Jump to content

DaRajunCajun

Members
  • Posts

    16
  • Joined

  • Last visited

Reputation

0 Neutral
  1. It is behaving nicely. No more weirdness. Guess we got it all huh?
  2. That scan took seconds to run.. I ran the search then ran delete. Here's the logs. AdwCleanerS1.txt AdwCleanerR1.txt
  3. OH yeah.. I forgot to attach the log.. ComboFix.txt is attached. ComboFix.txt
  4. ComboFix ran without any errors or problems. It removed a few files. What next?
  5. I think I got it all. I followed the directions in your post. The scan with MBAR came up clean. I was able to install updates from Microsoft again. Only thing that had issues was Windows Defender. From what I have read, when Microsoft Security Essentials is installed it disables Defender. I ran DDS and I'm going to upload the logs from it and MBAR. Look them over to be sure we got everything. Thanks again for your assistance. attach.txt dds.txt mbar-log-2013-06-14 (08-59-54).txt
  6. Thanks for your help. On a side note Malwarebytes is now working will full protection.. LOL I exited out the protection in the system tray then open Malwarebytes from a desktop shortcut.. Voila it decided to work.. Working on getting the viruses off the work machine on the other forum. Nice to see folks that stand behind their great product.
  7. Ran Rogue Killer. It found and quarantined some stuff and it killed one task. Here is the log: RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : George Hancock [Admin rights] Mode : Scan -- Date : 06/13/2013 16:23:04 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] VPDAgent_x64.exe -- C:\Windows\VPDAgent_x64.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 14 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Adobe CSS5.1 Manager (C:\Users\George Hancock\AppData\Local\653c655d-6365-4c67-92a8-136d270b9f46ad\cdcadbfad.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-2828638304-4138694908-2543634533-1000[...]\Run : Adobe CSS5.1 Manager (C:\Users\George Hancock\AppData\Local\653c655d-6365-4c67-92a8-136d270b9f46ad\cdcadbfad.exe) [x] -> FOUND [RUN][sUSP PATH] HKCU\[...]\Policies\Explorer\Run : cdcadbfad (C:\Users\George Hancock\AppData\Local\653c655d-6365-4c67-92a8-136d270b9f46ad\cdcadbfad.exe) [x] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-2828638304-4138694908-2543634533-1000[...]\Policies\Explorer\Run : cdcadbfad (C:\Users\George Hancock\AppData\Local\653c655d-6365-4c67-92a8-136d270b9f46ad\cdcadbfad.exe) [x] -> FOUND [TASK][sUSP PATH] USTechSupport Update Notifier.job : C:\ProgramData\USTechSupport\Update\ustsiss03.exe /tsp [7] -> FOUND [TASK][sUSP PATH] USTechSupport Update Notifier Logon.job : C:\ProgramData\USTechSupport\Update\ustsiss03.exe /restart [7] -> FOUND [TASK][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{F8F04ADB-480E-471E-ACB0-DCEBD956ADB1}.exe --uninstall=1 [x] -> FOUND [TASK][sUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{F8F04ADB-480E-471E-ACB0-DCEBD956ADB1}.exe --uninstall=1 [x] -> FOUND [TASK][sUSP PATH] USTechSupport Update Notifier : C:\ProgramData\USTechSupport\Update\ustsiss03.exe /tsp [7] -> FOUND [TASK][sUSP PATH] USTechSupport Update Notifier Logon : C:\ProgramData\USTechSupport\Update\ustsiss03.exe /restart [7] -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][sUSP PATH] HKCR\[...]\InprocServer32 : (C:\Users\George Hancock\AppData\Local\Temp\ssmrodt\sdhiirp\wow64.dll) [x] -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: LITEONIT LCT-256M3S +++++ --- User --- [MBR] 42cbaf37d68189ae46331b805f7debfd [bSP] 216ddb4a365762019eb830ce219b56b9 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 752 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1622016 | Size: 243404 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ARRAY0 +++++ --- User --- [MBR] 8d25afab156346c2b9bca3534e799e94 [bSP] 1989fb72e2d8d4a7669a6040437af619 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8192 | Size: 1887224 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: ARRAY1 +++++ --- User --- [MBR] b3ffadb1cb05f6ad500974e391bb0215 [bSP] 9cd855910acdae6ce30ac4d06f149825 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 8192 | Size: 20492 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: hp c335w USB Device +++++ --- User --- [MBR] ee1a099eb6bff0d7e429e281c9b99ae6 [bSP] 455aa6f582aec1f0415379636c3b9d49 : MBR Code unknown Partition table: 0 - [XXXXXX] UNKNOWN (0x72) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 Mo 1 - [XXXXXX] UNKNOWN (0x65) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 Mo 2 - [XXXXXX] UNKNOWN (0x79) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 Mo 3 - [XXXXXX] UNKNOWN (0x0d) [VISIBLE] Offset (sectors): 2885681152 | Size: 27 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_06132013_02d1623.txt >> RKreport[1]_S_06132013_02d1623.txt
  8. I closed my Malwarebytes and opened it from desktop icon. Now the protection is fully enabled.. How strange is that.. The thing that started this off is now working.. Logs are coming
  9. I had an issue with the IP protection not enabling on Malware-Bytes trial ver. I have uninstalled and reinstalled it a few times now with no improvement. I posted in the help forums for the software. I sent in my logs and was advised that the logs showed a possible Zero Access Rootkit infection. I don't doubt that since I have already removed dozens of infections already. So without further delay here are the logs.. Attach.txt & DDS.txt have been attached. attach.txt dds.txt
  10. Do I need to post in the help I'm infected forum to get help with this Zero Access Rootkit or are they working behind the scenes on a solution?
  11. I really need to get this machine cleaned so I can get back to work with it. I've got it on an isolated network and I'm using a backup computer with XP.. I went from Porche to Yugo.. LOL
  12. Zero Access.. That makes sense because windows update isn't running. Background Intelligent Transfer Service isn't running. I've had trouble getting to some Microsoft Sites. Would you recommend MBAR? or some other rootkit remover?
  13. So I uninstalled Malware Bytes with Revo unistaller, reboot, run the mbamclean tool, reboot, reinstall and still IP protection fails. I have installed this on another machine and it had no problems.. It's got me scratching my head for sure. I hope we can fix this quickly. I am attaching all the logs to this post. Attach.txt, dds.txt and CheckResults.txt are attached. attach.txt CheckResults.txt dds.txt
  14. Thanks. I will try those suggestions as soon as I get done scannig this beast for viruses.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.