Jump to content

Lady_Femme

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I will remove the Microsoft one. Thanks so much, TwinHeadedEagle. Have a fabu day...and the ice-cold bar draft is on the way!
  2. TwinHeadedEagle, Good morning to my newest favorite smart person! I removed Norton and have attached the Malwarebytes and AdwCleaner results. Also, I enabled pop-ups again and so far have not received any of the alerts from Malewarebytes as I did yesterday. Is there anything else for me to do or is it time to treat you to that beer? AdwCleanerS0.txt MB Scan.txt
  3. Sorry, I missed this step earlier. Here are the Farbar scan text files. Thanks so much in advance for helping me out! Lady Femme Addition.txt FRST.txt
  4. False alarm. The pop-ups are back with a vengeance. *sigh*
  5. Hello, About an hour ago, my laptop started giving me the following pop-up notification: Malicious Website Blocked Port: IP 88.214.193.54 Outbound SysWOW64/scvhost.exe I followed instruction on another similar post and ran a Malwarebytes Threat Scan and no threats were found. I downloaded Roguekiller and here is the report: RogueKiller V9.2.4.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Moi [Admin rights] Mode : Scan -- Date : 08/03/2014 13:44:19 ¤¤¤ Bad processes : 2 ¤¤¤ [Proc.Svchost] svchost.exe -- C:\Windows\system32\svchost.exe[x] -> [NoKill] [Proc.Svchost] svchost.exe -- C:\Windows\SysWow64\svchost.exe[x] -> [NoKill] ¤¤¤ Registry Entries : 16 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 167.206.13.180 167.206.13.181 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 167.206.13.180 167.206.13.181 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 167.206.13.180 167.206.13.181 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB} | DhcpNameServer : 167.206.13.180 167.206.13.181 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB} | DhcpNameServer : 167.206.13.180 167.206.13.181 -> FOUND [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB} | DhcpNameServer : 167.206.13.180 167.206.13.181 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-872772048-1079881395-1596430499-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-872772048-1079881395-1596430499-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤ [suspicious.Path] \\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} -- C:\ProgramData\cis5EC2.exe (--PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST9250315AS +++++ --- User --- [MBR] 52152b16ebf12f145f8b09d11ed9ae94 [bSP] 33e4c5a7d6f06a377f9a22bda41cf4b6 : Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 218855 MB 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 448624640 | Size: 19316 MB 3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 488183808 | Size: 103 MB User = LL1 ... OK User = LL2 ... OK I have to say, I haven't deleted or modified anything and after I ran Roguekiller, the pop-ups have stopped. Thanks in advance for any help you can give me. Lady Femme
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.