Please Help remove infection by Win64:Sirefef-A + Win32:Sirefef-AO

[Vinsorama]

Yesterday Avast reported finding these viruses and it reports finding them every 15-20 minutes since then.
I have tried a lot of things to rid my computer of this threat, and probably some of these things were not very smart butas they say :you live you learn.
One of them has been enabling my windows firewall again (because it appears something turned it off) and since then Avast is also sometimes saying I have an URL:Mal infection as well 

 
I don't know what to do and I'd appreciate any help.

As has been suggested I have attached the logs by OTL and copied the Malwarebytes AntiMalware log as well.





Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.08

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Vins :: VINSOV-KOMP [administrator]

5.5.2012 23:23:30
mbam-log-2012-05-05 (23-23-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282267
Time elapsed: 16 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Pondus]

you should also attach the aswMBR log

i see some AVG files in there....did you use that before avast?

[Vinsorama]

Here's the aswMBR log as well.  And apparently another instance of Sirefef 

Yes, I used AVG before Avast. I had a lot of trouble with it (especially that upgrade to AVG 2012...took me 3 days to get my computer to work) and that's why I switched to Avast. But I can't seem to remove all of the files (apparentlyx several versions worth of them) it left behind

[Pondus]

run AVG uninstaller and reboot   http://singularlabs.com/uninstallers/security-software/



The malware removal experts usually arrive here late UK time (in week days) anyway i guess you want see them until tomorrow

[Vinsorama]

Hm...I just tried that and my computer went a bit crazy had to use a restore point to get it to work again...so I think I'm going to have to leave those files where they are for the moment...

but thanks for the advice.

hope I get some advice on these malwares soon...the notifications are driving me insane

[Vinsorama]

Now I've started having other problems as well after start up today my Task bar seems to be left hanging and no programs will run (not even restart...I had to reboot it manually). I've managed to get into Safe mode and use a Restore point to get it to work but I don't know what will happen the next time it restarts.
All of this is very frustrating...

[Pondus]

The malware removers are notified, so they will see this when they arrive   

[essexboy]

The file in question is a dropper in your temporary files and has not been able to run.  On completion of this could you let me know if you are still getting the alerts 

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
  SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
  O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
  O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
  O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
  O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\AVG
  
  :Commands
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Vinsorama]

OK...that didn't work to say the least the computer froze in the middle of the OTL process...I've waited 15 minutes for something to happen but it didn't so I rebooted. Now it won't work at all in normal mode i.e. the same problem like in the morning....apparently it remains hanging during the start of Task bar...

Now I'm in safe mode. Any suggestions how to proceed?

[essexboy]

Did you disable MBAM ? As that will cause OTL to hang

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[Vinsorama]

I couldn't do that since it was not on....I apparently have a free version of MBAM which doesn't even have the protection module enabled.

I've tried the OTL fix again...and it hangs at O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
there is no such file on the computer so perhaps that's the hangup I don't know...

should I try Combofix now?

[essexboy]

Yes please - I will check that out

[Vinsorama]

well I've done something perhaps not very smart i.e. I just removed the command which I thought was the problem in OTL and this time it ran through without any problems. I've then performed a scan and I'll attach the logs now. I've also scanned with MBAM (nothing found) and aswMBR.
But then I've tried to restart the computer just to see what will happen. And the same thing as before happened...no applications want to run...something is happening with Avast is my guess since everything goes haywire once it comes on, or the virus is blocking something.

I'm in Safe mode again and I suppose the Combofix won't work here. What could I do next?

[essexboy]

Combofix will run in safe mode... What error do you get when you try to run a programme ?

[Vinsorama]

No errors...just nothing happens. After a few try's I've managed to open the Task manager and it shows the processes being started but they don't do anything...just hang (and no applications are started as a result at all). Windows Explorer seems to be working fine since I can browse through the files but I can't start anything. 
all the programs starting during start up are active though...