Inactive PC infected with win64/sirefef.W & Y

E

Eifelbaer

Posts: 21   +0
Hello, I have a windows 7 64 bit PC with SP1. When I boot it, MSE each time attempts to quarantine or remove these viruses, the computer gives me a message and notifies me it will shut down in one minute what it does. Any help to remove these is greatly appreciated. Thanks a lot in advance.

In other posts I ve seen that you want us to run FRST frist and post the log which I did. This is the log I got:


Scan result of Farbar Recovery Scan Tool Version: 10-06-2012 03
Ran by SYSTEM at 14-06-2012 12:51:12
Running from G:\
Windows 7 Home Premium (X64) OS Language: German Standard
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16335392 2009-07-27] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe [x]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [538472 2009-06-17] (Symantec Corporation)
HKLM-x32\...\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2010-02-18] (Sony Corporation)
HKLM-x32\...\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe [99624 2009-07-27] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [843776 2009-02-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe [669520 2009-01-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe /systray [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [FILSHtray] "C:\Program Files (x86)\FILSHtray\FILSHtray.exe" [597504 2012-02-06] (FILSH Media GmbH)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-04] (Adobe Systems Incorporated)
HKU\Christine\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Christine\...\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-07-04] (Samsung Electronics Co., Ltd.)
HKU\Christine\...\Run: [SansaDispatch] C:\Users\Christine\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2011-09-11] (SanDisk Corporation)
HKU\Christine\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-05] (Google Inc.)
HKU\Christine\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Christine\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\Christine\...\Policies\system: [LogonHoursAction] 2
HKU\Christine\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Jessica\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Jessica\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-05] (Google Inc.)
HKU\Jessica\...\Policies\system: [LogonHoursAction] 2
HKU\Jessica\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Nicole\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Nicole\...\Run: [Epson Stylus Photo PX810FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRE.EXE /FU "C:\Users\Nicole\AppData\Local\Temp\E_S356C.tmp" /EF "HKCU" [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\Nicole\...\Policies\system: [LogonHoursAction] 2
HKU\Nicole\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Svenja\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Svenja\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-05] (Google Inc.)
HKU\Svenja\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Svenja\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Svenja\...\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated)
HKU\Svenja\...\Policies\system: [LogonHoursAction] 2
HKU\Svenja\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Thomas\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
HKU\Thomas\...\Run: [Epson Stylus Photo PX810FW(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFRE.EXE /FU "C:\Windows\TEMP\E_S625B.tmp" /EF "HKCU" [223232 2009-02-23] (SEIKO EPSON CORPORATION)
HKU\Thomas\...\Run: [SansaDispatch] C:\Users\Thomas\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2010-12-21] (SanDisk Corporation)
HKU\Thomas\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-03-05] (Google Inc.)
HKU\Thomas\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17148552 2012-02-29] (Skype Technologies S.A.)
HKU\Thomas\...\Policies\system: [LogonHoursAction] 2
HKU\Thomas\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\..\Interfaces\{D7584639-C672-4FCD-A118-BA34BF7EF593}: [NameServer]192.168.178.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
==================== Services (Whitelisted) ======
3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated)
2 AdobeActiveFileMonitor7.0; C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-12-08] (Adobe Systems Incorporated)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [651720 2010-02-18] (Macrovision Europe Ltd.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-06-26] (Sonic Solutions)
2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-06-26] (Sonic Solutions)
2 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-07-27] (Sony Corporation)
2 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [427304 2009-07-27] (Sony Corporation)
2 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-07-27] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-07-23] (Sony Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" [204648 2009-08-03] (Sony Corporation)
2 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [411496 2009-07-16] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [642920 2009-07-22] (Sony Corporation)
2 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [468264 2009-06-26] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [357672 2009-06-26] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [110888 2009-06-17] (Sony Corporation)
3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [313264 2009-07-23] (Sony Corporation)
2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [522240 2009-08-12] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-07-23] (Sony Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
2 rimsptsk; C:\Windows\system32\DRIVERS\rimssn64.sys [86528 2009-07-31] (REDC)
2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
3 ss_bbus; C:\Windows\System32\Drivers\ss_bbus.sys [127488 2010-04-27] (MCCI)
3 ss_bmdfl; C:\Windows\System32\Drivers\ss_bmdfl.sys [18944 2010-04-27] (MCCI Corporation)
3 ss_bmdm; C:\Windows\System32\Drivers\ss_bmdm.sys [161280 2010-04-27] (MCCI Corporation)
1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2011-01-15] ()
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-14 12:51 - 2012-06-14 12:51 - 00000000 ____D C:\FRST
2012-06-12 08:39 - 2012-06-12 08:39 - 00000000 ___AD C:\Users\Jessica\Documents\also kann ich das so schreiben.docx-copy2
2012-06-11 13:59 - 2012-06-11 13:59 - 00000000 ____D C:\Users\Thomas\Documents\FILSHtray
2012-06-11 13:59 - 2012-06-11 13:59 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Apple Computer
2012-06-11 13:59 - 2012-06-11 13:59 - 00000000 ____D C:\Users\Thomas\AppData\Local\FILSH_Media_GmbH
2012-06-11 13:06 - 2012-06-11 13:07 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-11 13:06 - 2012-06-11 13:06 - 12633984 ____A (Microsoft Corporation) C:\Users\Christine\Downloads\mseinstall.exe
2012-06-11 13:06 - 2012-06-11 13:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-11 10:49 - 2012-06-11 10:49 - 00002063 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-11 10:26 - 2012-06-11 10:26 - 00015120 ____A C:\Users\Christine\Desktop\SCANPST - Verknüpfung.lnk
2012-06-08 08:44 - 2012-06-08 08:44 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-06 15:02 - 2012-06-06 15:02 - 00000000 ____D C:\Users\Christine\AppData\Local\Sonos,_Inc
2012-06-06 14:10 - 2012-06-06 14:10 - 00000867 ____A C:\Users\Public\Desktop\WiMP.lnk
2012-06-06 14:10 - 2012-06-06 14:10 - 00000000 ____D C:\Users\Christine\AppData\Roaming\com.aspiro.wimp.de.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
2012-06-06 14:10 - 2012-06-06 14:10 - 00000000 ____D C:\Program Files (x86)\WiMP
2012-06-06 13:45 - 2012-06-06 13:45 - 00001991 ____A C:\Users\Public\Desktop\Sonos.lnk
2012-06-06 13:44 - 2012-06-06 13:45 - 00000000 ____D C:\Users\All Users\Sonos,_Inc
2012-06-06 12:45 - 2012-06-06 12:45 - 00000000 ____D C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2012-06-06 12:44 - 2012-06-06 12:44 - 00000947 ____A C:\Users\Public\Desktop\Napster 5.0.lnk
2012-06-06 12:44 - 2012-06-06 12:44 - 00000000 ____D C:\Users\Christine\AppData\Roaming\com.Rhapsody.Napster5
2012-06-06 12:44 - 2012-06-06 12:44 - 00000000 ____D C:\Program Files (x86)\Napster 5.0
2012-06-02 22:06 - 2012-06-02 22:06 - 00002099 ____A C:\Users\Public\Desktop\Lightroom 4 64-Bit.lnk
2012-05-30 20:44 - 2012-05-30 20:44 - 00014549 ____A C:\Users\Christine\Downloads\Geschi.docx
2012-05-27 17:40 - 2012-05-27 17:40 - 03930504 ____A (http://yourfiledownloader.com) C:\Users\Christine\Downloads\griet_s_theme_sheet_downloader_352a.exe
2012-05-18 18:18 - 2012-05-18 18:18 - 00000000 ____D C:\Users\Christine\AppData\Local\Windows Live
2012-05-18 18:18 - 2012-05-18 18:18 - 00000000 ____D C:\Users\Christine\AppData\Local\{F585D421-F89E-4860-9E66-47F708B70533}
2012-05-17 16:16 - 2012-05-17 16:16 - 00000000 ____D C:\Users\Nicole\Documents\FILSHtray
2012-05-17 16:16 - 2012-05-17 16:16 - 00000000 ____D C:\Users\Nicole\AppData\Local\FILSH_Media_GmbH
2012-05-15 20:44 - 2012-05-15 20:44 - 00013085 ____A C:\Users\Jessica\Documents\Spiele.docx
2012-05-15 14:02 - 2012-05-15 14:02 - 00011176 ____A C:\Users\Svenja\Documents\Quiz.docx
============ 3 Months Modified Files and Folders =============
2012-06-14 12:51 - 2012-06-14 12:51 - 00000000 ____D C:\FRST
2012-06-12 08:39 - 2012-06-12 08:39 - 00000000 ___AD C:\Users\Jessica\Documents\also kann ich das so schreiben.docx-copy2
2012-06-11 14:39 - 2012-01-11 10:49 - 00000000 __SHD C:\Users\Christine\AppData\Local\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}
2012-06-11 14:39 - 2010-02-21 16:47 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 14:39 - 2010-02-20 01:07 - 00000000 ____D C:\Users\Christine\Tracing
2012-06-11 14:38 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 14:38 - 2009-07-14 05:51 - 00057458 ____A C:\Windows\setupact.log
2012-06-11 14:02 - 2010-02-18 21:04 - 00000000 ____D C:\Users\Thomas\Tracing
2012-06-11 13:59 - 2012-06-11 13:59 - 00000000 ____D C:\Users\Thomas\Documents\FILSHtray
2012-06-11 13:59 - 2012-06-11 13:59 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Apple Computer
2012-06-11 13:59 - 2012-06-11 13:59 - 00000000 ____D C:\Users\Thomas\AppData\Local\FILSH_Media_GmbH
2012-06-11 13:59 - 2011-01-28 11:08 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype
2012-06-11 13:59 - 2010-02-18 22:39 - 00000000 ____D C:\Users\Thomas\AppData\Local\Adobe
2012-06-11 13:59 - 2010-02-18 21:41 - 00001330 _RASH C:\Users\Thomas\ntuser.pol
2012-06-11 13:59 - 2010-02-18 18:49 - 00121040 ____A C:\Users\Thomas\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-11 13:59 - 2010-02-18 18:49 - 00000000 ____D C:\users\Thomas
2012-06-11 13:27 - 2010-02-21 16:47 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-11 13:14 - 2009-08-17 13:18 - 00416500 ____A C:\Windows\PFRO.log
2012-06-11 13:08 - 2010-02-18 16:22 - 01257265 ____A C:\Windows\WindowsUpdate.log
2012-06-11 13:07 - 2012-06-11 13:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-11 13:07 - 2012-04-28 09:51 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-11 13:07 - 2012-01-07 16:54 - 00001912 ____A C:\Windows\epplauncher.mif
2012-06-11 13:06 - 2012-06-11 13:06 - 12633984 ____A (Microsoft Corporation) C:\Users\Christine\Downloads\mseinstall.exe
2012-06-11 13:06 - 2012-06-11 13:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-06-11 13:06 - 2011-03-06 19:18 - 01535576 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-11 13:06 - 2009-07-14 18:58 - 00659788 ____A C:\Windows\System32\perfh007.dat
2012-06-11 13:06 - 2009-07-14 18:58 - 00132060 ____A C:\Windows\System32\perfc007.dat
2012-06-11 12:47 - 2010-03-09 16:57 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Skype
2012-06-11 10:49 - 2012-06-11 10:49 - 00002063 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-06-11 10:49 - 2010-02-18 16:19 - 00000000 ____D C:\Users\All Users\Adobe
2012-06-11 10:49 - 2010-02-18 16:19 - 00000000 ____D C:\Program Files (x86)\Adobe
2012-06-11 10:35 - 2009-07-14 06:13 - 01513990 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 10:35 - 2009-07-14 05:45 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 10:35 - 2009-07-14 05:45 - 00009888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-11 10:26 - 2012-06-11 10:26 - 00015120 ____A C:\Users\Christine\Desktop\SCANPST - Verknüpfung.lnk
2012-06-11 10:14 - 2010-02-22 11:14 - 00000254 ____A C:\Windows\Tasks\Epson Printer Software Downloader.job
2012-06-11 08:46 - 2010-02-18 21:37 - 00000000 ____D C:\Users\Christine\Documents\CD privat
2012-06-10 17:33 - 2010-11-17 15:38 - 00000500 ___AH C:\Windows\Tasks\Norton Security Scan for Thomas.job
2012-06-08 08:44 - 2012-06-08 08:44 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-08 08:40 - 2012-04-28 09:51 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-08 08:40 - 2011-10-24 18:59 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-06 15:02 - 2012-06-06 15:02 - 00000000 ____D C:\Users\Christine\AppData\Local\Sonos,_Inc
2012-06-06 14:10 - 2012-06-06 14:10 - 00000867 ____A C:\Users\Public\Desktop\WiMP.lnk
2012-06-06 14:10 - 2012-06-06 14:10 - 00000000 ____D C:\Users\Christine\AppData\Roaming\com.aspiro.wimp.de.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
2012-06-06 14:10 - 2012-06-06 14:10 - 00000000 ____D C:\Program Files (x86)\WiMP
2012-06-06 13:45 - 2012-06-06 13:45 - 00001991 ____A C:\Users\Public\Desktop\Sonos.lnk
2012-06-06 13:45 - 2012-06-06 13:44 - 00000000 ____D C:\Users\All Users\Sonos,_Inc
2012-06-06 13:45 - 2010-02-18 21:31 - 00000000 ____D C:\Program Files (x86)\Sonos
2012-06-06 13:44 - 2011-03-06 19:09 - 00000000 ____D C:\Users\Christine\AppData\Local\Downloaded Installations
2012-06-06 13:44 - 2010-11-28 17:07 - 00000000 ____D C:\Windows\Downloaded Installations
2012-06-06 12:45 - 2012-06-06 12:45 - 00000000 ____D C:\Users\Public\Documents\{F0489EF2-D393-4114-85BA-A94D71D89543}
2012-06-06 12:44 - 2012-06-06 12:44 - 00000947 ____A C:\Users\Public\Desktop\Napster 5.0.lnk
2012-06-06 12:44 - 2012-06-06 12:44 - 00000000 ____D C:\Users\Christine\AppData\Roaming\com.Rhapsody.Napster5
2012-06-06 12:44 - 2012-06-06 12:44 - 00000000 ____D C:\Program Files (x86)\Napster 5.0
2012-06-06 12:24 - 2010-11-25 19:51 - 00000000 ____D C:\Users\All Users\Napster
2012-06-06 10:05 - 2012-01-11 17:33 - 00045378 ____A C:\Users\Christine\Documents\Haushaltsbuch2012.xlsx
2012-06-06 10:04 - 2010-02-18 21:37 - 00000000 ____D C:\Users\Christine\Documents\kinder
2012-06-05 13:53 - 2010-02-20 00:24 - 00000680 _RASH C:\Users\Christine\ntuser.pol
2012-06-05 13:53 - 2010-02-20 00:24 - 00000000 ____D C:\users\Christine
2012-06-04 19:23 - 2010-02-21 10:59 - 00000000 ____D C:\Users\Jessica\Tracing
2012-06-03 09:55 - 2010-02-20 00:27 - 00000000 ____D C:\Users\Christine\AppData\Local\Google
2012-06-02 22:59 - 2012-03-05 07:39 - 00000000 ____D C:\Users\Christine\Documents\Adobe
2012-06-02 22:59 - 2010-02-22 07:46 - 00000000 ____D C:\Users\Christine\AppData\Local\Adobe
2012-06-02 22:59 - 2010-02-20 00:45 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Adobe
2012-06-02 22:06 - 2012-06-02 22:06 - 00002099 ____A C:\Users\Public\Desktop\Lightroom 4 64-Bit.lnk
2012-06-02 22:06 - 2012-03-04 13:33 - 00000000 ____D C:\Users\All Users\SmartSound Software Inc
2012-06-02 22:06 - 2012-03-04 12:48 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-06-02 22:04 - 2012-03-04 13:27 - 00000000 ____D C:\Program Files\Adobe
2012-06-02 17:46 - 2010-02-19 16:49 - 00001332 _RASH C:\Users\Jessica\ntuser.pol
2012-06-02 17:46 - 2010-02-19 16:49 - 00000000 ____D C:\users\Jessica
2012-06-02 14:59 - 2011-01-28 13:47 - 00000000 ____D C:\Users\Svenja\AppData\Roaming\Skype
2012-06-02 13:56 - 2010-02-19 07:14 - 00004682 _RASH C:\Users\Svenja\ntuser.pol
2012-06-02 13:56 - 2010-02-19 07:14 - 00000000 ____D C:\users\Svenja
2012-05-31 13:16 - 2010-02-22 10:36 - 00000000 ____D C:\Users\Svenja\Tracing
2012-05-30 20:44 - 2012-05-30 20:44 - 00014549 ____A C:\Users\Christine\Downloads\Geschi.docx
2012-05-30 16:07 - 2011-11-04 13:59 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Skype
2012-05-30 15:12 - 2010-02-22 09:51 - 00000000 ____D C:\Users\Nicole\Tracing
2012-05-27 17:40 - 2012-05-27 17:40 - 03930504 ____A (http://yourfiledownloader.com) C:\Users\Christine\Downloads\griet_s_theme_sheet_downloader_352a.exe
2012-05-23 10:01 - 2012-04-03 19:05 - 00011978 ____A C:\Users\Christine\Documents\Svenja Mitteilungsblatt.xlsx
2012-05-18 18:18 - 2012-05-18 18:18 - 00000000 ____D C:\Users\Christine\AppData\Local\Windows Live
2012-05-18 18:18 - 2012-05-18 18:18 - 00000000 ____D C:\Users\Christine\AppData\Local\{F585D421-F89E-4860-9E66-47F708B70533}
2012-05-17 16:16 - 2012-05-17 16:16 - 00000000 ____D C:\Users\Nicole\Documents\FILSHtray
2012-05-17 16:16 - 2012-05-17 16:16 - 00000000 ____D C:\Users\Nicole\AppData\Local\FILSH_Media_GmbH
2012-05-17 16:16 - 2010-02-19 15:13 - 00001330 _RASH C:\Users\Nicole\ntuser.pol
2012-05-17 16:16 - 2010-02-19 15:13 - 00000000 ____D C:\users\Nicole
2012-05-15 20:44 - 2012-05-15 20:44 - 00013085 ____A C:\Users\Jessica\Documents\Spiele.docx
2012-05-15 18:40 - 2010-02-18 21:37 - 00000000 ____D C:\Users\Christine\Documents\schule
2012-05-15 14:02 - 2012-05-15 14:02 - 00011176 ____A C:\Users\Svenja\Documents\Quiz.docx
2012-05-15 06:45 - 2010-02-19 16:49 - 00000000 ____D C:\Users\Jessica\AppData\LocalLow
2012-05-11 02:33 - 2011-02-01 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 02:33 - 2009-07-14 05:45 - 00453752 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 02:13 - 2010-02-18 20:29 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 02:13 - 2010-02-18 16:29 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 02:01 - 2009-07-14 19:18 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-09 13:56 - 2012-05-09 13:56 - 00089239 ____A C:\Users\Svenja\Documents\bild von ronja.jpg
2012-05-09 13:31 - 2012-05-09 13:31 - 00013607 ____A C:\Users\Svenja\Documents\Christi Himmelfahrt.docx
2012-05-08 14:27 - 2010-02-18 21:37 - 00000000 ____D C:\Users\Christine\Documents\handball
2012-05-04 07:55 - 2012-05-01 22:54 - 00002447 ____A C:\Users\Christine\Downloads\tdausend2114816027.xml
2012-04-30 19:01 - 2011-01-10 13:08 - 06366208 ____A C:\Users\Svenja\Documents\Svenja.pst
2012-04-29 11:57 - 2012-04-29 11:57 - 01191936 ____A C:\Users\Christine\Documents\Posten.accdb
2012-04-28 22:18 - 2011-11-04 19:41 - 00000000 ____D C:\Users\Jessica\AppData\Roaming\Skype
2012-04-22 13:03 - 2012-04-22 13:03 - 00010161 ____A C:\Users\Svenja\Documents\b-day gäste.docx
2012-04-22 13:02 - 2012-04-22 12:42 - 00011196 ____A C:\Users\Svenja\Documents\Einladung!.docx
2012-04-15 19:39 - 2012-04-15 19:39 - 00003584 ____A C:\Users\Christine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-12 20:23 - 2012-04-12 20:23 - 00000000 ____D C:\Users\Jessica\AppData\Local\Apple
2012-04-04 15:43 - 2012-04-04 15:43 - 00000000 __RSD C:\Users\Christine\Documents\My Stationery
2012-04-03 13:19 - 2012-03-12 17:26 - 00583013 ____A C:\Users\Svenja\Documents\Rock'n'Roll.pptx
2012-04-03 12:09 - 2012-03-05 15:30 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-02 17:51 - 2010-02-18 21:37 - 00000000 ____D C:\Users\Christine\Documents\urlaub
2012-03-31 07:05 - 2012-05-10 11:48 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 05:39 - 2012-05-10 11:48 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-31 05:39 - 2012-05-10 11:48 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-31 04:10 - 2012-05-10 11:48 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 12:35 - 2012-05-10 11:48 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 11:14 - 2011-11-21 13:36 - 00187910 ____A C:\Users\Svenja\Documents\Wunschliste (13 Geburtsatg).docx
2012-03-30 11:14 - 2011-11-21 13:33 - 00014435 ____A C:\Users\Svenja\Documents\Wunschliste (weihnachten).docx
2012-03-28 12:50 - 2012-03-28 12:50 - 00014336 __ASH C:\Users\Svenja\Documents\Thumbs.db
2012-03-28 12:03 - 2010-02-22 10:39 - 00000000 ____D C:\Users\Svenja\AppData\Roaming\Adobe
2012-03-28 11:22 - 2010-02-19 07:14 - 00000000 ____D C:\Users\Svenja\AppData\LocalLow
2012-03-28 11:20 - 2010-02-24 12:28 - 00000000 ____D C:\Users\Svenja\AppData\Local\Adobe
2012-03-28 11:14 - 2012-03-28 11:13 - 00000000 ____D C:\Users\Svenja\Desktop\Svenja's Bilder
2012-03-26 13:03 - 2012-03-26 13:03 - 00000000 ____D C:\Users\Svenja\Documents\Adobe
2012-03-24 21:48 - 2012-03-24 20:44 - 1361023584 ____A C:\Users\Christine\Downloads\Slumdog_Millionaer_2012-02-26_2015_52500.mp4
2012-03-24 21:34 - 2012-03-24 20:42 - 1250785878 ____A C:\Users\Christine\Downloads\City_Slickers_Die_Grossstadthelden_2012-02-26_1545_52500.mp4
2012-03-24 21:34 - 2012-03-24 20:42 - 1056166378 ____A C:\Users\Christine\Downloads\Good_Night_and_Good_Luck_Der_Fall_McCa_2012-02-22_2315_52500.mp4
2012-03-24 21:14 - 2012-03-24 20:43 - 542940860 ____A C:\Users\Christine\Downloads\Die_Story_im_Ersten_2012-02-23_0730_52500.mp4
2012-03-24 20:51 - 2012-03-05 16:04 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-03-24 15:36 - 2012-03-24 15:36 - 00000000 ____D C:\Users\Christine\Documents\NewBlueFX
2012-03-24 15:19 - 2012-03-24 15:19 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Mozilla
2012-03-23 15:10 - 2012-03-23 15:10 - 05637699 ____A C:\Users\Christine\Unheilig - So wie Du warst.wma
2012-03-23 15:09 - 2012-03-23 15:09 - 05653415 ____A C:\Users\Christine\Jason Derulo - Breathing.wma
2012-03-23 15:08 - 2012-03-23 15:08 - 05510247 ____A C:\Users\Christine\Nickelback - Lullaby.wma
2012-03-23 15:07 - 2012-03-23 15:07 - 05411819 ____A C:\Users\Christine\Secondhand Serenade - Your Call.wma
2012-03-23 15:00 - 2012-03-23 15:00 - 05948699 ____A C:\Users\Christine\Christina Perri - jar of hearts.wma
2012-03-23 15:00 - 2012-03-23 15:00 - 05179719 ____A C:\Users\Christine\DEICHKIND - Partnerlook.wma
2012-03-23 15:00 - 2012-03-23 15:00 - 04883379 ____A C:\Users\Christine\DEICHKIND - Illegale Fans.wma
2012-03-23 15:00 - 2012-03-23 14:59 - 05947509 ____A C:\Users\Christine\DEICHKIND - Bück dich hoch.wma
2012-03-23 15:00 - 2012-03-23 14:59 - 05727499 ____A C:\Users\Christine\DEICHKIND - Befehl von ganz unten.wma
2012-03-23 14:59 - 2012-03-23 14:59 - 06127109 ____A C:\Users\Christine\DEICHKIND - Pferd aus Glas.wma
2012-03-23 14:59 - 2012-03-23 14:59 - 05772399 ____A C:\Users\Christine\DEICHKIND - Egolution.wma
2012-03-23 14:59 - 2012-03-23 14:59 - 05529939 ____A C:\Users\Christine\Party Hit Kings - Read All About It.wma
2012-03-23 14:59 - 2012-03-23 14:59 - 05489529 ____A C:\Users\Christine\Shontelle - Impossible [Main].wma
2012-03-23 14:54 - 2012-03-23 14:53 - 04636429 ____A C:\Users\Christine\DEICHKIND - Leider geil (Leider geil).wma
2012-03-23 14:53 - 2012-03-23 14:53 - 05794849 ____A C:\Users\Christine\Far East Movement - Live My Life.wma
2012-03-23 14:53 - 2012-03-23 14:52 - 05116859 ____A C:\Users\Christine\Tribute Mega Stars - Starships.wma
2012-03-23 14:53 - 2012-03-23 14:52 - 04910319 ____A C:\Users\Christine\Olly Murs feat. Rizzle Kicks - Heart Skips A Beat.wma
2012-03-23 14:52 - 2012-03-23 14:52 - 05256049 ____A C:\Users\Christine\Sean Paul - Temperature [Album Version].wma
2012-03-23 14:49 - 2012-03-23 14:49 - 00000000 ____D C:\Users\Nicole\AppData\Roaming\Apple Computer
2012-03-23 14:49 - 2010-02-19 15:13 - 00121040 ____A C:\Users\Nicole\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-23 14:48 - 2010-02-23 19:47 - 00000000 ____D C:\Users\Nicole\AppData\Local\Adobe
2012-03-20 19:44 - 2012-03-20 19:44 - 00203888 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 19:44 - 2012-03-20 19:44 - 00098688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-03-19 18:26 - 2012-03-19 18:26 - 00046080 ____A C:\Users\Christine\Documents\für 3.Englisch-Arbeit.doc
2012-03-17 08:58 - 2012-05-10 11:48 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
ZeroAccess:
C:\Windows\Installer\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}
C:\Windows\Installer\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\@
C:\Windows\Installer\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\L
C:\Windows\Installer\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\n
C:\Windows\Installer\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\U
ZeroAccess:
C:\Users\Christine\AppData\Local\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}
C:\Users\Christine\AppData\Local\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\@
C:\Users\Christine\AppData\Local\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\L
C:\Users\Christine\AppData\Local\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\n
C:\Users\Christine\AppData\Local\{4bdf890a-c9ab-d7ec-e71a-32795ead45f4}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 16%
Total physical RAM: 4031.18 MB
Available physical RAM: 3383.84 MB
Total Pagefile: 4029.33 MB
Available Pagefile: 3374.75 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:454.94 GB) (Free:345.82 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.73 GB) (Free:0.82 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.67 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Datentr„ger ### Status Gr”áe Frei Dyn GPT
--------------- ------------- ------- ------- --- ---
Datentr„ger 0 Online 465 GB 0 B
Datentr„ger 1 Online 954 MB 0 B
Partitions of Disk 0:
===============
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Wiederherstellun 10 GB 1024 KB
Partition 2 Prim„r 100 MB 10 GB
Partition 3 Prim„r 454 GB 10 GB
======================================================================================================
Disk: 0
Partition 1
Typ : 27
Versteckt: Ja
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 10 GB Fehlerfre Versteck
======================================================================================================
Disk: 0
Partition 2
Typ : 07
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Fehlerfre
======================================================================================================
Disk: 0
Partition 3
Typ : 07
Versteckt: Nein
Aktiv : Nein
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 454 GB Fehlerfre
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Typ GrӇe Offset
------------- ---------------- ------- -------
Partition 1 Prim„r 953 MB 16 KB
======================================================================================================
Disk: 1
Partition 1
Typ : 0E
Versteckt: Nein
Aktiv : Ja
Volume ### Bst Bezeichnung DS Typ GrӇe Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G KINGSTON FAT Wechselmed 953 MB Fehlerfre
======================================================================================================
==========================================================
Last Boot: 2012-06-07 23:14
======================= End Of Log ==========================
 
In other posts I ve seen that you want us to run FRST frist and post the log which I did. This is the log I got:
Click to expand...

Don't know where you saw this instruction, but we don't run it initially.

If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
================================================

My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.
==================================================
By the way, my only language is English. I am not responsible for entries in German.
 
Unfortunately I cant boot the system. When I boot I immediately get the message that the PC is infected and will shut down in one minute. Before the system is up and running it automatically shuts down and reboots again with the same message. I have Microsoft Security Essentials installed as AntiVirus Software.

What shall I do now?

Regardiing the instruction to run FRST this is where I found it:

https://www.techspot.com/community/topics/sirefef-y-and-sirefef-w.181616/
 
Bobbye asked me to take a look here...

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
4K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
midian182
Apple set to reveal M4 Macs and iPad mini 7 ahead of November launch
Replies
5
Views
447
passingposeidon
P

Latest posts

Back