Hello, i have infected my machine by clicking on an supposed update to Adobe. Whenever i start my machine, it shows the desktop for a few seconds and then a white screen appears. In the background, you can hear Avast complaining of a security threat. The situation is v similar to this here: http://forum.avast.com/index.php?topic=111062.0

I’m running Vista Home Premium, 64 bit.

Thanks in advance for any help.

attach the requested logs http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done a removal expert will be notified and help you

I did a avast quick scan in Safe mode, it picked up c:\windows\System32\services.exe infected with win32:Sirefef-ZT [Trj]

Thank you for your reply. Do I go into Safe mode, connect to the web and then download those programs?
Apols, I am not particularly tech savvy.

no…you download and run the normal way…if you have trouble running any of the programs, you may try run from safe mode

Are you able to get into safe mode ?

Yes, i can go into Safe mode. I cannot do ANYTHING whilst in normal mode due to the white screen.

OK run the OTL scan first then attach the logs here

I had to run the program again, didn’t paste the filters into the Custom Scan box the first time:

Do you want these as well?

AdwCleaner
Malwarebytes

aswMBR

if you can…yes

i guess essexboy is in bed now, but will continue when he is back tomorrow

Already started the aswMBR scan, taking ages. Appreciate the help. Have a good night guys.

aswMBR file, shows a couple of infected files:

Ran Adw cleaner, but there was no log when the system rebooted, perhaps because i booted back to safe mode.

mbam log:

Found it when i rebooted back to normal mode, white screen has gone :), attached the log.

On the face of it, computer looks like it’s ‘cured’, pls advise later if this is the case.

redid OTL scan, log posted:

redid aswMBR, machine still has infections :

OK lets get at it … All from safe mode initially. However, when combofix reboots allow it to go to normal mode

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
O3:64bit: - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Lion\AppData\Roaming\Mozilla\Firefox\Profiles\s0w9c8t4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.98.dll File not found
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Lion\AppData\Roaming\Mozilla\Firefox\Profiles\s0w9c8t4.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.98.dll File not found
[2013/03/27 18:39:46 | 000,004,608 | -HS- | M] () -- C:\Windows\assembly\GAC_32\Desktop.ini
[2013/03/27 18:39:46 | 000,006,144 | -HS- | M] () -- C:\Windows\assembly\GAC_64\Desktop.ini

:Files
C:\Windows\Installer\{464cdbb6-dbbc-420a-d862-a88e1a26adea}
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

OTL file attached as requested (note that the Use Company Name White List, Skip Microsoft Files, Use No-Company-Name White List boxes were all checked when i ran the Quick Scan - i didn’t check them, already there):