need some help with sirefef.r a.k.a patched_c.LYU a.k.a troj/ZAccInf-b om win 7

[hippiehemp420]

hi
i'm getting ready to ghost over my operating system to a new 1 tb and found out i've got this c:\windows\system32\services.exe---virus:sirefef.r a.k.a patched_c.LYU a.k.a troj/ZAccInf-b
i was reading another post on here from someone who had the same prob and a member named jeff was helping him i don't have that post up anymore but in it it said the scripts he wrote were just for that user and was hoping he could help me out.i followed the sticky on here at  http://forum.avast.com/index.php?topic=53253.0 and ran all the tools mentioned there and attaching the logs that you need.if you need anything else just let me know
thanks in advance
hippiehemp

[hippiehemp420]

it wouldn't let me pit all the attchments on one post so here are the other ones

[argus]

Hi,



Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]


:OTL
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3811804119-672400136-2444291986-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O33 - MountPoints2\{0008c963-1ef7-11e2-ae1a-00262237f9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{0008c963-1ef7-11e2-ae1a-00262237f9ad}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{1153f143-82ff-11e0-9147-00262237f9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{1153f143-82ff-11e0-9147-00262237f9ad}\Shell\AutoRun\command - "" = J:\HPLauncher.exe
O33 - MountPoints2\{1153f288-82ff-11e0-9147-00262237f9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{1153f288-82ff-11e0-9147-00262237f9ad}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{212fd551-a9e3-11e0-b13c-00262237f9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{212fd551-a9e3-11e0-b13c-00262237f9ad}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{50ca001c-3218-11e2-ac2f-00262237f9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{50ca001c-3218-11e2-ac2f-00262237f9ad}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{53a49a9c-b27c-11e0-8ca0-00262237f9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{53a49a9c-b27c-11e0-8ca0-00262237f9ad}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\{6439912b-9765-11e0-aa15-00262237f9ad}\Shell - "" = AutoRun
O33 - MountPoints2\{6439912b-9765-11e0-aa15-00262237f9ad}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\E\Shell\Option1\Command - "" = E:\HBCD\HBCDMenu.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HPLauncher.exe

:files
C:\Windows\System32\config\systemprofile\AppData\Local\{6a6aeee6-4458-44c1-3c18-52b82ca5e50e}
C:\Users\cheryl\AppData\Local\{6a6aeee6-4458-44c1-3c18-52b82ca5e50e}

:commands
[CREATERESTOREPOINT]
[emptytemp]




• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log
.





----> Next






Scan with Combofix:

• Please download ComboFix by sUBs and save it to your Desktop.
  You may read how Combofix works here.
  
  
• Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
  If you are unsure how to do this please read this or this Instruction.
  
  
• Run ComboFix. Click on I Agree! & follow the prompts.
  Note: If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.
  
  
• When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
  (typical log location: C:\ComboFix.txt )

[hippiehemp420]

hi
thanks for the help
i ran the script you made in qtl and have that log
then ran combo fix but can't find where it put the log.it did make a file in c: named 32788R22FWJFW bit i don't see a log file

[argus]

See the C:\Qoobox, or Download the new CF and rerun . Remove old icon.

[hippiehemp420]

sorry it took so long to get back to you i got a little busy.i still can't get combo fix to work right but it seems the qtl you wrote for me and rouge killer have taken care of it after running them now rouge killer dosen't find it any more
so thanks for the help

[argus]

It is necessary to uninstall ComboFix :

• Click Start (or ) then Run.
  
  
  On Windows7 or Vista you may use Start Search field if Run is not available.
  
  
• In the line of text type in (Copy) the following:

Code: [Select]

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

• then click OK (or press Enter ).

Wait for the uninstall process is complete.