peck1234
-
Posts
45 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by peck1234
-
-
Ran a Full Scan with MBAM deleted about 14 trojans, but im still being site redirected.
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:46:20 AM, on 6/18/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Users\Peck\Desktop\Demos\System Info\Realtemp\RealTemp.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Users\Peck\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Peck\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Peck\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Peck\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - Startup: RealTemp - Shortcut.lnk = Peck\Desktop\Demos\System Info\Realtemp\RealTemp.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SetupARService - Realtek Semiconductor. - C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7378 bytes
GMER 1.0.15.15640 - http://www.gmer.netRootkit scan 2011-06-18 10:38:23
Windows 6.1.7601 Service Pack 1
Running: 4yvnm18v.exe
---- Files - GMER 1.0.15 ----
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\ais_res-2be.vpx 1922929 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\ais_x64-420.vpx 995883 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\avast.setup 3261952 bytes executable
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\chrome-2.vpx 569949 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\jollyroger.vpx 165977 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\jrog-a7.vpx 39212 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\jrog2-225.vpx 122646 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\offer.ini 119 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\part-jrog-a7.vpx 168 bytes
File C:\Users\Peck\AppData\Local\Temp\_av_sfx.tm~a03952\part-jrog2-225.vpx 805 bytes
---- EOF - GMER 1.0.15 ----
-
Just awesome!!!! Loving the ignore folder feature! This has been at the top of my wish list for years! Now I can finally cut out my 300GB Game and 100GB Music folder from full scans!
Thank you mbam!
-
Great to hear...
Thanks for the reply....
Mike
-
Figured id give this a bump now that 1.45 is out. I would really love to see this feature so I can skip all my games/music files directory's during full scans.
-
Great job guys! Loving it! The new quick scan is now BLAZING FAST!!!
-
I just noticed that the malwarebytes scan stops when I drag the window around my desktop? Has it always done this?
-
Great! THanks!
Really Exited for 1.45!
-
Awesome! Any ETA?
Thanks Malwarebytes
-
Any devs's agree?
This feature would be great.
-
If malwarebytes could include a section in the program for a user to define folders to skip it would be greatly appreciated as well as increase the full speed scan.
For instance, I have over 100Gigs of PC games in my x86 Steam Folder. Letting malwarebytes skip over this folder would greatly speed up the scan time.
-
I'm a computer illiterate, but like the Malware program. So what does this response mean? What is an IP range? How can one site host all these different sites that are malicious?
There is a website that Malware is currently blocking that is legitimate and I need to view it. If it is blocked due to something like the above, is there any way to get around the blocking by this program? I'd need detailed very clear step by step directions.
Thank you.
Think of an ip range like a bakery. Lets say this specific bakery make's a bad batch of cookies. Now, not only does the bakery have bad cookies, but every one who uses the bakery now has a bad batch of cookies. The bakery is the "source" IP adress and all the customers who bought cookes are now in the "IP Range"
As for blocking malwarebytes simply open up the program click on the protection tab and then shut it off. Now you can browse uninterrupted.
-
Anything you would like me to do to help you guys out before I completely delete the quarantined item?
-
Great! THanks
-
Very odd, I restored the file but when searching through system32 I could not find the file. I have show hidden files and folders checked as well.
Malwarebytes is still finding it but I physically cant... So I guess it is malware!
-
Many of the times when I fix friends and customers computers I have to boot into safe mode just to get windows loaded up. As many of you know safe mode does not have an internet connection so I cant update the malwarebytes definitions.
Can I simply copy and paste the files inside the program files>malwarebytes folder and add them to the computer that is running in safe mode? This should update the definition data base? Yes?
-
I'm sorry would you like the image zipped? Or the Mal-ware?
-
Looks a little odd to me? Sysresore.dll?
Google redirect and fsharproj
in Resolved Malware Removal Logs
Posted
@irritated2011,
Member peck1234 is not approved as one who should render advice in this forum.
Posting removed by Moderator.
Please carry on with your expert assistant "elise025...and my apologies for this intrusion. Thanks for your understanding.