)
          Entropy  . . . . . : 7.6
          SHA-256  . . . . . : 0EEE64881C35F01D68C682D0EEDA4B17FA3B8A1A6B3C504BAEBC946117D8F2DC
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 24.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
    
       C:\Users\Ed\Desktop\Unused Icons\FRST.exe
          Size . . . . . . . : 1,725,440 bytes
          Age  . . . . . . . : 680.5 days (2016-03-23 19:18:28)
          Entropy  . . . . . : 7.5
          SHA-256  . . . . . : EDB662EF9C4A97718C0389AB1745337E8FAD0E627E2E7F3AFA81E680A12D815B
          Needs elevation  . : Yes
          Fuzzy  . . . . . . : 22.0
             Program has no publisher information but prompts the user for permission elevation.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Authors name is missing in version info. This is not common to most programs.
             Version control is missing. This file is probably created by an individual. This is not typical for most programs.
    
    
    Potential Unwanted Programs _________________________________________________
    
       HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
    
    Cookies _____________________________________________________________________
    
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:254a.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:acuityplatform.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ad.360yield.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adaptv.advertising.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adbrn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:addthis.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adfarm1.adition.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adform.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adgrx.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adhigh.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adingo.jp
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adnxs.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.avocet.io
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.pubmatic.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ads.stickyadstv.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsrvr.org
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adsymptotic.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:adtechus.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:advertising.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:agkn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:angsrvr.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:assets.rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:atdmt.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:basebanner.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidr.io
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bidswitch.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:bluekai.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:casalemedia.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:connexity.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:contextweb.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:creative-serving.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:crwdcntrl.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:demdex.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dlx.addthis.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:domdex.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dotomi.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:doubleclick.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dpm.demdex.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:dsp.linksynergy.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:erne.co
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:everesttech.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:go.sonobi.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:gssprt.jp
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:gwallet.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ib.mookie1.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:imrworldwide.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ipredictive.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:krxd.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:lijit.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:linksynergy.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:match.rundsp.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mathtag.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:media6degrees.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mediaplex.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:ml314.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mookie1.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:mxptint.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:nexac.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:openx.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:optimatic.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:outbrain.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:owneriq.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pixel.rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pool.admedo.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:postrelease.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:pubmatic.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rfihub.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rlcdn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:scorecardresearch.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:simpli.fi
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:sitescout.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:skimresources.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:smartadserver.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:switchadhub.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:sxp.smartclip.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:taboola.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tap-secure.rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tap2-cdn.rubiconproject.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tapad.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tidaltv.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:trc.taboola.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tremorhub.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:tribalfusion.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:turn.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:w55c.net
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:weborama.com
       C:\Users\Ed\AppData\Roaming\Mozilla\Firefox\Profiles\vduktc57.default-1479757157401-1516982433966\cookies.sqlite:weborama.fr

  8. #58
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Zemana wiped out my wallpaper. The image was a Georgia Tech "GT" logo I found somewhere
    I think because it was downloaded and stored
    AppData\Roaming folder which is a very common place for malware to attack.

    ~~~

    https://www.google.com/search?q=Geor...nt=firefox-b-1
    the above are Georgia Tech "GT" logos, you'll have to download a new one. Before placing it on your desktop please scan it out.

    ~~~~~~~~~~~~~~~~~~~~~~
    Follow the below link to empty your cookies folder in Firefox.
    https://support.mozilla.org/en-US/kb...ebsites-stored
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #59
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    I emptied all cookies. I'll work on the wallpaper image.

  10. #60
    Senior Member
    Join Date
    Oct 2005
    Location
    Indialantic, Florida USA
    Posts
    186

    Default

    The scam "warning" popup has not appeared since wallpaper was deleted on 2/2. My browser use has been about normal since then.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •