1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: DIficult situations, read discription

Discussion in 'Windows 7' started by windows4ever, Dec 8, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. windows4ever

    windows4ever Thread Starter

    Joined:
    Jun 13, 2012
    Messages:
    13
    RogueKiller V8.3.2 [Dec 10 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Denys [Admin rights]
    Mode : Scan -- Date : 12/11/2012 19:24:22

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Integrated Driver (C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1252878139-3919798227-3298346155-1000[...]\Run : Integrated Driver (C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe) -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : NBAgent ("C:\Users\Denys\Desktop\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart) -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : HD Audio Driver (C:\Windows\explorer.exe "C:\Users\Denys\AppData\Roaming\Realtek\RAVCpl32.exe") -> FOUND
    [TASK][SUSP PATH] {93720747-FF87-4D7D-BD86-0FC508C57CCB} : C:\Users\Denys\Desktop\Games\Terraria\Terraria.exe -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD1002FAEX-00Y9A0 +++++
    --- User ---
    [MBR] 0fe3f9f813526eee093e692d7709edcd
    [BSP] b0d15e42c68ed53a5d6366ce5a6c54ef : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953766 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_12112012_02d1924.txt >>
    RKreport[1]_S_12112012_02d1924.txt
     
  2. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    And DDS?
     
  3. windows4ever

    windows4ever Thread Starter

    Joined:
    Jun 13, 2012
    Messages:
    13
    GOOD NEWS, i seem to have fixed it by running malwarebytes :DD
     
  4. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Well done, but on occasion items removed by Mbam may come back, depends on the infection. If you would like me to help make quite sure the system is clean send me the Mbam log so I can see what was removed. After a reboot run it again to make sure the infection has not returned.

    Send me the log from the scan that you did that found something and if another scan finds anything send me that as well.

    Malwarebytes logs

    • Open Malwarebytes.
    • Click on the Logs tab.
    • Click on the entry that shows the items detected.
    • Click on the Open button and then copy and paste the log into your next reply.
     
  5. windows4ever

    windows4ever Thread Starter

    Joined:
    Jun 13, 2012
    Messages:
    13
    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.13.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Denys :: GAMIN-PC [administrator]

    Protection: Enabled

    12/13/2012 2:09:14 PM
    mbam-log-2012-12-13 (14-09-14).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 457109
    Time elapsed: 42 minute(s), 45 second(s)

    Memory Processes Detected: 1
    C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe (Heuristics.Shuriken) -> 2000 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 7
    HKCR\CLSID\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044344491} (PUP.GamePlayLab) -> No action taken.
    HKCR\Interface\{55555555-5555-5555-5555-550055345591} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> No action taken.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Integrated Driver (Heuristics.Shuriken) -> Data: C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 17
    C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (PUP.GamePlayLab) -> No action taken.
    C:\ILLUSION\Home Mate\htrn.exe (HackTool.GamesCheat.Gen) -> No action taken.
    C:\Itazura Gokuaku\trainer_english.exe (HackTool.GamesCheat.Gen) -> No action taken.
    C:\Program Files (x86)\Activision\Call of Duty Black Ops II\buddha.dll (Malware.Gen.SKR) -> No action taken.
    C:\Users\Denys\AppData\Roaming\Beat Hazard\msess.exe (Heuristics.Shuriken) -> No action taken.
    C:\Users\Denys\AppData\Roaming\DragonSaga\msess.exe (Heuristics.Shuriken) -> No action taken.
    C:\Users\Denys\AppData\Roaming\Awesomium\msess.exe (Heuristics.Shuriken) -> Delete on reboot.
    C:\Users\Denys\AppData\Roaming\Ace\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\AppData\Roaming\Adobe\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\AppData\Roaming\GameMaker\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\AppData\Roaming\Microsoft\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\AppData\Roaming\Mozilla\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\AppData\Roaming\PDAppFlex\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\AppData\Roaming\TeraCopy\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\AppData\Roaming\Unity\msess.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Denys\Desktop\Games\Beat Hazard\Beat Hazard Ultra\TDU.exe (Packer.ModifiedUPX) -> Quarantined and deleted successfully.
    C:\Users\Denys\Desktop\Torrent\Assassins.Creed.III-KaOs\d3drm.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

    (end)
     
  6. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    There may be a few false positives in that log, but msess.exe could be of concern and you have chosen not to remove all the detections which includes a couple of entries containing that file.

    In my last post I said:

    Send me the log from the scan that you did that found something and if another scan finds anything send me that as well.

    So, is this the second scan I asked you to run or the first one?

    Are any of the games you are running pirated software, or are they all legitimate bought copies.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1080045