I’m a complete and utter novice on these kinds of things and like a lot of people it seems I have a Malware issue on my laptop. I keep getting persistent alerts from Avast! saying that a Trojan Horse has been blocked.
I will follow the process that has been suggested on so many of the forum topics and attach to this message.
Here are the logs
Last two…
and aswMBR log?
I’ve followed the full steps as suggested in the forums…MBAM, OTL and aswMBR.
And one more!
I'm a complete and utter novice on these kinds of things and like a lot of people it seems I have a Malware issue on my laptop.yes,you have a Siref rootkit
help is on the way
Thank you SO much! 
Hello,
Step1
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
[*] Please download BlitzBlank by emsisoft and save it to your desktop.
[*] Open Blitzblank.exe by double click on it.
[*] Click OK at the warning (and take note of it, this is a VERY powerful tool!).
[*] Click the Script tab and copy/paste the following text there:
DeleteFile:
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
DeleteFolder:
C:\Windows\Installer\{312d2673-3e26-8b2a-c7bd-9cacd4a40c52}
CopyFile:
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
[*] Click Execute Now. Your computer will need to reboot in order to replace the files.
[*] When done, post me the report created by Blitzblank. you can find it at the root of the drive C:\
Step2
Re-run OTL and hit QuickScan. Attach here fresh OTL.txt
Done the steps…here are the two new logs
Should I turn the avast! back on?
Good, next …
Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.
Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.
Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.
Done…
Open notepad and copy/paste the text present inside the code box below:
SkipFix::
File::
c:\windows\system32\services.exe.A4BE147A75F4DD46
Save this as CFScript.txt
http://img213.imageshack.us/img213/1218/cfscript1.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )
How is computer running now?
It seems to be running ok. No constant pop ups from Avast.
I suppose you never know how much damage has been done…
[*] Open Blitzblank.exe by double click on it.
[*] Click OK at the warning (and take note of it, this is a VERY powerful tool!).
[*] Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\system32\services.exe.A4BE147A75F4DD46
c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
[*] Click Execute Now. Your computer will need to reboot in order to replace the files.
[*] When done, post me the report created by Blitzblank. you can find it at the root of the drive C:\
Re-run Combofix and attach here fresh Combofix.txt
It wont allow me to do that…
Says there is a Syntex error in line 3
There are a few stubborn files…now we use a far more aggressive tool:
Download AVZ Antiviral Toolkit and save it to your Desktop from here:
http://devbuilds.kaspersky-labs.com/devbuilds/AVZ/avz4.zip
Extract the archive to a folder.
Run AVZ double-click on this icon:
http://blog.brothersoft.com/wp-content/uploads/2008/11/avz_antiviral_toolkit_logo.jpg
File > Custom Scripts
In the window that opens copy/paste everything inside the quotebox below
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\system32\services.exe.A4BE147A75F4DD46','');
DeleteFile('c:\windows\system32\services.exe.A4BE147A75F4DD46');
QuarantineFile('c:\windows\F896D02690164122B9BD957FF092FFE9.TMP','');
DeleteFile('c:\windows\F896D02690164122B9BD957FF092FFE9.TMP');
DeleteFileMask('%Tmp%' , '*.*' , true) ;
BC_ImportDeletedList;
BC_Activate;
ExecuteSysClean;
RebootWindows(true);
end.
Click on the Run and wait for the script execute.
Reboot Windows
Re- Run Combofix , attach here fresh log.
Tried that…says there is a problem that has caused the programe to stop working…and then it closes
:o Hm…
Obviously we need to be resolved this outside the Windows environment.
In principle, there is nothing malicious running but I would just to make sure to avoid possible re-infection.
[*]Download FRST64 to a USB flash drive.
[*]Plug the USB drive into the infected machine.
Boot your computer into Recovery Environment
[*]Restart the computer and press F8 repeatedly until the Advanced Options Menu appears.
[*]Select Repair your computer.
[*]Select Language and click Next
[*]Enter password (if necessary) and click OK, you should now see the screen below …
http://i1090.photobucket.com/albums/i366/garyr56/W7InstallDisk2.png
[*]Select the Command Prompt option.
[*]A command window will open.
[*]Type notepad then hit Enter.
[]Notepad will open.
[list]
[*]Click File > Open then select Computer.
[*]Note down the drive letter for your USB Drive.
[]Close Notepad.[/list]
[*]Back in the command window …
[*]Type e:/frst64.exe and hit Enter (where e: is replaced by the drive letter for your USB drive)
[*]FRST will start to run.
[list]
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]When finished scanning it will make a log FRST.txt on the flash drive.[/list]
[*]Next
[*]Type Services.exe into the Search: field in FRST then click the Search File(s) button.
[*]FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
[*]Exit FRST.
[*]Close the command window.
[*]Boot back into normal mode and post me the FRST.txt and Search.txt logs please.
All done…
Open notepad.
[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.
Start
2012-07-22 03:23 - 2012-07-22 03:52 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-07-22 01:55 - 2012-07-22 01:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A4BE147A75F4DD46
end
[*] Save it to your USB flashdrive as fixlist.txt
Boot into Recovery Environment
Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …
[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.
Exit out of Recovery Environment and post me the log please.
…and the last check:
Delete current Combofix and download a fresh copy and run it. Attach here fresh Combofix log.