Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef infection!! Please help me asap


  • This topic is locked This topic is locked
2 replies to this topic

#1 MM_2012

MM_2012

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 23 July 2012 - 03:40 PM

Good day all,

After reinstalling MSE, my comp suddenly started rebooting on its own... Once it starts up it says that I have ONE MINUTE to finish what I am doing and it will restart in a minute... I followed the instructions with the Farbar thing and attached are the FRST and Search.txt

Please help me!! I need to work on something using my Computer right away...

Much appreciated

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:15 AM

Posted 23 July 2012 - 05:03 PM

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Owner\...\Run: [cmdhe] rundll32.exe "C:\Users\Owner\AppData\Roaming\cmdhe.dll",AInputSegment [147456 2012-07-21] (DT Soft Ltd)
HKU\Owner\...\Run: [bcausv] "C:\Windows\System32\rundll32.exe" "C:\Users\Owner\AppData\Roaming\bcausv.dll",CreateCubeTextureFromResourceW [431104 2012-07-21] ()
1 eihwzahq; \??\C:\Windows\system32\drivers\eihwzahq.sys [x]
2 MSSQL$DDNI;  [x]
2012-07-23 11:38 - 2012-07-23 11:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E301EBB67F5F1C58
2012-07-23 11:38 - 2012-07-23 11:38 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cmwulhew.sys
2012-07-23 11:35 - 2012-07-23 11:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.31FD26909E272C61
2012-07-23 11:33 - 2012-07-23 11:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F12CD4D7068C7613
2012-07-23 11:31 - 2012-07-23 11:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4BAF82740E76F58F
2012-07-23 11:28 - 2012-07-23 11:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D013B75A0851FE6
2012-07-23 11:24 - 2012-07-23 11:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6B32CCB8D8C3B05C
2012-07-23 11:18 - 2012-07-23 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04964D9EA38B2331
2012-07-23 11:15 - 2012-07-23 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.421E78A5898B1715
2012-07-23 11:05 - 2012-07-23 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF01DFFF5E6E24A2
2012-07-23 11:02 - 2012-07-23 11:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DFEE713C1C09294E
2012-07-23 11:02 - 2012-07-23 11:02 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yonxypik.sys
2012-07-23 10:59 - 2012-07-23 10:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E1F9A5C62D30EE80
2012-07-23 10:56 - 2012-07-23 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CFD7D699FC7D87D8
2012-07-23 10:53 - 2012-07-23 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.165827F91942E625
2012-07-23 10:49 - 2012-07-23 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.043024006CE0C071
2012-07-23 10:42 - 2012-07-23 10:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.815B2A46A2909DCC
2012-07-21 23:03 - 2012-07-21 23:03 - 00431104 ____A C:\Users\Owner\AppData\Roaming\bcausv.dll
2012-07-21 23:03 - 2012-07-21 23:03 - 00000000 ____D C:\Users\Owner\AppData\Local\{5A65F492-D3CB-11E1-8270-B8AC6F996F26}
2012-07-21 23:02 - 2012-07-21 23:02 - 00147456 ____A (DT Soft Ltd) C:\Users\Owner\AppData\Roaming\cmdhe.dll
C:\Windows\Installer\{bf2a47dd-a5fb-1224-817b-224de62e0fee}
C:\Users\Owner\AppData\Local\{bf2a47dd-a5fb-1224-817b-224de62e0fee}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 23 July 2012 - 05:03 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:07:15 AM

Posted 29 July 2012 - 04:37 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users