TechSpot

[A] Trojan:Win32/Sirefef.AH! constantly reappears and desktop disappearing

By S Basu
Jun 13, 2012
  1. Hi.

    I have recently joined the forum. Last night I was working using my brother's laptop. It has Windows 7 OS with Microsoft security essentials present. But some how after working for sometime found that a pop window came and showing the following message "WINDOWS HAS ENCOUNTERED A CRITICAL PROBLEM AND WILL RESTART AUTOMATICALLY IN ONE MINUTE. PLEASE SAVE YOUR WORK NOW". After that it is auto restarting and couldnt figure out what to do. Infact the Microsoft security essentials is unable remove the virus.
    I feel very sorry for my brother. KINDLY HELP to fix this problem. I am writing this from my laptop which has Windows XP as I am unable to work on the infected laptop.

    Regards

    S Basu
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. S Basu

    S Basu TS Rookie Topic Starter

    Hi,
    Thanks a lot for such quick response. Will follow the instruction and post the details as soon as possible.
     
  4. S Basu

    S Basu TS Rookie Topic Starter

    Broni,
    As per your instruction I have downlowded Farbar Recovery Scan Tool 32-Bit and pluged the flash drive into the infected laptop. But I am unable to enter the the System Recovery Options from Advanced Boot Option. A new window opens heading "Windows Boot Manager" and tells that Windows failed to start. A recent hardware or software change might be the cause. to fix the problem
    1. Insert your windows installation disc......
    2. Choose your language.
    3. Click Repair... etc

    Now I dont have the Windows Installation Disc or may be we have lost it. What to do?
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're doing something wrong.
    It looks like your computer is still trying to boot to Windows.

    What happens here?
     
  6. S Basu

    S Basu TS Rookie Topic Starter

    The date and time settings cannot be changed. Though I took the Scan yesterday ie 17th , the computer date is showing as 14th. Any ways below is the details of the scan.


    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012 02
    Ran by SHARBARI at 14-06-2012 11:01:31
    Running from G:\
    Service Pack 1 (X86) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

    ========================== Registry (Whitelisted) =============

    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell] [x ] ()
    HKLM\...\InprocServer32: [Default-wbem] ATTENTION! ====> ZeroAccess
    HKLM\...\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
    ShortcutTarget: Kaspersky Security Scan.lnk -> C:\Program Files\Kaspersky Security Scan\KSS.exe ()
    Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-14 11:01 - 2012-06-14 11:01 - 00000000 ____D C:\FRST
    2012-06-13 01:53 - 2012-06-13 01:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-13 01:36 - 2012-06-14 11:00 - 03241472 ____A C:\Windows\ntbtlog.txt
    2012-06-10 21:38 - 2012-06-10 21:38 - 00000000 ____D C:\bc65a29436444c4a565c91f029
    2012-06-10 21:30 - 2012-06-10 21:37 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)
    2012-06-10 21:12 - 2012-06-10 21:12 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-06-10 21:04 - 2012-06-10 21:05 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
    2012-06-10 20:56 - 2012-06-10 21:07 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1
    2012-05-22 14:14 - 2012-06-07 10:41 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip
    2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Users\All Users\Tarma Installer
    2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Program Files\Yontoo
    2012-05-22 14:11 - 2012-05-22 14:11 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk
    2012-05-22 14:00 - 2012-05-22 14:00 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk
    2012-05-22 13:50 - 2012-05-22 14:10 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe
    2012-05-22 13:48 - 2012-05-22 13:49 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar
    2012-05-22 13:48 - 2012-05-22 13:49 - 00000000 ____D C:\Program Files\Application Updater
    2012-05-22 13:48 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\Common Files\Spigot

    ============ 3 Months Modified Files and Folders ===============

    2012-06-14 11:02 - 2010-05-24 23:32 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\uTorrent
    2012-06-14 11:02 - 2010-05-16 17:45 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\DNA
    2012-06-14 11:02 - 2010-04-14 17:31 - 00000425 ____A C:\Users\All Users\HPWALog.txt
    2012-06-14 11:02 - 2010-03-12 16:17 - 00000177 ____H C:\dvmexp.idx
    2012-06-14 11:01 - 2012-06-14 11:01 - 00000000 ____D C:\FRST
    2012-06-14 11:01 - 2011-08-08 23:39 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\FileServe Manager
    2012-06-14 11:01 - 2011-05-06 11:02 - 00055721 ____A C:\Windows\setupact.log
    2012-06-14 11:01 - 2010-08-16 22:52 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-14 11:01 - 2009-07-14 10:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-14 11:00 - 2012-06-13 01:36 - 03241472 ____A C:\Windows\ntbtlog.txt
    2012-06-13 02:10 - 2010-03-12 15:42 - 01753639 ____A C:\Windows\WindowsUpdate.log
    2012-06-13 01:53 - 2012-06-13 01:53 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-13 01:53 - 2011-02-23 18:17 - 00000000 __SHD C:\Config.Msi
    2012-06-13 01:53 - 2011-01-31 23:39 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-13 01:53 - 2009-09-07 04:32 - 00722802 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-13 01:51 - 2011-03-02 01:56 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\Orbit
    2012-06-13 01:38 - 2012-01-11 22:06 - 00000000 __SHD C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}
    2012-06-13 01:37 - 2010-08-16 22:52 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-13 01:36 - 2009-07-14 10:23 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-10 21:38 - 2012-06-10 21:38 - 00000000 ____D C:\bc65a29436444c4a565c91f029
    2012-06-10 21:37 - 2012-06-10 21:30 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)
    2012-06-10 21:33 - 2010-04-25 00:42 - 00129024 ____A C:\Users\SHARBARI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-10 21:28 - 2009-12-22 07:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-10 21:12 - 2012-06-10 21:12 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-06-10 21:11 - 2011-10-02 20:43 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\vlc
    2012-06-10 21:07 - 2012-06-10 20:56 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1
    2012-06-10 21:05 - 2012-06-10 21:04 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
    2012-06-10 21:03 - 2009-07-14 10:04 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-10 21:03 - 2009-07-14 10:04 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-07 10:41 - 2012-05-22 14:14 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip
    2012-06-07 09:55 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-07 09:49 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-05-22 14:25 - 2010-04-14 17:27 - 00000000 ____D C:\users\SHARBARI
    2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Users\All Users\Tarma Installer
    2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Program Files\Yontoo
    2012-05-22 14:13 - 2012-01-23 17:05 - 00000000 ____D C:\Program Files\WinZipBar
    2012-05-22 14:13 - 2010-11-26 00:35 - 00000000 ____D C:\Users\All Users\WinZip
    2012-05-22 14:11 - 2012-05-22 14:11 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk
    2012-05-22 14:11 - 2010-04-14 19:29 - 00000000 ____D C:\Program Files\WinZip
    2012-05-22 14:10 - 2012-05-22 13:50 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe
    2012-05-22 14:00 - 2012-05-22 14:00 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk
    2012-05-22 13:49 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar
    2012-05-22 13:49 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\Application Updater
    2012-05-22 13:49 - 2010-04-14 17:27 - 00000000 ____D C:\Users\SHARBARI\AppData\LocalLow
    2012-05-22 13:48 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\Common Files\Spigot
    2012-05-22 13:47 - 2009-07-14 08:07 - 00000000 ___RD C:\users\Public
    2012-05-22 13:41 - 2011-07-31 10:12 - 00017020 ____A C:\Windows\PFRO.log
    2012-04-26 20:08 - 2011-11-10 22:01 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-04-22 23:47 - 2009-12-22 09:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-04-22 23:42 - 2010-04-15 21:55 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\dvdcss
    2012-04-22 23:12 - 2009-07-14 10:03 - 00418208 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-03-31 10:09 - 2012-04-22 23:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-03-31 10:09 - 2012-04-22 23:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-31 08:06 - 2012-04-22 23:51 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-03-30 15:53 - 2012-04-22 23:52 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-20 20:44 - 2012-03-20 20:44 - 00171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-03-20 20:44 - 2012-03-20 20:44 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-03-17 12:57 - 2012-04-22 23:43 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys


    ZeroAccess:
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\@
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\L
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\n
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\U

    ZeroAccess:
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\@
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\L
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-14 04:41] - [2009-07-14 06:44] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: <===== ATTENTION!
    HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
    HKLM\...\exefile\open\command: <===== ATTENTION!

    ========================= Memory info ======================

    Percentage of memory in use: 39%
    Total physical RAM: 1910.84 MB
    Available physical RAM: 1157.93 MB
    Total Pagefile: 3821.68 MB
    Available Pagefile: 3059.41 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1928.01 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:142.28 GB) (Free:69.85 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: () (Fixed) (Total:155.51 GB) (Free:30.88 GB) NTFS
    3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive g: () (Removable) (Total:1.9 GB) (Free:0.01 GB) FAT32

    DiskPart has encountered an error: The RPC server is unavailable.
    See the System Event Log for more information.


    ==========================================================

    Last Boot: 2012-03-02 23:42

    ======================= End Of Log ==========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You ran the tool from within Windows. That won't work.
    You have to boot to System Recovery Options.
    We can't fix your issue from within Windows.

    Also, please don't change your post font as it's harder to read.
     
  8. S Basu

    S Basu TS Rookie Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012 02
    Ran by SYSTEM at 14-06-2012 11:07:23
    Running from H:\
    Windows 7 Home Basic (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-11-06] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [175128 2009-11-06] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [166936 2009-11-06] (Intel Corporation)
    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [282624 2009-05-14] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-20] (IDT, Inc.)
    HKLM\...\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [567864 2009-08-25] ()
    HKLM\...\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.)
    HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
    HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM\...\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-24] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-23] (Yahoo! Inc)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
    HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
    HKLM\...\Run: [FileServe Manager Task] "C:\Program Files\FileServe Manager\FSStarter.exe" [954648 2011-06-20] (FileServe Limited)
    HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE [1698744 2011-09-19] (MusicLab, LLC)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [992648 2012-05-25] (Spigot, Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\SHARBARI\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-10-16] (Hewlett-Packard Company)
    HKU\SHARBARI\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
    HKU\SHARBARI\...\Run: [BitTorrent DNA] "C:\Users\SHARBARI\Program Files\DNA\btdna.exe" [323392 2010-05-16] (BitTorrent, Inc.)
    HKU\SHARBARI\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [395640 2011-01-16] (BitTorrent, Inc.)
    HKU\SHARBARI\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)
    HKU\SHARBARI\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-05-31] (Yahoo! Inc.)
    HKU\SHARBARI\...\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
    HKU\SHARBARI\...\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme [x]
    HKU\SHARBARI\...\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1479680 2010-05-13] (Nokia)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll
    Tcpip\..\Interfaces\{7CEE0C2C-1FA1-4527-A85D-65C23D4E06AF}: [NameServer]10.10.0.1,4.2.2.2
    Lsa: [Notification Packages] scecli
    DPPWDFLT
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
    ShortcutTarget: Kaspersky Security Scan.lnk -> C:\Program Files\Kaspersky Security Scan\KSS.exe ()
    Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
    ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
    ================================ Services (Whitelisted) ==================
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
    2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [785344 2012-05-25] (Spigot, Inc.)
    3 Boonty Games; "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [69120 2010-09-20] (BOONTY)
    2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [582944 2009-07-30] (Broadcom Corporation.)
    2 DvmMDES; "C:\SPLASH.SYS\config\DVMExportService.exe" [323584 2009-07-08] (DeviceVM, Inc.)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    3 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [246520 2010-06-18] (WildTangent, Inc.)
    3 hkmsvc; C:\Windows\System32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation)
    2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [120832 2009-10-15] (Hewlett-Packard)
    3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG)
    2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe [221266 2009-10-20] (IDT, Inc.)
    2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-12] (Validity Sensors, Inc.)
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
    3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
    ========================== Drivers (Whitelisted) =============
    1 DVMIO; \??\C:\SPLASH.SYS\config\dvmio.sys [17624 2009-09-29] (DeviceVM, Inc.)
    1 ElRawDisk; \??\C:\Windows\system32\drivers\dddsk.sys [22312 2009-02-12] (EldoS Corporation)
    0 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation)
    3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-25] (Nokia)
    3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2011-01-16] (VSO Software)
    3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [150048 2009-11-12] (Realtek Semiconductor Corp.)
    3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [181792 2009-11-12] (Realtek Semiconductor Corp.)
    3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_i386.sys [39808 2007-07-25] ()
    3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
    3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
    3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
    3 usbser; C:\Windows\system32\drivers\usbser.sys [27648 2010-11-20] (Microsoft Corporation)
    3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2010-12-01] (Nokia)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)
    1 bprrenqy; \??\C:\Windows\system32\drivers\bprrenqy.sys [x]
    1 enkcykrx; \??\C:\Windows\system32\drivers\enkcykrx.sys [x]
    1 hhtxggve; \??\C:\Windows\system32\drivers\hhtxggve.sys [x]
    3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [x]
    1 tsbohyrq; \??\C:\Windows\system32\drivers\tsbohyrq.sys [x]
    1 ttbrkkxa; \??\C:\Windows\system32\drivers\ttbrkkxa.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-13 21:31 - 2012-06-14 11:07 - 00000000 ____D C:\FRST
    2012-06-12 12:23 - 2012-06-12 12:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-12 12:06 - 2012-06-13 21:30 - 03241472 ____A C:\Windows\ntbtlog.txt
    2012-06-10 08:08 - 2012-06-10 08:08 - 00000000 ____D C:\bc65a29436444c4a565c91f029
    2012-06-10 08:00 - 2012-06-10 08:07 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)
    2012-06-10 07:42 - 2012-06-10 07:42 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-06-10 07:34 - 2012-06-10 07:35 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
    2012-06-10 07:26 - 2012-06-10 07:37 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1
    2012-05-22 00:44 - 2012-06-06 21:11 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip
    2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Users\All Users\Tarma Installer
    2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Program Files\Yontoo
    2012-05-22 00:41 - 2012-05-22 00:41 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk
    2012-05-22 00:30 - 2012-05-22 00:30 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk
    2012-05-22 00:20 - 2012-05-22 00:40 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe
    2012-05-22 00:18 - 2012-05-22 00:19 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar
    2012-05-22 00:18 - 2012-05-22 00:19 - 00000000 ____D C:\Program Files\Application Updater
    2012-05-22 00:18 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\Common Files\Spigot
    ============ 3 Months Modified Files and Folders ===============
    2012-06-14 11:00 - 2010-04-14 04:11 - 00000000 ____D C:\Users\All Users\Recovery
    2012-06-13 21:31 - 2011-08-08 10:09 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\FileServe Manager
    2012-06-13 21:31 - 2010-05-24 10:02 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\uTorrent
    2012-06-13 21:31 - 2010-05-16 04:15 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\DNA
    2012-06-13 21:31 - 2010-03-12 02:47 - 00000177 ____H C:\dvmexp.idx
    2012-06-13 21:30 - 2012-06-12 12:06 - 03241472 ____A C:\Windows\ntbtlog.txt
    2012-06-13 21:30 - 2011-05-05 21:32 - 00056505 ____A C:\Windows\setupact.log
    2012-06-13 21:30 - 2010-08-16 09:22 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-13 21:30 - 2010-04-14 04:01 - 00000174 ____A C:\Users\All Users\HPWALog.txt
    2012-06-13 21:30 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-12 12:40 - 2010-03-12 02:12 - 01753639 ____A C:\Windows\WindowsUpdate.log
    2012-06-12 12:23 - 2012-06-12 12:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-12 12:23 - 2011-02-23 04:47 - 00000000 __SHD C:\Config.Msi
    2012-06-12 12:23 - 2011-01-31 10:09 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-12 12:23 - 2009-09-06 15:02 - 00722802 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-12 12:21 - 2011-03-01 12:26 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\Orbit
    2012-06-12 12:08 - 2012-01-11 08:36 - 00000000 __SHD C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}
    2012-06-12 12:07 - 2010-08-16 09:22 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-12 12:06 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-10 08:08 - 2012-06-10 08:08 - 00000000 ____D C:\bc65a29436444c4a565c91f029
    2012-06-10 08:07 - 2012-06-10 08:00 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)
    2012-06-10 08:03 - 2010-04-24 11:12 - 00129024 ____A C:\Users\SHARBARI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-10 07:58 - 2009-12-21 18:10 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-06-10 07:42 - 2012-06-10 07:42 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
    2012-06-10 07:41 - 2011-10-02 07:13 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\vlc
    2012-06-10 07:37 - 2012-06-10 07:26 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1
    2012-06-10 07:35 - 2012-06-10 07:34 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
    2012-06-10 07:33 - 2009-07-13 20:34 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-10 07:33 - 2009-07-13 20:34 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-06 21:11 - 2012-05-22 00:44 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip
    2012-06-06 20:25 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-06 20:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-05-22 00:55 - 2010-04-14 03:57 - 00000000 ____D C:\users\SHARBARI
    2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Users\All Users\Tarma Installer
    2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Program Files\Yontoo
    2012-05-22 00:43 - 2012-01-23 03:35 - 00000000 ____D C:\Program Files\WinZipBar
    2012-05-22 00:43 - 2010-11-25 11:05 - 00000000 ____D C:\Users\All Users\WinZip
    2012-05-22 00:41 - 2012-05-22 00:41 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk
    2012-05-22 00:41 - 2010-04-14 05:59 - 00000000 ____D C:\Program Files\WinZip
    2012-05-22 00:40 - 2012-05-22 00:20 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe
    2012-05-22 00:30 - 2012-05-22 00:30 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk
    2012-05-22 00:19 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar
    2012-05-22 00:19 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\Application Updater
    2012-05-22 00:19 - 2010-04-14 03:57 - 00000000 ____D C:\Users\SHARBARI\AppData\LocalLow
    2012-05-22 00:18 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\Common Files\Spigot
    2012-05-22 00:17 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
    2012-05-22 00:11 - 2011-07-30 20:42 - 00017020 ____A C:\Windows\PFRO.log
    2012-04-26 06:38 - 2011-11-10 08:31 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-04-22 10:17 - 2009-12-21 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-04-22 10:12 - 2010-04-15 08:25 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\dvdcss
    2012-04-22 09:42 - 2009-07-13 20:33 - 00418208 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-03-30 20:39 - 2012-04-22 10:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-03-30 20:39 - 2012-04-22 10:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-30 18:36 - 2012-04-22 10:21 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-03-30 02:23 - 2012-04-22 10:22 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-20 07:14 - 2012-03-20 07:14 - 00171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-03-20 07:14 - 2012-03-20 07:14 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

    ZeroAccess:
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\@
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\L
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\n
    C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\U
    ZeroAccess:
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\@
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\L
    C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 27%
    Total physical RAM: 1910.84 MB
    Available physical RAM: 1378.87 MB
    Total Pagefile: 1910.84 MB
    Available Pagefile: 1385.77 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1977.62 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:142.28 GB) (Free:69.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: () (Fixed) (Total:155.51 GB) (Free:30.88 GB) NTFS
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    4 Drive g: (Recovery14) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
    5 Drive h: () (Removable) (Total:1.9 GB) (Free:0.01 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 1953 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 142 GB 200 MB
    Partition 0 Extended 155 GB 142 GB
    Partition 4 Logical 155 GB 142 GB
    Partition 3 Primary 103 MB 297 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 142 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D NTFS Partition 155 GB Healthy
    ======================================================================================================
    Disk: 0
    Partition 3
    Type : 0C
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1952 MB 122 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 1952 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-03-02 10:12
    ======================= End Of Log ==========================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...