R2 SftService SoftThinks Agent Service C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe R2 sftlist Application Virtualization Client C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe R2 NOBU Dell DataSafe Online C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe R2 IAStorDataMgrSvc Intel(R) Rapid Storage Technology C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe R2 cvhsvc Client Virtualization Handler C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE R2 AMD External Events Utility AMD External Events Utility C:\Windows\system32\atiesrxx.exe -> C:\Windows\system32\atiesrxx.exe
WINDOWS 7 ZINIO READER UPDATE
R2 AdobeARMservice Adobe Acrobat Update Service C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe R0 PxHlpa64 PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys -> C:\Windows\system32\Drivers\PxHlpa64.sys MRun-圆4: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MRun-圆4: C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe MRun-圆4: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MRun-圆4: Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml MRun-圆4: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MRun-圆4: "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MRun-圆4: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MRun-圆4: "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" MRun-圆4: "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" -startup MRun-圆4: "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" MRun-圆4: "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" MRun-圆4: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MRun-圆4: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" MRun-圆4: C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe MRun-圆4: "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r MRun-圆4: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe IE: - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll MPolicies-system: PromptOnSecureDesktop = 0 (0x0) MPolicies-system: EnableUIADesktopToggle = 0 (0x0) MPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) MPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) MPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) MPolicies-explorer: NoActiveDesktop = 1 (0x1) StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NKVMON~1.LNK - C:\Program Files (x86)\Nikon\NkView6\NkvMon.exe MRun: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MRun: C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe MRun: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MRun: Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml MRun: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MRun: "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MRun: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MRun: "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" MRun: "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" -startup MRun: "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MRun: "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM I would prefer to clean the machine rather than wipe and reinstall. According to MSE scan, the machine is infected with Win64/Sirefef.B, Win64/Sirefef.Y, and Win32/Fadcit.A. Sometimes it forces the reboot after giving an apparently false error message about a "critical failure" in Windows. When I remove the virus (with MSE, Yorkyt, etc.), it reappears after a reboot.
WINDOWS 7 ZINIO READER WINDOWS
Windows Firewall disabled, system restore files wiped, MSE scan functions but real-time protection is disabled.
WINDOWS 7 ZINIO READER WINDOWS 7
I have a Windows 7 64-bit machine apparently infected With Sirefef.