Jump to content

charade539

Members
  • Content Count

    17
  • Joined

  • Last visited

Community Reputation

0 Neutral

About charade539

  • Rank
    New Member
  1. Here's the results of the scan. C:\FRST\Quarantine\services.exe Win64/Patched.B.Gen trojan C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\00000008.@ Win64/Agent.BA trojan C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000000.@ Win64/Sirefef.AE trojan C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000032.@ Win32/Sirefef.FD trojan C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\U\80000064.@ Win64/Sirefef.AM trojan C:\FRST\Quarantine\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\n Win64/Sirefef.
  2. Downloaded Revo Uninstaller Updated Adobe Reader (says it was already installed) Ran Malwarebytes Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.07.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Kyle :: WHEELJACK [administrator] Protection: Enabled 7/8/2012 12:44:51 AM mbam-log-2012-07-08 (00-44-51).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230941 Time elapsed: 2 minute(s), 18 second(s) Memory Proce
  3. aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-06 13:47:00 ----------------------------- 13:47:00.607 OS Version: Windows x64 6.1.7600 13:47:00.607 Number of processors: 4 586 0x170A 13:47:00.608 ComputerName: WHEELJACK UserName: Kyle 13:47:03.643 Initialize success 13:50:16.057 AVAST engine defs: 12070601 13:50:50.615 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 13:50:50.618 Disk 0 Vendor: ST32000542AS CC34 Size: 1907729MB BusType: 3 13:50:50.635 Disk 0 MBR read successfully 13:50:50.639 Disk 0 MBR scan 13:50:5
  4. 13:44:02.0609 3432 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 13:44:03.0115 3432 ============================================================ 13:44:03.0115 3432 Current date / time: 2012/07/06 13:44:03.0115 13:44:03.0115 3432 SystemInfo: 13:44:03.0115 3432 13:44:03.0115 3432 OS Version: 6.1.7600 ServicePack: 0.0 13:44:03.0115 3432 Product type: Workstation 13:44:03.0115 3432 ComputerName: WHEELJACK 13:44:03.0115 3432 UserName: Kyle 13:44:03.0115 3432 Windows directory: C:\Windows 13:44:03.0115 3432 System windows directory: C:\Windows 13:44:03.01
  5. Sorry for the delay, things got a little crazy over here. I'll do the next part of your instructions now.
  6. ComboFix 12-07-02.01 - Kyle 07/03/2012 16:18:01.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6724 [GMT -5:00] Running from: c:\users\Kyle\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\@ c:\windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16}\L\00000004
  7. Here it is. Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012 Ran by SYSTEM at 2012-07-01 14:37:53 Run:1 Running from G:\ ============================================== C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe C:\Windows\Installer\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16} moved successfully. C:\Users\Kyle\AppData\Local\{d270f3b2-8255-d6f6-5ea1-c9a2db5cbd16} moved success
  8. Here you go. Farbar Recovery Scan Tool Version: 25-06-2012 Ran by SYSTEM at 2012-06-30 17:04:55 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  9. Here you go. Scan result of Farbar Recovery Scan Tool Version: 25-06-2012 Ran by SYSTEM at 29-06-2012 14:17:28 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04]
  10. I did, and I am now able to get back into Windows. Will retry your instructions.
  11. Also, I need to add that there was no option to choose my account, it automatically ran a diagnostic and rebooted, and then this began.
  12. I attempted to follow your instructions and am now stuck on a boot loop. It continously returns the the 'start windows normally/safe mode/etc' screen. No matter what I choose it just restarts.
  13. I downloaded the file, put it on a thumb drive, and followed your instructions, but the option to "Repair your computer" did not appear. I removed all other files from the flash drive and tried again, but it still did not show up.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.