Win32:sirefef-ho, win32:sirefef-FQ

don’t know how serious it is, only really giving me pop-ups. but i’m sure it’s doing more than just that.

inb4 utorrent
inb4 OP can’t inb4

assembly\gac_32 and 64\desktop.ini with sirfef-fq/ho
consrv.dll with sirfef-ho

Avast keeps catching win32:DNSChanger and win64:ZAccess-A

posting logs

Re-run aswMBR and when it has completed press the Fix button and reboot

Once done could you run OTL again with the same parameters as the first run

so we clean?

Whilst I look at OTL could you post the last aswMBR log please

let me generate one, unless it generates a second post-fix log. i’m not seeing any alerts from avast either.

Well it is congratulation time for GMER as the new aswMBR version appears to have killed it ;D

Now it is just a tidy up exercise and reset the tcpip stack

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL FF - prefs.js..network.proxy.backup.ftp: "217.15.117.86 " FF - prefs.js..network.proxy.backup.ftp_port: 3128 FF - prefs.js..network.proxy.backup.socks: "217.15.117.86 " FF - prefs.js..network.proxy.backup.socks_port: 3128 FF - prefs.js..network.proxy.backup.ssl: "217.15.117.86 " FF - prefs.js..network.proxy.backup.ssl_port: 3128 FF - prefs.js..network.proxy.ftp: "212.118.224.154" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "212.118.224.154" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "212.118.224.154" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "212.118.224.154" FF - prefs.js..network.proxy.ssl_port: 80 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. [2012/01/19 10:43:10 | 000,000,000 | ---D | C] -- C:\Windows\system64

:Files
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

firefox was acting funny, wouldn’t load the page for reply.

i’m having OTL sit on [resethosts] because it gave me - “cannot create file C:\windows\system32\drivers\ect\hosts.” with your permission I shall continue with the reboot.

Yes continue with the reboot

otl doesn’t know what to do know because of fail. should I close the app?

maybe retry with same settings.

Yes close OTL and reboot please

The run a fresh quickscan as it will have done the necessary work prior to the host fix

I am now on an old winnt system. win7 boot fail, can’t seem to locate a restore point. now what lol? format and reinstall? I can load the drive onto another system if need be.

OK two things to try

First reboot the computer and then press and hold F8
From the menu that appears first try repair my computer
If that fails then select last known good
It booted OK after the aswMBR run though ?

last known fails, repair fails with -
boot critical file ntoskrnl.exe is corrupted.

not sure where that came from…but yes, after aswMBR fix it booted with no avast warnings.

edit: going to try copying it over from a usb-drive.

OK I see the problem - a one in a million chance where ntoskrnl was being used when you rebooted

Running SFC /Scannow from the command prompt should recover the file

Do you have a Windows 7 cd ? If not we can create one

We will need Imgburn
ImgBurn
And Windows 7 RCISO =http://www.forum.probz.net/index.php?/files/file/19-windows-7-recovery-environment-iso/

Install Imgburn
Then double click the rciso
Download both to the other computer
This will burn it to disc

Then follow the instructions to run sfc on this page http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html

“sfc /scannow” returns msg “Windows Resource Protection could not perform the requested operation.”

followed instructions on that page, also when I copied over ntoskrnl from another win7 computer, repair returned something like…it tried again and again and it couldn’t find a root cause(instead of saying that ntoskrnl is corrupt), ran it again with same result.

and all sfc /scannow gave me was this cbs.log, which is massive(6.41mb). what now lol, think it’ll just be easier to format. unless you have any other suggestions.

besides, it’s something like 5 hours past my bedtime. thanks for trying to help essexboy.

A final possbility could you run chkdsk /f from the recovery console command prompt