Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sirefef


  • This topic is locked This topic is locked
2 replies to this topic

#1 foobarbigtime

foobarbigtime

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 08 August 2012 - 07:15 AM

This is a scan i did just this morning from the system recovery console.

I've tried removing the virus with Microsofts removal tool, MBAM, Superanti-spyware and the computer repairs itself because it won't boot. I would appreciate any help. I've spent hours so far trying to remove the viruses. Thanks ahead :)

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012
Ran by SYSTEM at 08-08-2012 07:55:42
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-09-07] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253672 2011-01-07] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\Nicolae\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5661056 2012-07-09] (SUPERAntiSpyware.com)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-12] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{2B49ED64-D1A8-45C8-AA1F-FBB5E0E8774F}: [NameServer]0.0.0.0
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 syshost32; "C:\Windows\Installer\{9F616F8F-83A8-373E-36BA-02811696E380}\syshost.exe" /service [415232 2012-06-27] (Spec-Research)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-03-03] (Intel Corporation)
2 0079441344105044mcinstcleanup; C:\Users\Nicolae\AppData\Local\Temp\007944~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [x]
3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]

========================== Drivers (Whitelisted) =============

0 9e85bf7ff8e6964d; C:\Windows\System32\Drivers\9e85bf7ff8e6964d.sys [74184 2012-06-21] () ATTENTION =====> Rootkit?
3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2011-04-04] (Marvell Semiconductor, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-08 06:47 - 2012-08-08 06:47 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-08-08 06:47 - 2012-08-08 06:47 - 00000000 ____D C:\Users\All Users\Application Data\HitmanPro
2012-08-08 06:45 - 2012-08-08 06:45 - 00000000 ____D C:\FRST
2012-08-04 15:30 - 2012-08-04 15:30 - 00000000 ____D C:\Users\Nicolae\Application Data\SUPERAntiSpyware.com
2012-08-04 15:30 - 2012-08-04 15:30 - 00000000 ____D C:\Users\Nicolae\AppData\Roaming\SUPERAntiSpyware.com
2012-08-04 15:29 - 2012-08-04 15:30 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-08-04 15:29 - 2012-08-04 15:29 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-04 15:29 - 2012-08-04 15:29 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-04 15:29 - 2012-08-04 15:29 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-08-04 15:29 - 2012-08-04 15:29 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-08-04 14:09 - 2012-08-04 14:09 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 14:09 - 2012-08-04 14:09 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 14:09 - 2012-08-04 14:09 - 00000000 ____D C:\Users\Nicolae\Application Data\Malwarebytes
2012-08-04 14:09 - 2012-08-04 14:09 - 00000000 ____D C:\Users\Nicolae\AppData\Roaming\Malwarebytes
2012-08-04 14:09 - 2012-08-04 14:09 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-04 14:09 - 2012-08-04 14:09 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-08-04 14:09 - 2012-08-04 14:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-04 14:09 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-04 14:09 - 2012-01-31 04:59 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-08-04 14:08 - 2012-08-04 14:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Nicolae\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 14:06 - 2012-08-04 14:06 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-04 13:57 - 2012-08-04 13:57 - 00017061 ____A C:\Users\Nicolae\Desktop\combofix.log
2012-08-04 13:53 - 2012-08-04 13:53 - 00017061 ____A C:\ComboFix.txt
2012-08-04 13:30 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-04 13:30 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-04 13:30 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-04 13:30 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-04 13:30 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-04 13:30 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-04 13:30 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-04 13:30 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-04 13:25 - 2012-08-04 13:23 - 04724408 ____R (Swearware) C:\Users\Nicolae\Desktop\ComboFix.exe
2012-08-04 13:23 - 2012-08-04 13:53 - 00000000 ____D C:\Qoobox
2012-08-04 13:23 - 2012-08-04 13:51 - 00000000 ____D C:\Windows\erdnt
2012-08-04 11:12 - 2012-08-04 12:52 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-08-04 09:32 - 2012-08-04 09:32 - 00179707 ____A C:\Users\Nicolae\Local Settings\census.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00179707 ____A C:\Users\Nicolae\Local Settings\Application Data\census.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00179707 ____A C:\Users\Nicolae\AppData\Local\census.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00091840 ____A C:\Users\Nicolae\Local Settings\ars.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00091840 ____A C:\Users\Nicolae\Local Settings\Application Data\ars.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00091840 ____A C:\Users\Nicolae\AppData\Local\ars.cache
2012-08-04 09:25 - 2012-08-04 09:25 - 00000036 ____A C:\Users\Nicolae\Local Settings\housecall.guid.cache
2012-08-04 09:25 - 2012-08-04 09:25 - 00000036 ____A C:\Users\Nicolae\Local Settings\Application Data\housecall.guid.cache
2012-08-04 09:25 - 2012-08-04 09:25 - 00000036 ____A C:\Users\Nicolae\AppData\Local\housecall.guid.cache
2012-08-03 15:41 - 2012-08-04 14:05 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-08-03 15:41 - 2012-08-04 14:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

============ 3 Months Modified Files ========================

2012-08-08 06:48 - 2011-04-09 21:28 - 01593928 ____A C:\Windows\WindowsUpdate.log
2012-08-08 06:47 - 2009-07-14 00:13 - 00734858 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-08 06:46 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-08 06:46 - 2009-07-13 23:45 - 00013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-08 06:43 - 2011-07-06 22:03 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-08 06:38 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-08 06:38 - 2009-07-13 23:51 - 00075048 ____A C:\Windows\setupact.log
2012-08-08 02:11 - 2011-07-06 22:03 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-04 15:29 - 2012-08-04 15:29 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-04 15:29 - 2012-08-04 15:29 - 00001810 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-08-04 15:18 - 2011-04-09 21:51 - 00019226 ____A C:\Windows\PFRO.log
2012-08-04 14:09 - 2012-08-04 14:09 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 14:09 - 2012-08-04 14:09 - 00001111 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-04 14:08 - 2012-08-04 14:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Nicolae\Desktop\mbam-setup-1.62.0.1300.exe
2012-08-04 14:06 - 2012-08-04 14:06 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-04 14:05 - 2011-06-16 09:28 - 00740704 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-04 13:57 - 2012-08-04 13:57 - 00017061 ____A C:\Users\Nicolae\Desktop\combofix.log
2012-08-04 13:53 - 2012-08-04 13:53 - 00017061 ____A C:\ComboFix.txt
2012-08-04 13:47 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2012-08-04 13:44 - 2009-07-13 21:34 - 69730304 ____A C:\Windows\System32\config\software.bak
2012-08-04 13:44 - 2009-07-13 21:34 - 27262976 ____A C:\Windows\System32\config\system.bak
2012-08-04 13:44 - 2009-07-13 21:34 - 01048576 ____A C:\Windows\System32\config\default.bak
2012-08-04 13:44 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-08-04 13:44 - 2009-07-13 21:34 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-08-04 13:23 - 2012-08-04 13:25 - 04724408 ____R (Swearware) C:\Users\Nicolae\Desktop\ComboFix.exe
2012-08-04 09:32 - 2012-08-04 09:32 - 00179707 ____A C:\Users\Nicolae\Local Settings\census.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00179707 ____A C:\Users\Nicolae\Local Settings\Application Data\census.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00179707 ____A C:\Users\Nicolae\AppData\Local\census.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00091840 ____A C:\Users\Nicolae\Local Settings\ars.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00091840 ____A C:\Users\Nicolae\Local Settings\Application Data\ars.cache
2012-08-04 09:32 - 2012-08-04 09:32 - 00091840 ____A C:\Users\Nicolae\AppData\Local\ars.cache
2012-08-04 09:25 - 2012-08-04 09:25 - 00000036 ____A C:\Users\Nicolae\Local Settings\housecall.guid.cache
2012-08-04 09:25 - 2012-08-04 09:25 - 00000036 ____A C:\Users\Nicolae\Local Settings\Application Data\housecall.guid.cache
2012-08-04 09:25 - 2012-08-04 09:25 - 00000036 ____A C:\Users\Nicolae\AppData\Local\housecall.guid.cache
2012-08-02 13:15 - 2011-06-03 12:02 - 00013030 ____A C:\PDOXUSRS.NET
2012-07-07 18:45 - 2012-07-07 18:45 - 00698496 ____A C:\Windows\Minidump\070712-17690-01.dmp
2012-07-07 18:44 - 2011-09-18 15:15 - 406452076 ____A C:\Windows\MEMORY.DMP
2012-07-03 12:46 - 2012-08-04 14:09 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-21 07:51 - 2012-06-21 07:51 - 00074184 ____A C:\Windows\System32\Drivers\9e85bf7ff8e6964d.sys
2012-06-13 15:07 - 2009-07-13 23:45 - 00298768 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-13 14:37 - 2011-06-03 10:57 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-14 22:56 - 2012-06-13 10:48 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 22:52 - 2012-06-13 10:48 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 22:08 - 2012-06-13 10:48 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 22:06 - 2012-06-13 10:48 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 20:32 - 2012-06-13 10:48 - 03144192 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 06:34 - 2009-07-14 00:08 - 00032594 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-11 20:25 - 2009-07-13 21:34 - 00000531 ____A C:\Windows\win.ini


ZeroAccess:
C:\Windows\Installer\{e5aa47ef-3909-519c-e2e7-95e78d049088}
C:\Windows\Installer\{e5aa47ef-3909-519c-e2e7-95e78d049088}\L
C:\Windows\Installer\{e5aa47ef-3909-519c-e2e7-95e78d049088}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 28%
Total physical RAM: 1910.68 MB
Available physical RAM: 1361.39 MB
Total Pagefile: 1910.68 MB
Available Pagefile: 1354.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:218.14 GB) (Free:178.2 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: (F50 PIVOT) (Removable) (Total:3.72 GB) (Free:3.09 GB) FAT32
5 Drive g: (Recovery) (Fixed) (Total:14.65 GB) (Free:8.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 3818 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 218 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 G Recovery NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 218 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3814 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F F50 PIVOT FAT32 Removable 3814 MB Healthy

==================================================================================

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


==========================================================

Last Boot: 2012-08-06 23:52

======================= End Of Log ==========================

Edited by foobarbigtime, 08 August 2012 - 07:43 AM.


BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 AM

Posted 10 August 2012 - 11:30 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Posted Image Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

0 9e85bf7ff8e6964d; C:\Windows\System32\Drivers\9e85bf7ff8e6964d.sys [74184 2012-06-21] () ATTENTION =====> Rootkit?
C:\Windows\System32\Drivers\9e85bf7ff8e6964d.sys
C:\Windows\Installer\{e5aa47ef-3909-519c-e2e7-95e78d049088}
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options again.
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by RPMcMurphy, 10 August 2012 - 11:31 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:19 AM

Posted 16 August 2012 - 08:42 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users