Jump to content

r3dDaWn

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Well I think that was it... didn't hear any audio all day via the laptop and no malware/virus found via scans. I'm hitting myself as we speak for not finding this solution, but totally thank you for the help on this. I want you to know that you helping others doesn't get overlooked by someone like myself, so I sent you something via paypal.. Thanks again and keep up the great work. I hope people value the help on these forums.. I guess this topic can be closed, hopefully, no more issues!! Take care!!
  2. Hi, below is the info, I'm going to let it run a few hours to see if any audio ads start to stream and report back later. Thanks again for your help on this.. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-04-2014Ran by Geneva at 2014-04-14 20:46:03 Run:1Running from C:\Users\Geneva\Downloads\TempBoot Mode: Normal============================================== Content of fixlist:*****************Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll ***************** C:\Windows\System32\rpcss.dll => Moved successfully.C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll ==== End of Fixlog ====
  3. Hi, and many thanks for the welcome and help. Below I posted the info requested: SystemLook 30.07.11 by jpshortstuffLog created at 18:53 on 14/04/2014 by GenevaAdministrator - Elevation successful ========== Filefind ========== Searching for "rpcss.dll"C:\Windows\System32\rpcss.dll --a---- 520192 bytes [03:24 21/11/2010] [03:24 21/11/2010] 2EF9A04EE55A70AB0F15330BDDE57A2DC:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll --a---- 512000 bytes [03:24 21/11/2010] [03:24 21/11/2010] 5C627D1B1138676C0A7AB2C2C190D123 -= EOF =-
  4. Hi, I'm having the hardest time getting rid of some sort of audio ad malware. The machine I'm working on for my niece had some malware on it before I started. Was able to remove quite a bit with Malwarebytes, used Hitman Pro, TDS Killer, Rkill, JRT, ComboFix, ADWcleaner, and even ran Emisoft Emergency Kit/Scanner to look for malware. After doing all that, the system showed no infections. Installed Norton Internet Security on the machine, updated, then scanned, no virus/malware found. Then we noticed audio start from no where. Checked the logs for Anti-Malware and saw the following: Malwarebytes Anti-Malwarewww.malwarebytes.org Detection, 4/8/2014 1:15:19 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51052, Outbound, C:\Windows\System32\svchost.exe, Detection, 4/8/2014 1:15:19 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 51052, Outbound, C:\Windows\System32\svchost.exe, Protection, 4/8/2014 1:22:19 PM, SYSTEM, GENEVA-HP, Protection, Malware Protection, Starting, Protection, 4/8/2014 1:22:19 PM, SYSTEM, GENEVA-HP, Protection, Malware Protection, Started, Protection, 4/8/2014 1:22:19 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, Starting, Protection, 4/8/2014 1:22:24 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, Started, Detection, 4/8/2014 1:23:20 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49166, Outbound, C:\Windows\System32\svchost.exe, Detection, 4/8/2014 1:23:20 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49166, Outbound, C:\Windows\System32\svchost.exe, Protection, 4/8/2014 1:28:46 PM, SYSTEM, GENEVA-HP, Protection, Malware Protection, Starting, Protection, 4/8/2014 1:28:46 PM, SYSTEM, GENEVA-HP, Protection, Malware Protection, Started, Protection, 4/8/2014 1:28:46 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, Starting, Protection, 4/8/2014 1:28:50 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, Started, Detection, 4/8/2014 1:30:43 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49164, Outbound, C:\Windows\System32\svchost.exe, Detection, 4/8/2014 1:30:43 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49164, Outbound, C:\Windows\System32\svchost.exe, Detection, 4/8/2014 1:49:49 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 49773, Outbound, C:\Windows\System32\svchost.exe, Detection, 4/8/2014 1:57:57 PM, SYSTEM, GENEVA-HP, Protection, Malicious Website Protection, IP, 66.45.56.109, searchnet.blinkxcore.com, 50138, Outbound, C:\Windows\System32\svchost.exe, Ran again different scans, even through safe mode, no malware found, yet, same issue with the audio ads. I noticed an entry in the volume mixer in Windows 7 that shows up anytime the audio starts to stream, attached screen shot of that. Have gone through different posts here and via google to try to figure out how to rid this malware without having to wipe the machine and re-install Windows 7. Any help to get rid of this would be highly appreciated. I've attached the log files requested from the Farbar Tool... Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.