Jump to content

lishie

Members
  • Posts

    10
  • Joined

  • Last visited

Everything posted by lishie

  1. Thank you so much for taking the time to help me! I really appreciate your kindness and wealth of knowledge :)

  2. I don't think I have any more questions. Thank you so much for the help, I really appreciate it! Have a great day MrC
  3. MBAM Full Scan came up clean ---------------------------------------------- Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Internet Security 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 JavaFX 2.1.1 Java 7 Update 45 Adobe Flash Player 11.8.800.94 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (24.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. Everything came up clean on the Quick Scan with MBAM. I'll run a full scan in the morning. When I do Ctrl+Alt+Del and bring up the Task Manager, it shows Processes my computer is running. Currently running 111 processes now, it looks like there is a lot of junk that my computer doesn't need to be running. This isn't malware related so I'm going to assume you don't help with that sort of thing Have a good night Mr C!
  5. The other day when MBAM detected this, I thought it had already removed it so I deleted the file it was in. It said it had been removed successfully, so i thought it was OK. Detected again in the recycling bin, should I be concerned? Didn't want to take any chances and be sure.. thank you Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.28.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 LishieK9 :: ELI-PC [administrator] 10/30/2013 2:19:38 PM mbam-log-2013-10-30 (14-19-38).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 256009 Time elapsed: 5 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\$Recycle.Bin\S-1-5-21-4273951585-49509815-957312976-1001\$RUQCEMM.zip (Spyware.Passwords.Gen) -> Quarantined and deleted successfully. (end)
  6. Seems to be running great! The options menu (font, size, paste plain text, etc) was not showing up before and it is now.. which would explain why my stuff wasn't copy and pasting correctly. You have been so helpful, thank you so much! I have a few questions... 1) Since you didn't say anything about Spyware.Passwords.Gen, I assume it was nothing to worry about and was not a backdoor trojan or anything like that? Obviously I don't know very much about this type of stuff! 2) Is there a free anti-virus software you recommend or is AVG good enough? 3) My computer is currently running 100 processes, do you help with registry related things? If not, no worries. I'll eventually figure out how to clean it up. Thanks again!
  7. # AdwCleaner v3.010 - Report created 30/10/2013 at 14:07:35 # Updated 20/10/2013 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : LishieK9 - ELI-PC # Running from : C:\Users\LishieK9\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Viewpoint Folder Deleted : C:\Program Files (x86)\Coupon Companion Folder Deleted : C:\Program Files (x86)\Viewpoint Folder Deleted : C:\Users\LishieK9\AppData\Local\Coupon Companion File Deleted : C:\Users\LishieK9\AppData\Roaming\Mozilla\Firefox\Profiles\ej3g7t8o.default\searchplugins\funmoods.xml File Deleted : C:\Users\LishieK9\AppData\Roaming\Mozilla\Firefox\Profiles\ej3g7t8o.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\installedbrowserextensions Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16496 Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] -\\ Mozilla Firefox v24.0 (en-US) [ File : C:\Users\LishieK9\AppData\Roaming\Mozilla\Firefox\Profiles\ej3g7t8o.default\prefs.js ] Line Deleted : user_pref("extensions.crossrider.bic", "13b300b08189c17aa39bd5c2d6e1c46a"); Line Deleted : user_pref("extensions.funmoods.aflt", "download"); Line Deleted : user_pref("extensions.funmoods.autoRvrt", false); Line Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr"); Line Deleted : user_pref("extensions.funmoods.cntry", "US"); Line Deleted : user_pref("extensions.funmoods.cv", "cv5"); Line Deleted : user_pref("extensions.funmoods.dfltLng", ""); Line Deleted : user_pref("extensions.funmoods.dfltSrch", true); Line Deleted : user_pref("extensions.funmoods.dfltlng", "en"); Line Deleted : user_pref("extensions.funmoods.dfltsrch", true); Line Deleted : user_pref("extensions.funmoods.dnsErr", true); Line Deleted : user_pref("extensions.funmoods.envrmnt", "production"); Line Deleted : user_pref("extensions.funmoods.excTlbr", false); Line Deleted : user_pref("extensions.funmoods.hdrMd5", "13BE6498C36075BE2A0056C08E8336C2"); Line Deleted : user_pref("extensions.funmoods.hmpg", true); Line Deleted : user_pref("extensions.funmoods.hrdid", "848F69C70D8451D2"); Line Deleted : user_pref("extensions.funmoods.id", "848F69C70D8451D2"); Line Deleted : user_pref("extensions.funmoods.instlDay", "15667"); Line Deleted : user_pref("extensions.funmoods.instlRef", "download"); Line Deleted : user_pref("extensions.funmoods.instlday", "15667"); Line Deleted : user_pref("extensions.funmoods.instlref", "download"); Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true); Line Deleted : user_pref("extensions.funmoods.keywordurl", ""); Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2217:7:46"); Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Line Deleted : user_pref("extensions.funmoods.newTab", true); Line Deleted : user_pref("extensions.funmoods.newtab", true); Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods"); Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods"); Line Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods"); Line Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1"); Line Deleted : user_pref("extensions.funmoods.sg", "none"); Line Deleted : user_pref("extensions.funmoods.smplGrp", "none"); Line Deleted : user_pref("extensions.funmoods.smplgrp", "none"); Line Deleted : user_pref("extensions.funmoods.srch", ""); Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search"); Line Deleted : user_pref("extensions.funmoods.srchprvdr", "Search"); Line Deleted : user_pref("extensions.funmoods.tlbrId", "base"); Line Deleted : user_pref("extensions.funmoods.tlbrid", "base"); Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2217:7:46"); Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Line Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2217:7:46"); Line Deleted : user_pref("extensions.funmoods_i.newTab", true); Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none"); Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2217:7:46"); -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\LishieK9\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8203 octets] - [30/10/2013 12:52:10] AdwCleaner[R1].txt - [8261 octets] - [30/10/2013 13:00:00] AdwCleaner[s0].txt - [8071 octets] - [30/10/2013 14:07:35] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8131 octets] ########## AdwCleanerS0.txt
  8. RogueKiller V8.7.6 _x64_ [Oct 28 2013] by Tigzy mail : tigzyRKgmailcom Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ RKreport0_S_10292013_145607.txt
  9. That's odd, I copy and pasted everything and previewed it twice. Not sure why it's showing up that way? Let me know if you would like me to try again or if the attached files will be OK. Sorry for the inconvenience.. I temporarily disabled AVG to run dds.scr. AVG seems to have been updating randomly all morning, hopefully it is done and if not, I'll do my best to stop the updates. Working on RogueKiller now. Thanks
  10. x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - dds.txt attach.txt
  11. Hello, I did a scan with MB tonight after not doing one for several months, I know, not very smart! My scan found an infected file named Spyware.Passwords.Gen and I have googled this but got conflicting information. Could it have been a false positive? Is this a serious threat that would require changing my passwords or even reformatting? I wanted to check with you guys and see what kind of threat I'm dealing with. Here is the log. Thank you so much! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.28.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lishie :: Lishie [administrator] 10/28/2013 6:01:08 PM mbam-log-2013-10-28 (18-01-08).txt Scan type: Full scan (C:\|D:\|Q:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 452210 Time elapsed: 53 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 12 HKCR\CrossriderApp0004493.BHO (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004493.BHO.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004493.Sandbox (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004493.Sandbox.1 (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. HKCR\CLSID\{11111111-1111-1111-1111-110011441193} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044444493} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. HKCR\Interface\{55555555-5555-5555-5555-550055445593} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193} (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Users\LishieK9\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBOECL94\Setup.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully. C:\Users\LishieK9\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PBOECL94\stubinst_pkg_en-us[1].cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully. C:\Users\LishieK9\Downloads\MobileSyncBrowser.Setup.zip (Spyware.Passwords.Gen) -> Quarantined and deleted successfully. C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll (PUP.Optional.CrossRider.M) -> Quarantined and deleted successfully. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.