Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

popup screen after I exit e-mail program


  • Please log in to reply
18 replies to this topic

#1 pops1

pops1

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 06 November 2014 - 07:04 PM

I have a popup window that occurs when I exit my e-mail program. It just started this lately and to date have not been able to identify it or delete it in any way.  The address bar shows this address;  s. ad127m.com, and it refers to a slow computer speed program that wants to be downloaded.

 

Have run Malware Bytes several times, run Spybot several times and also run McAfee several times but none shows any results. Even run Windows Defender to no avail.  Does anyone have any suggestions?  When it runs , it reduces my browser window size about 50%.

 

Am running a Dell 560 with Windows 7 and using Firefox as a browser.

 



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,875 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:45 PM

Posted 15 November 2014 - 01:13 PM

WOT Data

 

Moved to Am I Infected forum.

 

Louis



#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 15 November 2014 - 02:55 PM

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 19 November 2014 - 07:21 PM

I have downloaded and run this program twice now but it still has not effected this problem.  Is there anything else I might try? 



#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 20 November 2014 - 10:10 AM

In the instructions for running the AdwCleaner I requested that you post the results of the scan, you have not.  Knowing what is found in these scans provides information which can help determine just what the problem is, it is important that you follow the instruction.

 

Please post the requested logs in your topic.  Do not wrap these in code or quotes.  Do not use a host website to post these logs.

 

Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 
mbam1_zps95cc812c.png
 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 
mbam1_zps98e7fba9.png
 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 mbam2_zps85f38f0c.png
 
3)  The scan will automatically run now.
 
malwarerun_zps9abd4ef1.png
 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 
mbam4_zps23e52ad4.png
 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 mbam4_zps490948cc.png
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 

 

To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items.  Copy and paste this in your next post.
 
 
 
Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

 

 

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Edited by dc3, 20 November 2014 - 10:13 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 20 November 2014 - 03:41 PM

# AdwCleaner v4.101 - Report created 11/11/2014 at 10:10:11
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.9 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ken - KEN
# Running from : C:\Users\Ken\Downloads\adwcleaner_4.101.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\9mewf84v.default-1348157616638\user.js
File Found : C:\Users\Ken\AppData\Roaming\Mozilla\Firefox\Profiles\o5226jrg.default-1365543704708\user.js
File Found : C:\Windows\Reimage.ini
Folder Found : C:\ProgramData\apn
Folder Found : C:\Users\Ken\AppData\Local\PackageAware
Folder Found : C:\Users\Ken\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ken\AppData\Roaming\DriverCure
Folder Found : C:\Users\Ken\AppData\Roaming\speedypc software
Folder Found : C:\Users\Ken\AppData\Roaming\Systweak

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Smartbar
Key Found : HKCU\Software\Classes\iLivid.torrent
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Reimage
Key Found : HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : [x64] HKCU\Software\Reimage
Key Found : [x64] HKCU\Software\speedypc software
Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\speedypc software
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.1 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4653 octets] - [11/11/2014 10:10:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4713 octets] ##########
 



#7 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 20 November 2014 - 04:04 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/12/2014
Scan Time: 1:45:36 PM
Logfile: malwareBytes Log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.12.09
Rootkit Database: v2014.11.12.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ken

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 327129
Time Elapsed: 9 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 20 November 2014 - 04:43 PM

Did the Speccy help?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#9 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 21 November 2014 - 03:20 PM

No, to date nothing have made any difference in the problem.  The popups have changed somewhat in that they will be different at time and then it will revert to the same on again.  I have run so many different spyware programs and such but none has seemed to make any difference in it.



#10 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 21 November 2014 - 04:12 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=303646ca9fac40448aaf636a42f98d1f
# engine=21188
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-20 11:33:29
# local_time=2014-11-20 05:33:29 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='McAfee Anti-Virus and Anti-Spyware'
# compatibility_mode=5123 16777214 88 100 7182999 178389787 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 168069859 0 0
# scanned=147232
# found=12
# cleaned=12
# scan_time=6627
sh=99305C6442241239E842917B77D14F81373A8CA8 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.7z.vir"
sh=170E95D460F6646D76779B4FE097711093F9EC14 ft=1 fh=51a54013aaae74e4 vn="Win32/Bundled.Toolbar.Ask.B potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=F90BA7C6D1B19AE85EBCE1DE12B5ADABFAC0BDE9 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\6645bed0-1c75f8db"
sh=CEABC23DA1D5365D310DC17EC52CD8FE46A1CE08 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OXM trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7bcaa392-1b0f6746"
sh=3381681E216E83AEEB3134213C4DBA375AD22C1A ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OEA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\49814c97-3d297a67"
sh=F3E3873265C78D6BAA92F242DF5954AD1468339E ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\532112f-7dd55045"
sh=51B3251CC6E35B52B9272F2C9EB235556BE91F85 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.CVE-2012-1723.CE trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\66d76df2-5908528b"
sh=3381681E216E83AEEB3134213C4DBA375AD22C1A ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.OEA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\4480e006-3bb024fd"
sh=6DF1AF91FB1EB798C5424DD8BBE2506BBEA4339B ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Agent.NEA trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5d35d3d-6859db0f"
sh=329869BCB30440CA2B7E9D77DB48F490C33EB516 ft=0 fh=0000000000000000 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Ken\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6625e23e-1dee111a"
 



#11 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 21 November 2014 - 05:16 PM

The Eset online scan found Trojans and quarantined them.

 

Has this made any difference?


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#12 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 21 November 2014 - 07:59 PM

Yes it did but to no avail.  When I tried it after the scan, I still got the popup screen again. Mind boggling!



#13 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 21 November 2014 - 08:11 PM

It does not seem to affect any other of my programs or actions but it does seem to effect this one e-mail program.  I use it only for a sign up e-mail for different sites and different things just to keep the spam thing from being a problem.  It popsup when I sign on and I must delete it to be able to sign in.  After I have completed my business on the site and sign out, it is lurking behind my screen.  It also reduces my window about 50% when it shows up.  I have to physically enlarge my screen afterwards.


Edited by pops1, 21 November 2014 - 08:12 PM.


#14 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,601 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:45 AM

Posted 22 November 2014 - 09:45 AM

Please download and run RKill
 
RKill is an easy to use tool that kills known processes and removes Windows Registry entries that stop a user from using their normal security applications.  These settings will remain until the computer is rebooted, for this reason you must run the security application before the computer is rebooted.  
 
Please download RKill and install it.
 
When RKill is run it will display a console screen similar to the one below:
 
RKill_zps2e34d4b8.png
 
When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.
 
Attention:  At this time you need to run your security applications listed below.
 
While RKill is running you may see a message from the malware stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:
 
1)  Rename Rkill so that it has a .com extension.
 
2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  
 
After the application has run successfully you should reboot the computer to restore the processes and Windows Registry entries. 
 
 
Rerun the the ESET online scan and post the log in your topic.
 

Please download and install Emsisoft.
 
1.  When Emsisoft opens click on Update.
 
emsisoft6_zpsace019ac.png
 
2.  Click on Full Scan.
 
emsisoft7_zps9186dacd.png
 
3.  After the scan has completed the results will be displayed.  Make sure there is a check in the box of each item found, then click on Quarantine.
 
emsisoft9_zpsf493a30a.png
 
4.  After the items have been quarantined click on OK.
 
emsisoft10_zpscd89d5de.png
 
5.  After the quarantine has been completed click on Logs.
 
emsisoft11_zps7f976399.png
 
6.  Click on Export and save the log to a location which you will be able to find and open.  Open the log, copy and then paste the log in your topic.
 
emsisoft12_zpsb7365391.png

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#15 pops1

pops1
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:12:45 PM

Posted 23 November 2014 - 09:14 PM

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/23/2014 05:19:15 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to !
  * HKCU\SOFTWARE\Classes\.exe has been deleted!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.

 * HOSTS file entries found:

  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    www.100888290cs.com
  127.0.0.1    100888290cs.com
  127.0.0.1    100sexlinks.com
  127.0.0.1    www.100sexlinks.com

  20 out of 15494 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 11/23/2014 05:19:58 PM
Execution time: 0 hours(s), 0 minute(s), and 42 seconds(s)
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users