Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About hezekiah

  • Rank
    New Member
  1. I have performed the procedures requested, and all appears well. I will be backing up my work files and other important documents and then re-installing Windows, hopefully with a nice perfect install this time Thank you very much for your assistance, I have NEVER in my life had a serious of viruses like this! (Heck, I've never actually had one in 20-ish years!).
  2. It's running as smoothly as it usually does, things are opening and closing in their normal time and manner instead of being horribly delayed, and of course no random redirects or internet malfunctions either (the obvious stuff is all gone).
  3. :D Malwarebytes Anti-Malware (Trial) www.malwarebytes.org Database version: v2012.07.11.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jen :: JEN-PC [administrator] Protection: Enabled 7/12/2012 1:56:29 PM mbam-log-2012-07-12 (13-56-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228853 Time elapsed: 3 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No mal
  4. I think we are making progress!! All processes killed ========== OTL ========== HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mMSI.dll folder moved successfully. C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mIDEFunc.dll folder moved successfully. C:\ProgramData\{79B7B63C-59
  5. OTL logfile created on: 7/11/2012 5:45:41 PM - Run 2 OTL by OldTimer - Version Folder = C:\Users\Jen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 61.17% Memory free 12.00 Gb Paging File | 9.29 Gb Available in Paging File | 77.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Wind
  6. Computer seems to be running fine, no weird popups saying my computer is trying to send out data, no slowness, no real suspicious acts on the computer. Will paste the next log(s) in seperate posts since they are quite large. MBR.zip aswMBR version Copyright© 2011 AVAST Software Run date: 2012-07-11 17:11:48 ----------------------------- 17:11:48.785 OS Version: Windows x64 6.1.7601 Service Pack 1 17:11:48.785 Number of processors: 2 586 0xF0B 17:11:48.786 ComputerName: JEN-PC UserName: Jen 17:11:51.551 Initialize success 17:12:42.114 AVAST engine defs: 12071102 17:15:30.925 Disk 0
  7. (to be more precise since I can't seem to edit my post, they were changed from his personal computer which is virus free).
  8. Fortunately all our online passwords were changed Saturday after my husband's car got broken into and his personal laptop was stolen out of it. I haven't logged into any sensitive sites since then, so I am at least sure that there's no room for issues there I'd like to try and continue for another day or so, just in case this can be redeemed, then if necessary I can use all weekend to set my computer up again if I have to reformat and reinstall.
  9. Aha! Good news! I solved one of the problems with the solution of Not being an Idiot As it shut down after the sfc scannow I saw 'windows home premium' in the corner.. so out of curiosity I redid the frst64 and there was a 3rd repair option to click through to, home premium.. ran that with the fix and boom! Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-11 16:40:37 Run:1 Running from G:\ ============================================== C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-ser
  10. It is running now. I do have my x64 CD sitting right next to me as I have been pondering nuking the system (oh how I hate doing that). I just worry about my work documents, I need to save them but I also need them to not be infectious- looks like they should be OK by the scans though? I don't know how viruses propagate computer to computer, so I don't want to transfer files unless I am pretty sure they are safe. The scan says it successfully repaired corrupt files and they will be good after the next reboot. Good? (rebooting)
  11. Result #2: not better than result #1 Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-11 14:19:41 Run:2 Running from G:\ ============================================== Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe. ==== End of Fixlog ==== The Wmic OS command returned this; os - alias not found. The second command returns AMD64
  12. Got the same weird Combofix error as before. (Windows 2000 etc) Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-11 12:27:21 Run:1 Running from G:\ ============================================== HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found. Could not find C:\Windows\SysNative\services.exe. Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe. C:\Windows\temp\SBS_VE_REMD_201206101751
  13. Finally complete! C:\Windows\SysNative\services.exe Win64/Patched.B.Gen trojan C:\Windows\temp\SBS_VE_REMD_20120610175113.867_ 1651 Win32/Sirefef.EZ trojan C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\00000008.@ Win64/Agent.BA trojan C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000000.@ Win64/Sirefef.AE trojan C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000032.@ a variant of Win32/Sirefef.FD trojan C:\_OTL\MovedFiles\0710
  14. 43% complete, up to 6 threats found. Unfortunately this is my work computer and as such it has files I can't replace that haven't been backed up (which may be a good thing or my backup drive would probably have viruses too at this rate).
  15. ESET ran for 5 hours last night before my computer rebooted. Trying it again this morning. At 17% currently after 45 minutes.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.