Sirefef infection-need to stop the rebooting to fix!

[despuser]

Seems to be an epidemic in the making with this awful Sirefef trojan. My Dell desktop, like many others' as I've been reading in this forum, has been infected. I have been able to complete the 'show hidden folders' instruction and also implement Defogger. I have also run all restore options using F8 options without success in removing the virus. After reading Datenshi (and others), it seems the common element is to go ahead and attached the log text files. Therefore, I have already run FRST64 and have attached the resulting frst.txt and search.txt files. Your assistance in 1) stopping the rebooting so I can proceed with the READ ME FIRST instructions (if so indicated) and 2) ultimate eradication is very much appreciated! Helpful data:
Windows 7 64-bit
Virus infiltrated yesterday (8/11/12) - mid day
May have been via a fake Adobe Flash Player "update" notice
Thank you.

[TimW]

Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows can continue with the below.

Running MGTools.

[despuser]

Thank you for your response.

Fixlog.txt attached. Upon reboot received blue screen; system then requested Startup Repair or Boot Normally ("Your computer was unable to Start"). Default was Startup Repair and no keyboard or mouse control to select either one so system continued with Startup Repair -- unable to cancel -- still running after ~~15 minutes.

Will await your instruction.

Thanks again.

[despuser]

Okay - system startup finally ended. MGTools run. MGlogs.zip attached.
MES btw is orange and it says "unprotected". All else seems okay so far.

[TimW]

Looks good, but you really need to run CCLeaner and clean out your temp folders.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware. You can uninstall RogueKiller and HitManPro.
2. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
4. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Go to add/remove programs and uninstall HijackThis.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
7. After doing the above, you should work thru the below link:
   
   • How to Protect yourself from malware!
   
   

Malware removal from a National Chain = $149
Malware removal from MajorGeeks = $0

[despuser]

You guys are awesome!

Looks like all is well again. Had to uninstall and reinstall a fresh copy of MSE --after which I ran a scan and it didn't find anything so hopefully we have resolved this issue.

Thank you again.

[TimW]

Good to know and you are most welcome.