Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE popup/redirect and other issues after download from Minecraft


  • Please log in to reply
17 replies to this topic

#1 lugnuts9

lugnuts9

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 16 December 2014 - 10:12 PM

My child downloaded something while playing Minecraft.  

There were 2 icons on my desktop, and 3 icons in my "Programs" folder that did not belong there.

I'm sorry to say I did not write dwn the name of one of the programs, it was deleted through "add/remove programs" though.

The other programs are: "Grooovorio" and "FindingDiscount"

Now, the problem I have that is bothering me is - Internet Explorer (Version 11.0.15, Which I never use) randomly pops open, with "cpvdredirect......."

I tried to "Reset IE to default settings" but I still get the pop ups.

(My normal browser that I use every day is Firefox version 34.0.5)


Actions Taken:

Ran MBAM, found RelavantKnowledge and Grooviro, RogueMultiple, 5 modules, 1 reg key, 1 reg data, 4 folders, 16 files

I ran DDS (very old version I had saved) and got 2 scan files (Desktop)

I ran GMER (very old version),  Result:
Warning - GMER has found a rootkit (FindingDiscount)
Do you want to fully scan your system? ....... I selected YES (But I forgot to de-select IAT)

I also ran TDSS Killer (old),  Result:
Result:  TDSS Killer processes 250 objects, infection not found

I also ran an Rkill scan,  Result
Processes terminated by Rkill or while it was running:

C:\Users\.............\AppData\Local\Amazon Music\Amazon Music Helper.exe

 --- ATTENTION ---

Windows was configured to use a proxy! Proxy settings have been removed.

The Proxy Server that was configured is: http=127.0.0.1:47574

If this was a valid setting, please double-click on the rk-proxy.reg file on your desktop and allow the data to be merged to restore your proxy settings.


I changed the LAN settings to "Automatically detect settings", and de-selected "Use  proxy server for your LAN"
I later went back to the settings windown, and it (Use proxy server) was selected again.
It kept coming back to proxy server setting about 3-4 more times, but now it is finally de-selected.

Then I DL new version of TDSS Killer, re-scanned, no infection found

Finally I re-ran MBAM  (Found 10 items, mostly FindingDiscount)

 

Computer Info:

This is a Desktop Computer, Intel Core 2 duo, running Windows 7 Home

 

My Security Programs:
AVG 2015.0.5577 (database updated daily)
MBAM (Free) 2.0.4.1028

 

 

Thank you in advance for any help you can offer!


Edited by lugnuts9, 16 December 2014 - 10:16 PM.


BC AdBot (Login to Remove)

 


#2 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 17 December 2014 - 02:06 AM

Hello there     :welcome:
 
Welcome to Bleeping Computer, I'm LighthouseParty. Let's run a couple of scans to see what could be causing this. Thank you for the very descriptive post.
 
:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

Please also post your two previous logs.

 

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

:step4: Non-malware removal steps

Run System File Checker - http://support.microsoft.com/KB/929833
Run Disk Check - http://support.microsoft.com/kb/2641432
Run Disk Cleanup - http://windows.microsoft.com/en-gb/windows/delete-files-using-disk-cleanup

Thanks and good luck!



#3 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 18 December 2014 - 10:15 AM

Thank you so much LighthouseParty!  Here goes:

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Black (administrator) on 18-12-2014 at 08:59:42
Running from "C:\Users\Black\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.



=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
FindingDiscount (HKLM\...\FindingDiscount) (Version:  - )
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java Auto Updater (Version: 2.1.71.14 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MegaLogViewer version 3.4.04 (HKLM\...\{73777CD1-5F24-4E4B-8846-944DAA9F9565}_is1) (Version: 3.4.04 - EFI Analytics, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Excel 2013 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Snapshot Viewer (HKLM\...\Snapshot Viewer) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
VemsTune (HKLM\...\VemsTune) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinPEP 7 (HKLM\...\InstallShield_{A0568C61-9443-43F3-9938-E573A3BEFB7B}) (Version: 7.5.1.14 - Dynojet Research Inc.)
WinPEP 7 (Version: 7.5.1.14 - Dynojet Research Inc.) Hidden
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
========================= Restore Points ==================================

08-12-2014 00:51:17 Scheduled Checkpoint
10-12-2014 08:00:18 Windows Update
12-12-2014 03:38:10 Windows Update

**** End of log ****

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

MBAM Log from today:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/18/2014
Scan Time: 9:01:56 AM
Logfile: MBAM 12-18 9.01 AM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.18.02
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Black

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294093
Time Elapsed: 9 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

MBAM Log 12-14 10:22 PM

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/14/2014
Scan Time: 10:22:04 PM
Logfile: MBAM 12-16 10.22 PM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.14.07
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Black

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292647
Time Elapsed: 11 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 5
PUP.Optional.RelevantKnowledge, C:\Users\Black\AppData\Local\Temp\CSM2A63.tmp, Delete-on-Reboot, [912e71f1b6c691a510b614620ff6718f],
PUP.Optional.RelevantKnowledge, C:\Users\Black\AppData\Local\Temp\CSM2A63.tmp, Delete-on-Reboot, [912e71f1b6c691a510b614620ff6718f],
PUP.Optional.RelevantKnowledge, C:\Users\Black\AppData\Local\Temp\CSM2A63.tmp, Delete-on-Reboot, [912e71f1b6c691a510b614620ff6718f],
PUP.Optional.RelevantKnowledge, C:\Users\Black\AppData\Local\Temp\CSM2A63.tmp, Delete-on-Reboot, [912e71f1b6c691a510b614620ff6718f],
PUP.Optional.RelevantKnowledge, C:\Users\Black\AppData\Local\Temp\CSM2A63.tmp, Delete-on-Reboot, [912e71f1b6c691a510b614620ff6718f],

Registry Keys: 1
PUP.Optional.Groovorio, HKU\S-1-5-21-3455561992-2900302125-1006364-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC865B26-C31D-4D23-B17B-96548EEF03F6}, Quarantined, [8c33baa8235988ae6aec6c5d7a8aad53],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.Groovorio.A, HKU\S-1-5-21-3455561992-2900302125-1006364-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://groovorio.com/?f=1&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDzyzytC0EtDyB0CyC0FyDtN0D0Tzu0StCtDyBzztN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0CtB0DtBzy0CyCtGyDtCyEtDtGzztDzzzytGzztByEtDtGyEyE0Ezz0FtC0E0B0DtCyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0ByE0EtBtCyBtGzytC0D0DtGyEyD0DtBtG0BtDtByCtG0D0D0DyDyBtCzztC0A0B0Azy2Q&cr=2145877774&ir=, Good: (www.google.com), Bad: (http://groovorio.com/?f=1&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDzyzytC0EtDyB0CyC0FyDtN0D0Tzu0StCtDyBzztN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0CtB0DtBzy0CyCtGyDtCyEtDtGzztDzzzytGzztByEtDtGyEyE0Ezz0FtC0E0B0DtCyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0ByE0EtBtCyBtGzytC0D0DtGyEyD0DtBtG0BtDtByCtG0D0D0DyDyBtCzztC0A0B0Azy2Q&cr=2145877774&ir=),Replaced,[427da5bdc6b6b680d8b3550e35d025db]

Folders: 4
Rogue.Multiple, C:\ProgramData\2308189059, Quarantined, [fbc4550d0874b97d9b2c48c4f90a7e82],
PUP.Optional.MarketScore, C:\Program Files\RelevantKnowledge, Quarantined, [7946cd9582faf5415ce9fc169f64ba46],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Groovorio, Quarantined, [1da26ff3403c082ed7b4e75039ca04fc],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Groovorio\UpdateProc, Quarantined, [1da26ff3403c082ed7b4e75039ca04fc],

Files: 16
PUP.Optional.RelevantKnowledge, C:\Users\Black\AppData\Local\Temp\CSM2A63.tmp, Delete-on-Reboot, [912e71f1b6c691a510b614620ff6718f],
PUP.Optional.RelevantKnowledge, C:\Program Files\OpenDownloaderManager\rkinstaller.exe, Quarantined, [358af2702e4e58decccb8bf7887dab55],
PUP.Optional.RelevantKnowledge, C:\Program Files\OpenDownloaderManager\rkverify.exe, Quarantined, [982700624b31fa3c6f553541b055b050],
PUP.Optional.RelevantKnowledge, C:\Program Files\RelevantKnowledge\rlls.dll, Quarantined, [833ce280c1bbc07683140f73d72e19e7],
PUP.Optional.RelevantKnowledge, C:\Program Files\RelevantKnowledge\rlls64.dll, Quarantined, [b906b7ab3f3daf87cccb5a2836cf29d7],
PUP.Optional.RelevantKnowledge, C:\Program Files\RelevantKnowledge\rlservice.exe, Quarantined, [f2cd8ed4a5d7c96d6f28c0c2a85d33cd],
PUP.Optional.RelevantKnowledge, C:\Program Files\RelevantKnowledge\rlvknlg.exe, Quarantined, [437cdd85c1bbfb3b7522265ced186a96],
PUP.Optional.RelevantKnowledge, C:\Program Files\RelevantKnowledge\rlvknlg32.exe, Quarantined, [c7f8174bfe7e80b6fe9995ed996c59a7],
PUP.Optional.RelevantKnowledge, C:\Program Files\RelevantKnowledge\rlvknlg64.exe, Quarantined, [6d528ad8423a58de197ef88a31d4d52b],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Mozilla\Firefox\Profiles\waixedcz.default\searchplugins\Groovorio.xml, Quarantined, [853a0e5489f3b581afcbbcadbc4748b8],
Rogue.Multiple, C:\ProgramData\2308189059\BIT70C2.tmp, Quarantined, [fbc4550d0874b97d9b2c48c4f90a7e82],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Groovorio\UpdateProc\config.dat, Quarantined, [1da26ff3403c082ed7b4e75039ca04fc],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Groovorio\UpdateProc\info.dat, Quarantined, [1da26ff3403c082ed7b4e75039ca04fc],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Groovorio\UpdateProc\STTL.DAT, Quarantined, [1da26ff3403c082ed7b4e75039ca04fc],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Groovorio\UpdateProc\TTL.DAT, Quarantined, [1da26ff3403c082ed7b4e75039ca04fc],
PUP.Optional.Groovorio.A, C:\Users\Black\AppData\Roaming\Mozilla\Firefox\Profiles\waixedcz.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://groovorio.com/?f=1&a=grv_installertech_14_22&cd=2XzuyEtN2Y1L1QzutDtDtC0A0AtDzyzytC0EtDyB0CyC0FyDtN0D0Tzu0StCtDyBzztN1L2XzutAtFyCtFtCtDtFtCtN1L1Czu1N1C2X1V1L1G1B2Z1T1I1I1P1C2Z1P1R1M1VtCyE1VtBtBtN1L1G1B1V1N2Y1L1Qzu2StB0CtB0DtBzy0CyCtGyDtCyEtDtGzztDzzzytGzztByEtDtGyEyE0Ezz0FtC0E0B0DtCyD0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0ByE0EtBtCyBtGzytC0D0DtGyEyD0DtBtG0BtDtByCtG0D0D0DyDyBtCzztC0A0B0Azy2Q&cr=2145877774&ir=");), Replaced,[cef1f27079037bbb59a6bce9cc39a759]

Physical Sectors: 0
(No malicious items detected)


(end)

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

MBAM Log 12-16 5:19 PM:

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/16/2014
Scan Time: 5:19:18 PM
Logfile: MBAM 12-16 5.19 PM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.16.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Black

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293617
Time Elapsed: 10 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.RuntimeManager.A, C:\Program Files\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, 2508, Delete-on-Reboot, [6b1a382be993d561ea8c8fc2aa5948b8]
PUP.Optional.FindingDiscount.A, C:\Program Files\Windows Discount\FindingDiscount\findingdiscount.exe, 10424, Delete-on-Reboot, [b4d131322d4fb97dbc99bf9250b3fa06]

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.FindingDiscount.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\FindingDiscount, Delete-on-Reboot, [0f761b48fb81a1951b5900513ec5fd03],
PUP.Optional.RuntimeManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RuntimeManager, Quarantined, [6b1a382be993d561ea8c8fc2aa5948b8],

Registry Values: 1
PUP.Optional.RuntimeManager.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RUNTIMEMANAGER|ImagePath, C:\Program Files\Windows NT\Accessories\RuntimeManager\runtimemanager.exe -service, Quarantined, [6b1a382be993d561ea8c8fc2aa5948b8]

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.FindingDiscount.A, C:\Program Files\Windows Discount, Delete-on-Reboot, [b4d131322d4fb97dbc99bf9250b3fa06],
PUP.Optional.FindingDiscount.A, C:\Program Files\Windows Discount\FindingDiscount, Delete-on-Reboot, [b4d131322d4fb97dbc99bf9250b3fa06],
PUP.Optional.FindingDiscount.A, C:\ProgramData\Windows Discount, Quarantined, [d3b2ea793a42e254fc5a341d70939a66],
PUP.Optional.FindingDiscount.A, C:\ProgramData\Windows Discount\FindingDiscount, Quarantined, [d3b2ea793a42e254fc5a341d70939a66],
PUP.Optional.RuntimeManager.A, C:\Program Files\Windows NT\Accessories\RuntimeManager, Delete-on-Reboot, [5c2964ff225aa6905605015062a17e82],

Files: 4
PUP.Optional.RuntimeManager.A, C:\Program Files\Windows NT\Accessories\RuntimeManager\runtimemanager.exe, Delete-on-Reboot, [6b1a382be993d561ea8c8fc2aa5948b8],
PUP.Optional.FindingDiscount.A, C:\Program Files\Windows Discount\FindingDiscount\findingdiscount.exe, Delete-on-Reboot, [b4d131322d4fb97dbc99bf9250b3fa06],
PUP.Optional.FindingDiscount.A, C:\ProgramData\Windows Discount\FindingDiscount\config.dat, Quarantined, [d3b2ea793a42e254fc5a341d70939a66],
PUP.Optional.FindingDiscount.A, C:\ProgramData\Windows Discount\FindingDiscount\FindingDiscount.exe, Quarantined, [d3b2ea793a42e254fc5a341d70939a66],

Physical Sectors: 0
(No malicious items detected)


(end)

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

Security Check Log:

 

Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71  
 Adobe Flash Player     16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

 

And, I did all 3 System and Disk Check/Cleanups listed in Step 4 above.

 

Thanks!


Edited by lugnuts9, 18 December 2014 - 10:17 AM.


#4 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 18 December 2014 - 11:31 AM

Hello there,

:step1: Please uninstall some programs
 
There's currently some programs on your PC that we need to remove, for the time-being at least. Press the Windows + R key on your keyboard and type in appwiz.cpl and press enter. Navigate to each of the following below one-by-one and click uninstall:

  • Java 7 Update 71
  •  

If any programs listed above aren't in Programs and Features, you can just skip them. Please download JavaRa from here and once opened it, select 'remove JRE' (If that's not there, select remove Java Runtime). Make sure you skip the re-install Java option!

:step2: Please download rKill to your desktop

  • Double click it (Win 7, 8 and Vista users, right-click and select run as admin)
  • The tool will run and then a log file should open.
  • Please post the contents of it in your next reply.

Please don't restart your computer before running the next step.

:step3: Please download AdwCleaner to your desktop

  • Double click adwcleaner_x.xxx.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • If prompted, click I agree.
  • Click scan. When it's finished, select clean.
  • Allow AdwCleaner to restart your computer.
  • Once your computer's restarted, a log should appear.
  • Please post this in your next reply.

:step4: Please download Junkware Removal Tool to your desktop

  • Double click JRT.exe. (Win 7, 8 and Vista users, right-click and select run as admin)
  • Press any key and the scan will begin.
  • At the end, a log will open. Please post this in your next reply.

:step5: Please visit the ESET Online Scanner webpage
:exclame: Internet Explorer MUST be used for this step.  :exclame:

  • Click the checkbox next to 'Yes, I accept the Terms of Use' and click start.
  • Select the checkboxes which are displayed in the picture below.

jqnp8z.png

  • Press start and the scan will now begin - this scan will take a long time.
  • When the scand finished, select list threats and then export.
  • Choose a name for the log (e.g ESET) and click save (to your desktop)
  • Press the back button and then click finish. Please include the contents of the log in your reply.

:step6: Turn on Windows Security Center

  • Click “Start”.
  • Type “services.msc” in the Start search box and hit “Enter”.
  • Locate “Security Center” and double-click the same.
  • In the “Startup type” list, select “Automatic”.
  • Click “Start” to start the service.
  • Click “Apply” and click “OK”.


#5 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 18 December 2014 - 02:53 PM

Lighthouse!  I have failed you!  You gave me simple instructions, and I managed to screw it up!

 

I did Step 1 (remove Java)....

BUT,

I did Step 3 (AdwCleaner next, INSTEAD of Step 2 "rKill"

 

The computer restarted after the AdwCleaner..... and did a Windows Update/ "Cleaning up" afterward.

 

What do you recommend that  I do now?  Start over from Step 1?

 

Sorry!


Edited by lugnuts9, 18 December 2014 - 02:55 PM.


#6 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 18 December 2014 - 03:55 PM

No worries :)
 
Simply navigate to C:\AdwCleaner\AdwCleaner[S0] and paste the contents of it into your reply, that's the AdwCleaner log.

 

After that, continue with the rest of my instructions.



#7 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 18 December 2014 - 06:07 PM

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/18/2014 03:02:18 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/18/2014 03:02:42 PM
Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

 

# AdwCleaner v4.105 - Report created 18/12/2014 at 14:46:40
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Black - BLACK-PC
# Running from : C:\Users\Black\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[waixedcz.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Groovorio");

*************************

AdwCleaner[R0].txt - [1320 octets] - [18/12/2014 14:43:01]
AdwCleaner[S0].txt - [1266 octets] - [18/12/2014 14:46:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1326 octets] ##########

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x86
Ran by Black on Thu 12/18/2014 at 15:36:17.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

 

~~~ Registry Keys

~~~ Files

~~~ Folders

 

~~~ FireFox

Emptied folder: C:\Users\Black\AppData\Roaming\mozilla\firefox\profiles\waixedcz.default\minidumps [146 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/18/2014 at 15:39:55.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

C:\Users\Black\Desktop\***EDITED*********\minecraftsp.jar.exe Win32/Conduit.SearchProtect.W potentially unwanted application deleted - quarantined
C:\Users\Black\Desktop\Work\ACER Laptop Fix\rcsetup148.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined

 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

 

Windows Security Center - done.

 

Thanks!

 



#8 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2014 - 01:47 AM

Are you still receiving issues?



#9 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 19 December 2014 - 08:28 AM

Hello, the machine seems to be fine, IE has not had any pop ups since about a day before I posted here, and it seems to now be browsing faster than before.  Do you think I am safe to use it for banking, etc? 

I have some questions, please let me know if it is better to post here, or to IM you.

 

Oh, and THANK YOU!  :)



#10 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2014 - 10:06 AM

I think you're all set to go now :)

For one last final step, please download Delfix from here and save it to your desktop. Right-click it and select run as administrator. Select the following and press run:

  • Remove disinfection tools
  • Purge system restore

Happy surfing!



#11 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 19 December 2014 - 01:06 PM

Thanks! Do you take donations?



#12 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 19 December 2014 - 01:31 PM

No problem :)

 

Thanks for the offer, but I don't currently take donations



#13 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:48 AM

Posted 20 December 2014 - 12:13 PM

Hello again,

 

AVG Resident Shield came up with this threat yesterday evening.  Should I be worried about anything?

 

Thanks!

 

Found MalSign.Generic.C5A, c:\Program Files\OpenDownloaderManager\wajam_install.exe;"Secured";"12/19/2014, 7:40:59 PM";"File or Directory";"c:\Program Files\Malwarebytes Anti-Malware\mbam.exe"

 



#14 Guest_LighthouseParty_*

Guest_LighthouseParty_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2014 - 12:20 PM

Hello there,
 
It's possible malware has decided to make a return...

 

:step1: Please download MiniToolBox to your desktop

  • Double click MiniToolBox.
  • Select the following and then press go.
  • Post the log in your next reply.

Flush DNS
Reset IE Proxy Settings
Reset FF Proxy Settings
List Installed Programs
List Restore Points
 
:step2: Please download Malwarebytes Anti-Malware to your desktop

  • Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
  • On the dashboard, click update now.
  • After that, click scan now - the scan will now begin.
  • When the scan's completed, select apply actions - make sure the action is quarantine.
  • Restart your computer.

How to get the log.

  • On the dashboard, select the history tab and click application logs.
  • Select the log which has the time and date of when you did the scan.
  • Click copy to clipboard and paste it into your reply.

:step3: Please download Security Check to your desktop

  • Double click SecurityCheck and follow the on-screen instructions.
  • A log should open, called checkup.txt.
  • Please post the contents of it in your next reply.

Edited by LighthouseParty, 20 December 2014 - 12:21 PM.


#15 lugnuts9

lugnuts9
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 20 December 2014 - 02:42 PM

OK, I did all 3 steps and below are the logs.   I already have MBAM installed and updated, so I used that instead of DL a new copy in Step 2.

 

Thanks!

 

 

 MiniToolBox by Farbar  Version: 30-11-2014
Ran by Black (administrator) on 20-12-2014 at 14:14:25
Running from "C:\Users\Black\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.



=========================== Installed Programs ============================
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Amazon Music (HKCU\...\Amazon Amazon Music) (Version: 3.0.5.567 - Amazon Services LLC)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FindingDiscount (HKLM\...\FindingDiscount) (Version:  - )
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MegaLogViewer version 3.4.04 (HKLM\...\{73777CD1-5F24-4E4B-8846-944DAA9F9565}_is1) (Version: 3.4.04 - EFI Analytics, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Excel 2013 - en-us (HKLM\...\ExcelRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.902 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Snapshot Viewer (HKLM\...\Snapshot Viewer) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.4f2 - Unity Technologies ApS)
VemsTune (HKLM\...\VemsTune) (Version:  - )
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinPEP 7 (HKLM\...\InstallShield_{A0568C61-9443-43F3-9938-E573A3BEFB7B}) (Version: 7.5.1.14 - Dynojet Research Inc.)
WinPEP 7 (Version: 7.5.1.14 - Dynojet Research Inc.) Hidden
Wisdom-soft ScreenHunter 6.0 Free (HKLM\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
========================= Restore Points ==================================

19-12-2014 15:12:06 End of disinfection

**** End of log ****
 

 

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/20/2014
Scan Time: 2:16:13 PM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.20.05
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Black

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 294125
Time Elapsed: 10 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

 

 

 

Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users