Sirefef.R & Sirefef.AH - roboots after 1 minute

Please do the below as we need to locate a backup file to replace an infected one.

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

services.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (See How to attach)

 

You're welcome.

Download this >> View attachment fixlist.txt


Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows and tell me how things are working.

 

Please run MGtools per the instructions in the below link and then attach the C:\MGlogs.zip file that it creates. Make sure all protection software is disabled and also that UAC is disabled before trying to run MGtools.

Using MGtools

 

Things are looking pretty good other than your Windows Firewall not running. Let's take a shot at fixing it.

Be patient while doing the below. The fixes can take quite awhile to run. Especially the permissions repairs. It may be best to kick it off and goto bed or do something else. It is better not to run anything while the repairs are going on.

Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.

• Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
• Now select the Start Repairs tab.
• The click the Start button.
• Create a System Restore point if prompted.
• On the next screen, click the Unselect All button to first deselect all repairs.
• Now select the following repair options:
  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair WMI
  • Repair Windows Firewall
  • Remove Policies Set By Infections
  • Repair Winsock & DNS Cache
  • Repair Proxy Settings
  • Repair Windows Updates
  • Set Windows Services To Default Startup
• Now on the lower right side check the box to Restart/Shutdown System When Finished
• Then make sure the Restart System radio button is enabled.
• Shutdown any other programs that you are running now before continuing.
• Now click the Start button.
• Be patient while the tool repairs the selected items.
• It should reboot automatically when finished.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

​

 

Okay we have one more fix to do.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.
Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Sorry for the delay. Have not been able to be hear for a few days.

There is not too much I can suggest for this other than creating a new user account and see if it works okay. This is typically a sign of corruption within the user account's registry hive. It has happened to many people Also some versions of Windows (like XP and 2K ) were notorious for just having issues like this which is why quite a few tools were written to save icon positions and restore them. The problem is that many times, all it takes is any refresh of the Desktop ( which happens frequently ) and they are moved again.

You may want to check out the below:

http://answers.microsoft.com/en-us/windows/forum/windows_7-desktop/everytime-i-refresh-my-desktop-the-icons-auto/f6ce434c-be50-496f-a07d-14f72bc16fb5?msgId=18f45e39-4118-459f-baa2-7130941ee02a

Your logs are clean time for final cleanup below. But you may want to delay the clearing of restore points in step 9 ( that is if you still have any), just in case you want to try a system restore to see if it can help with the auto arrange of icons issue. I don't think it would help, but you never know. On the downside, it could also restore malware.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Press and hold the Windows key http://forums.majorgeeks.com/chaslang/images/Windows_Logo_key.gif and then press the letter R on your keyboard. This opens the Run dialog box.
   • Copy and paste the below into the Run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

I don't expect that it would fix the problem, but I cannot be positive of that. It's possible you may cause yourself other grief too. Perhaps you could look for ideas in the Software Forum.

 

You're welcome.

Hmmmm! Please let us know if you find a solution. I just got another thread that has the same problem after malware was remove. Thus far we have only see two such cases ( yours and the other users ).

 

Yes I had not found any sure fire way to fix this either. I did not think that even a system restore would work. Glad to hear a repair worked. Thanks for letting us know.

You're welcome. Surf safely!