Sirefef spyware

[essexboy]

Can you select system restore please from the safe boot menu

Then we will try a different way

Download and Install Combofix
 
Download ComboFix from one of the following locations:
Link 1
Link 2
 
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
 
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
  
• Accept the disclaimer and allow to update if it asks

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.[/b]
  

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3.  If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[renw]

Combofix deleted somethings..But this happened before, so not sure if I'm clean.

Going to install a fresh install of Avast Antivirus free to see what happens.

[essexboy]

The reason Combofix does not appear to work is because it misses the protection driver, that needs to be removed manually 

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Windows\SysNative\SE26mdfl.dll
C:\Windows\SysNative\dds_trash_log.cmd

NetSvc::
zpaction

Driver::
zpaction

Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[renw]

Log as requested

[essexboy]

OK could you run the same combofix script please for a second time..

Once that has completed could you let me know what problems remain

[renw]

second one

[renw]

no problems as of yet. Keep you updated

[rajib201192]

spywere oh its very slower and lower disege of mial.i very accept fun of spywere and its bored our life

[essexboy]

OK I have found a protector driver for the protection driver... 'Tis almost like Russian dolls this latest variant

Once we are done I would like to have copies of the files for onward transmission to Avast for analysis.  I will give instructions for that later 

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\system32\drivers\pzrastpk.sys
C:\Windows\SysNative\SE26mdfl.dll
C:\Windows\SysNative\dds_trash_log.cmd

NetSvc::
zpaction

Driver::
pzrastpk
zpaction

Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[renw]

Sorry , was away

Here is the last log.

[essexboy]

OK any outstanding problems ?

[renw]

Looking good so far. just installed fresh version of Avast free.

Updated Java and installing windows updates as we speak.

Need more info/logs?

[essexboy]

Nope 

If you are still happy tomorrow  let me know and I will remove my rubbish and tidy up

[DonZ63]

'Tis almost like Russian dolls this latest variant

matryoshka doll

[essexboy]

Ah thank you I knew there was a technical term but my Russian is about as good as my Spanish... Non - existant