Hi, I keep on getting the same alerts from avast over and over again. when I do a full system scan or a boot scan it does find infected files. The same goes for using malwarebytes. However no matter how many I remove they still appear every few 30 seconds or so.

At the moment the alerts I always get are:
Win32:Sirefef-AO [rtk]
Win64:Sirefe-A [trj]
win32:Malware-gen

These seam to always remain on my system. Though when I first got the problem it was only win 32: Malware-gen showing, now the other two have popped up.

here is the Extras.Txt

Just done the aswMBR scan. It was in quick scan mode. hope that right? I followed the instruction on forum. I would greatly appreciate any help you guys can provide in helping me clean my system. I dont want to have to format the thing.
Internet explorer is abit sluggish and crashes alot, also my system is running slower then normal with slight freezes here and there.

Iv attached the aswMBR log
cheers

Removers are notified. It may take several hours before one arrive so be patient

Hello, I will be working on your Malware issues

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.

[*]Right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

[*] Please download BlitzBlank by emsisoft and save it to your desktop.

[*] Open Blitzblank.exe by double click on it.

[*] Click OK at the warning (and take note of it, this is a VERY powerful tool!).

[*] Click the Script tab and copy/paste the following text there:

     
DeleteFile:
C:\Users\Dale Martin\AppData\Roaming\mscsr.dll
DeleteFolder:
C:\Users\Dale Martin\AppData\Local\{8ddb77d9-2680-f1e7-7d5c-37f9c8bd0211}
CopyFile:
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe C:\Windows\System32\services.exe

[*] Click Execute Now. Your computer will need to reboot in order to replace the files.
[*] When done, post me the report created by Blitzblank. you can find it at the root of the drive C:\

Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this Instruction.

Run ComboFix. Click on I Agree!
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.

When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
Attach log reports ( ComboFix.txt) back to topic.

Thanks for helping
I tried BlitzBlank but i got this eror message after copying the scipt and trying to execute.
the error said:
syntax error in line 2, invalid file path.

Do i need to do Blitzbank before running ComboFix?

cheers

Skip BlitzBlank. Run Combofix. But before you do, you need to run TFC.

1. Please download TFC by OldTimer to your desktop

[*]Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]It will close all programs when run, so make sure you have saved all your work before you begin.
[*]Click the Start button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
[*]Once it’s finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Run Combofix. If it wont run, run it in safe mode.

I have run TFC and combo fix,
I have attached the logs.
Thanks again for your help

Open notepad and copy/paste the text present inside the code box below:

ClearJavaCache:: 

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

Hi,
I have re run ComboFix with the script you gave me.
I have attached the log for you

The avast alert has stopped appearing now. though im not sure if that means im clean or not.

cheers

Logs looks good.

How is your computer behaving now ?

its seams to be running fine now. Explorer crashed once but that may just be incidental. Im running a scan right now with Malwarebytes, so far its found 7 items. If i finish the scan, remove the items then run an avast scan do u think that will be me cleared?
I appreciate all your help. My computer is running a lot smoother right now though. hopefully its a good sign.

cheers
Dale

Attach here MBAM logreport ( log tab )

Hi my bad. there was only actually once item found.
here is the log. Im running avast now. My internet just crashed again too.
Cheers

C:\Qoobox\Quarantine\..........................

happens when you run full scan…

awesome
I will let you know what I find when the avast scan is finished
im hopeful
cheers

Oki, no more active malware. You are clean.
The detection is from Quarantine as Pondus said. Quarantine has made by Combofix.
So,we needs to do some post cleaning.

It is necessary to uninstall the ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Re-run OTL and click on CleanUp! button

okay Iv cleaned up. Avast found the 2 things, but they were items that combo fix Quarantined. so it looks like im all clear now.
Thank you for all your help. You guys rock!

cheers