Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows 7 Windows 7
Search Search
Search for:
Tech Support Guy > > >

Solved: DIficult situations, read discription


(!)

windows4ever's Avatar
windows4ever windows4ever is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
11-Dec-2012, 08:24 PM #16
RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Denys [Admin rights]
Mode : Scan -- Date : 12/11/2012 19:24:22

Bad processes : 0

Registry Entries : 9
[RUN][SUSP PATH] HKCU\[...]\Run : Integrated Driver (C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1252878139-3919798227-3298346155-1000[...]\Run : Integrated Driver (C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : NBAgent ("C:\Users\Denys\Desktop\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : HD Audio Driver (C:\Windows\explorer.exe "C:\Users\Denys\AppData\Roaming\Realtek\RAVCpl32.exe") -> FOUND
[TASK][SUSP PATH] {93720747-FF87-4D7D-BD86-0FC508C57CCB} : C:\Users\Denys\Desktop\Games\Terraria\Terraria.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: WDC WD1002FAEX-00Y9A0 +++++
--- User ---
[MBR] 0fe3f9f813526eee093e692d7709edcd
[BSP] b0d15e42c68ed53a5d6366ce5a6c54ef : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12112012_02d1924.txt >>
RKreport[1]_S_12112012_02d1924.txt
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
11-Dec-2012, 08:59 PM #17
And DDS?
windows4ever's Avatar
windows4ever windows4ever is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
14-Dec-2012, 08:59 AM #18
GOOD NEWS, i seem to have fixed it by running malwarebytes D
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
14-Dec-2012, 10:02 AM #19
Well done, but on occasion items removed by Mbam may come back, depends on the infection. If you would like me to help make quite sure the system is clean send me the Mbam log so I can see what was removed. After a reboot run it again to make sure the infection has not returned.

Send me the log from the scan that you did that found something and if another scan finds anything send me that as well.

Malwarebytes logs
  • Open Malwarebytes.
  • Click on the Logs tab.
  • Click on the entry that shows the items detected.
  • Click on the Open button and then copy and paste the log into your next reply.
windows4ever's Avatar
windows4ever windows4ever is offline
Computer Specs
Member with 13 posts.
THREAD STARTER
 
Join Date: Jun 2012
Experience: Intermediate
14-Dec-2012, 08:02 PM #20
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.13.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Denys :: GAMIN-PC [administrator]

Protection: Enabled

12/13/2012 2:09:14 PM
mbam-log-2012-12-13 (14-09-14).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 457109
Time elapsed: 42 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe (Heuristics.Shuriken) -> 2000 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Integrated Driver (Heuristics.Shuriken) -> Data: C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 17
C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
C:\ILLUSION\Home Mate\htrn.exe (HackTool.GamesCheat.Gen) -> No action taken.
C:\Itazura Gokuaku\trainer_english.exe (HackTool.GamesCheat.Gen) -> No action taken.
C:\Program Files (x86)\Activision\Call of Duty Black Ops II\buddha.dll (Malware.Gen.SKR) -> No action taken.
C:\Users\Denys\AppData\Roaming\Beat Hazard\msess.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\Denys\AppData\Roaming\DragonSaga\msess.exe (Heuristics.Shuriken) -> No action taken.
C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe (Heuristics.Shuriken) -> Delete on reboot.
C:\Users\Denys\AppData\Roaming\Ace\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\AppData\Roaming\Adobe\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\AppData\Roaming\GameMaker\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\AppData\Roaming\Microsoft\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\AppData\Roaming\Mozilla\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\AppData\Roaming\PDAppFlex\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\AppData\Roaming\TeraCopy\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\AppData\Roaming\Unity\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
C:\Users\Denys\Desktop\Games\Beat Hazard\Beat Hazard Ultra\TDU.exe (Packer.ModifiedUPX) -> Quarantined and deleted successfully.
C:\Users\Denys\Desktop\Torrent\Assassins.Creed.III-KaOs\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

(end)
Mark1956's Avatar
Malware Removal Specialist with 14,071 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
14-Dec-2012, 10:22 PM #21
There may be a few false positives in that log, but msess.exe could be of concern and you have chosen not to remove all the detections which includes a couple of entries containing that file.

In my last post I said:

Send me the log from the scan that you did that found something and if another scan finds anything send me that as well.

So, is this the second scan I asked you to run or the first one?

Are any of the games you are running pirated software, or are they all legitimate bought copies.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
loud noise, random letter insertion, speeding up, windows 7

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑