Jump to content

hezekiah

Members
  • Content Count

    26
  • Joined

  • Last visited

Everything posted by hezekiah

  1. I have performed the procedures requested, and all appears well. I will be backing up my work files and other important documents and then re-installing Windows, hopefully with a nice perfect install this time Thank you very much for your assistance, I have NEVER in my life had a serious of viruses like this! (Heck, I've never actually had one in 20-ish years!).
  2. It's running as smoothly as it usually does, things are opening and closing in their normal time and manner instead of being horribly delayed, and of course no random redirects or internet malfunctions either (the obvious stuff is all gone).
  3. :D Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.11.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jen :: JEN-PC [administrator] Protection: Enabled 7/12/2012 1:56:29 PM mbam-log-2012-07-12 (13-56-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228853 Time elapsed: 3 minute(s), 30 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No mal
  4. I think we are making progress!! All processes killed ========== OTL ========== HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-131210501-3192421088-3893619746-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully! C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mMSI.dll folder moved successfully. C:\ProgramData\{79B7B63C-5992-4F92-9E81-21B6907F23B6}\OFFLINE\mIDEFunc.dll folder moved successfully. C:\ProgramData\{79B7B63C-59
  5. OTL logfile created on: 7/11/2012 5:45:41 PM - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 3.67 Gb Available Physical Memory | 61.17% Memory free 12.00 Gb Paging File | 9.29 Gb Available in Paging File | 77.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Wind
  6. Computer seems to be running fine, no weird popups saying my computer is trying to send out data, no slowness, no real suspicious acts on the computer. Will paste the next log(s) in seperate posts since they are quite large. MBR.zip aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-11 17:11:48 ----------------------------- 17:11:48.785 OS Version: Windows x64 6.1.7601 Service Pack 1 17:11:48.785 Number of processors: 2 586 0xF0B 17:11:48.786 ComputerName: JEN-PC UserName: Jen 17:11:51.551 Initialize success 17:12:42.114 AVAST engine defs: 12071102 17:15:30.925 Disk 0
  7. (to be more precise since I can't seem to edit my post, they were changed from his personal computer which is virus free).
  8. Fortunately all our online passwords were changed Saturday after my husband's car got broken into and his personal laptop was stolen out of it. I haven't logged into any sensitive sites since then, so I am at least sure that there's no room for issues there I'd like to try and continue for another day or so, just in case this can be redeemed, then if necessary I can use all weekend to set my computer up again if I have to reformat and reinstall.
  9. Aha! Good news! I solved one of the problems with the solution of Not being an Idiot As it shut down after the sfc scannow I saw 'windows home premium' in the corner.. so out of curiosity I redid the frst64 and there was a 3rd repair option to click through to, home premium.. ran that with the fix and boom! Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-11 16:40:37 Run:1 Running from G:\ ============================================== C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-ser
  10. It is running now. I do have my x64 CD sitting right next to me as I have been pondering nuking the system (oh how I hate doing that). I just worry about my work documents, I need to save them but I also need them to not be infectious- looks like they should be OK by the scans though? I don't know how viruses propagate computer to computer, so I don't want to transfer files unless I am pretty sure they are safe. The scan says it successfully repaired corrupt files and they will be good after the next reboot. Good? (rebooting)
  11. Result #2: not better than result #1 Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-11 14:19:41 Run:2 Running from G:\ ============================================== Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe. ==== End of Fixlog ==== The Wmic OS command returned this; os - alias not found. The second command returns AMD64
  12. Got the same weird Combofix error as before. (Windows 2000 etc) Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-11 12:27:21 Run:1 Running from G:\ ============================================== HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found. Could not find C:\Windows\SysNative\services.exe. Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe. C:\Windows\temp\SBS_VE_REMD_201206101751
  13. Finally complete! C:\Windows\SysNative\services.exe Win64/Patched.B.Gen trojan C:\Windows\temp\SBS_VE_REMD_20120610175113.867_ 1651 Win32/Sirefef.EZ trojan C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\00000008.@ Win64/Agent.BA trojan C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000000.@ Win64/Sirefef.AE trojan C:\_OTL\MovedFiles\07102012_152113\C_Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000032.@ a variant of Win32/Sirefef.FD trojan C:\_OTL\MovedFiles\0710
  14. 43% complete, up to 6 threats found. Unfortunately this is my work computer and as such it has files I can't replace that haven't been backed up (which may be a good thing or my backup drive would probably have viruses too at this rate).
  15. ESET ran for 5 hours last night before my computer rebooted. Trying it again this morning. At 17% currently after 45 minutes.
  16. Trying to run combofix under all circumstances gave me the same error as before, that my OS needed to be windows 2000 or XP. Eset is going to take a VERY long time to run, I think... Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.09.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Jen :: JEN-PC [administrator] Protection: Enabled 7/10/2012 4:48:03 PM mbam-log-2012-07-10 (16-48-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan
  17. Even in safe mode, and with a new fresh download, now combofix just refuses to run.
  18. Here's the OTLfix log. Rebotting into safe mode now. All processes killed ========== OTL ========== HKU\S-1-5-21-131210501-3192421088-3893619746-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully! C:\Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\00000008.@ moved successfully. C:\Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000032.@ moved successfully. C:\Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\U\80000064.@ moved successfully. C:\Windows\Installer\{056200fe-5d32-27f4-5b19-1a232f00c70e}\L\0000
  19. Did both; sort of. Ran OTL with the pasted info; it did some stuff, then rebooted the system. When it came back there was a log in Notepad, but OTL had begun to (spontaneously?) run and was opening windows rapidly from the upper left to lower right of my screen... Got that to stop and close but the OTL log closed too. Is there somewhere else it would be stored? Secondly, downloaded combofix from the link you offered, ran it, and it told me that I had the wrong operating system, that it only worked on Windows 2000 or XP
  20. OTL Extras logfile created on: 7/10/2012 9:57:28 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 3.92 Gb Available Physical Memory | 65.42% Memory free 12.00 Gb Paging File | 9.80 Gb Available in Paging File | 81.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% =
  21. OTL logfile created on: 7/10/2012 9:57:28 AM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Jen\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 3.92 Gb Available Physical Memory | 65.42% Memory free 12.00 Gb Paging File | 9.80 Gb Available in Paging File | 81.74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Wind
  22. OK, will do. I have to go take my truck to the dealership for repair (oh you would not believe the week it's been and it's only Tuesday!) but I will post the results when I return. The computer ran well until 24 hours ago, so I have faith we'll be able to fix it
  23. It won't let me run the 32 bit version, it tells me 'the subsystem needed to support the image type is not present.'
  24. I had to install it twice, once using 32 bit and once using 64 bit. Student version and an old as heck trial version. Should I redo FRST with the 32 bit version?
  25. Here are the requested logs. Scan result of Farbar Recovery Scan Tool Version: 09-07-2012 Ran by SYSTEM at 10-07-2012 08:47:17 Running from G:\ Windows 7 Professional (X64) OS Language: English(US) The current controlset is ControlSet001 ATTENTION!:=====> THE OPERATING SYSTEM IS A X86 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X64 SYSTEM DISK. ========================== Registry (Whitelisted) ============= HKLM\...\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated) HKLM
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.