Hello
I've been struggling with trying to clean this laptop and on the verge of formatting but I thought I would give it one last shot here if anyone can help. I've read through the instructions and hopefully I've done everything correctly. I did disable MSE before scanning with MalwareBytes but as soon as I was finished with scans, I re-enabled MSE and did a scan and it found and quarantined 2 Sirefef.AH trojans. Anyway, below is the list of the initial scans as per the 5-step preliminary removal.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.20.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Arlene :: LAPTOP [administrator]
Protection: Enabled
4/20/2012 11:26:35 AM
mbam-log-2012-04-20 (11-26-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297364
Time elapsed: 28 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 60
C:\Windows\System32\midisyn.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\StickyMesger.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ZTEusbser6k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\emproxy.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\eectrl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\epfw.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ESDCR.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lxbt_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lxcd_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AFGMp50.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AIRPLUS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\atapi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ATWPKT2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\btserial.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\CDRPDACC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\clcapsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\dmisrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\DniVad.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\elnkupdateservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\flutilssvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\FA312.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\FGDSCSI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\fsdfwd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ini910u.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\kbfiltr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mcvsrte.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mrxsmb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\MSSQL$AUTODESKVAULT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\NETw3x32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nimcdlbk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nipsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\olregcap.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\oracleorahomehttpserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\owstimer.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pdlnecfg.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\R300.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\RioS30.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\s217nd5.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\s217obex.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sentinelprotectionserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sfng32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\smwdm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssm_mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\symantecantibotshim.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\SymIM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\syntp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\USB_RNDIS_XP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\szkg.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\Tb2RCAssist.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tbhsd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vaiomediaplatform-mobile-gateway.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vmx86.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\webclient.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\WGX.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xfilt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\z525obex.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\z800mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\zpmysql.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vds.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rdsessmgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
(end)
I've been struggling with trying to clean this laptop and on the verge of formatting but I thought I would give it one last shot here if anyone can help. I've read through the instructions and hopefully I've done everything correctly. I did disable MSE before scanning with MalwareBytes but as soon as I was finished with scans, I re-enabled MSE and did a scan and it found and quarantined 2 Sirefef.AH trojans. Anyway, below is the list of the initial scans as per the 5-step preliminary removal.
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.20.02
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Arlene :: LAPTOP [administrator]
Protection: Enabled
4/20/2012 11:26:35 AM
mbam-log-2012-04-20 (11-26-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297364
Time elapsed: 28 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 60
C:\Windows\System32\midisyn.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\StickyMesger.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ZTEusbser6k.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\emproxy.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\eectrl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\epfw.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ESDCR.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lxbt_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\lxcd_device.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AFGMp50.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\AIRPLUS.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\atapi.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ATWPKT2.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\btserial.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\CDRPDACC.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\clcapsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\dmisrv.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\DniVad.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\elnkupdateservice.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\flutilssvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\FA312.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\FGDSCSI.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\fsdfwd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ini910u.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\kbfiltr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mcvsrte.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\mrxsmb.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\MSSQL$AUTODESKVAULT.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\NETw3x32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nimcdlbk.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\nipsvc.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\olregcap.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\oracleorahomehttpserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\owstimer.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\pdlnecfg.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\R300.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\RioS30.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\s217nd5.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\s217obex.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sentinelprotectionserver.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\sfng32.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\smwdm.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\ssm_mdfl.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\symantecantibotshim.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\SymIM.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\syntp.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\USB_RNDIS_XP.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\szkg.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\Tb2RCAssist.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\tbhsd.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vaiomediaplatform-mobile-gateway.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vmx86.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\webclient.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\WGX.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\xfilt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\z525obex.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\z800mgmt.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\zpmysql.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\vds.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
C:\Windows\System32\rdsessmgr.dll (RootKit.0Access.H) -> Quarantined and deleted successfully.
(end)