Jump to content

narlo56

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by narlo56

  1. I've run Rogue Killer (latest version) and it did not detect any issues.
  2. DDS & ATTACH files included. Windows 7 x64 Malwarebytes (latest installed) McAfee (latest installed) Neither one caught the problem. I only have access to the system now in Safe Mode as it appears my profile is infected. This is a business laptop. dds.txt attach.txt
  3. Well the post is gone now and I can't see the options. But I would like a free option.
  4. would you please, if you have time, help me remove this vicious malware/trojan/virus. Malwarebytes didn't stop it and nothing I've done so far seems to work. My profile has been infected but I have access to SAFE Mode via an admin login. Windows 7 64Bit
  5. I want to attempt to clean this computer. I am fully aware that the experts recommend reformatting and reinstalling the OS, but I really don't have that option at this point in time because I work remotely and the infected laptop is a corporate machine.
  6. RogueKiller V8.0.3 [09/13/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : mlevine [Admin rights] Mode : Scan -- Date : 09/17/2012 11:48:00 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc] [sUSP PATH] ciscod.exe -- C:\Users\mlevine\AppData\Local\Cisco\Cisco HostScan\bin\ciscod.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 19 ¤¤¤ [RUN][bLACKLIST DLL] HKLM\[...]\Run : nkbcir ("C:\Windows\System32\rundll32.exe" "C:\Users\mlevine\AppData\Roaming\nkbcir.dll",FromReadWriteObject) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (10.60.0.15:80) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1537067209-438800835-210577260-1304\$8861b81f41f7c1e25b788762855eda85\n.) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\n.) -> FOUND [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\U --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1537067209-438800835-210577260-1304\$8861b81f41f7c1e25b788762855eda85\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$8861b81f41f7c1e25b788762855eda85\L --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1537067209-438800835-210577260-1304\$8861b81f41f7c1e25b788762855eda85\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 64.46.36.178 www.google-analytics.com. 64.46.36.178 ad-emea.doubleclick.net. 64.46.36.178 www.statcounter.com. 64.27.10.42 www.google-analytics.com. 64.27.10.42 ad-emea.doubleclick.net. 64.27.10.42 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG SSD PM810 2.5" 7mm 128GB ATA Device +++++ --- User --- [MBR] acea7cec790a4f0bad980e02d2cc5bee [bSP] 6e10b56411ce35bb11a4e92f91b14a33 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122003 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  7. Malwarebytes Pro version 1.65.0.1400 build date 09/07/2012 5:04:41 PM Symptoms: Cannot enable malicious website blocking cannot VPN into my company - they've check and the issue is my laptop System Windows 7 Enterprise x64 8GB Ram 119 GB SSD hard drive Thank you in advance for helping diagnose and correct the issues. Mike Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.