NeonBonez
Posts: 23 +0
Hi, I'm running Windows 7 Enterprise (64-bit version) and I've been infected with Sirefef.Y and Sirefef.B Microsoft Security Essentials detects them but is unable to remove it because it reboots after a minute. I've already used the frst64 program and it showed the following:
Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 27-06-2012 18:59:38
Running from H:\
Windows 7 Enterprise (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-09-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-09-01] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-09-01] (Intel Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-14] (RealNetworks, Inc.)
HKU\Javier Payes\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-05] (Valve Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.2.254 10.1.2.214 10.1.2.253
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Services (Whitelisted) ======
2 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [200704 2006-08-11] (InterVideo Inc.)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2009-07-13] (Symantec Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-27] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [301232 2010-04-06] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-09-16] (Symantec Corporation)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia)
3 nmwcdx64; C:\Windows\System32\Drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20032 2009-11-04] (Deon van der Westhuysen)
3 PPortJoystick; C:\Windows\System32\DRIVERS\PPortJoy64.sys [39488 2009-11-04] (Deon van der Westhuysen)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [11376 2002-10-08] ()
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [30720 2010-11-23] (The OpenVPN Project)
3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [54664 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [291760 2010-12-12] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50864 2010-11-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [82224 2010-11-29] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94528 2010-08-30] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [26472 2009-07-24] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63488 2010-04-26] (TOSHIBA Corporation)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
3 WCG200NTamd64; C:\Windows\System32\DRIVERS\WCG200V2NTamd64.sys [18560 2006-01-12] (Cisco-Linksys, LLC.)
3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [x]
3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [x]
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [x]
0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [x]
0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [x]
3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [x]
========================== NetSvcs (Whitelisted) ===========
Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 27-06-2012 18:59:38
Running from H:\
Windows 7 Enterprise (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-09-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-09-01] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-09-01] (Intel Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-14] (RealNetworks, Inc.)
HKU\Javier Payes\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-05] (Valve Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.2.254 10.1.2.214 10.1.2.253
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Services (Whitelisted) ======
2 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [200704 2006-08-11] (InterVideo Inc.)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2009-07-13] (Symantec Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-27] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [301232 2010-04-06] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-09-16] (Symantec Corporation)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia)
3 nmwcdx64; C:\Windows\System32\Drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20032 2009-11-04] (Deon van der Westhuysen)
3 PPortJoystick; C:\Windows\System32\DRIVERS\PPortJoy64.sys [39488 2009-11-04] (Deon van der Westhuysen)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [11376 2002-10-08] ()
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [30720 2010-11-23] (The OpenVPN Project)
3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [54664 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [291760 2010-12-12] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50864 2010-11-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [82224 2010-11-29] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94528 2010-08-30] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [26472 2009-07-24] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63488 2010-04-26] (TOSHIBA Corporation)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
3 WCG200NTamd64; C:\Windows\System32\DRIVERS\WCG200V2NTamd64.sys [18560 2006-01-12] (Cisco-Linksys, LLC.)
3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [x]
3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [x]
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [x]
0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [x]
0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [x]
3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [x]
========================== NetSvcs (Whitelisted) ===========