Inactive [A] Trojan:Win32/Sirefef.AH! constantly reappears and desktop disappearing

[S Basu]

[FONT=Arial]Hi.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]I have recently joined the forum. Last night I was working using my brother's laptop. It has Windows 7 OS with Microsoft security essentials present. But some how after working for sometime found that a pop window came and showing the following message "WINDOWS HAS ENCOUNTERED A CRITICAL PROBLEM AND WILL RESTART AUTOMATICALLY IN ONE MINUTE. PLEASE SAVE YOUR WORK NOW". After that it is auto restarting and couldnt figure out what to do. Infact the Microsoft security essentials is unable remove the virus.[/FONT]
[FONT=Arial]I feel very sorry for my brother. KINDLY HELP to fix this problem. I am writing this from my laptop which has Windows XP as I am unable to work on the infected laptop.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Regards[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]S Basu[/FONT]

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[S Basu]

Hi,
Thanks a lot for such quick response. Will follow the instruction and post the details as soon as possible.

 

[S Basu]

Broni,
As per your instruction I have downlowded Farbar Recovery Scan Tool 32-Bit and pluged the flash drive into the infected laptop. But I am unable to enter the the System Recovery Options from Advanced Boot Option. A new window opens heading "Windows Boot Manager" and tells that Windows failed to start. A recent hardware or software change might be the cause. to fix the problem
1. Insert your windows installation disc......
2. Choose your language.
3. Click Repair... etc

Now I dont have the Windows Installation Disc or may be we have lost it. What to do?

 

[Broni]

You're doing something wrong.
It looks like your computer is still trying to boot to Windows.

What happens here?

As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.

 

[S Basu]

[FONT=Times New Roman]The date and time settings cannot be changed. Though I took the Scan yesterday ie 17th , the computer date is showing as 14th. Any ways below is the details of the scan.[/FONT]


[FONT=Times New Roman]Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012 02[/FONT]
[FONT=Times New Roman]Ran by SHARBARI at 14-06-2012 11:01:31[/FONT]
[FONT=Times New Roman]Running from G:\[/FONT]
[FONT=Times New Roman] Service Pack 1 (X86) OS Language: English(US) [/FONT]
[FONT=Times New Roman]Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]========================== Registry (Whitelisted) =============[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]HKLM\...\Winlogon: [Userinit] [x][/FONT]
[FONT=Times New Roman]HKLM\...\Winlogon: [Shell] [x ] ()[/FONT]
[FONT=Times New Roman]HKLM\...\InprocServer32: [Default-wbem] ATTENTION! ====> ZeroAccess[/FONT]
[FONT=Times New Roman]HKLM\...\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess[/FONT]
[FONT=Times New Roman]Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk[/FONT]
[FONT=Times New Roman]ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)[/FONT]
[FONT=Times New Roman]Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk[/FONT]
[FONT=Times New Roman]ShortcutTarget: Kaspersky Security Scan.lnk -> C:\Program Files\Kaspersky Security Scan\KSS.exe ()[/FONT]
[FONT=Times New Roman]Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk[/FONT]
[FONT=Times New Roman]ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)[/FONT]
[FONT=Times New Roman]Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk[/FONT]
[FONT=Times New Roman]ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]================================ Services (Whitelisted) ==================[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]========================== Drivers (Whitelisted) =============[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]========================== NetSvcs (Whitelisted) ===========[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]============ One Month Created Files and Folders ==============[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]2012-06-14 11:01 - 2012-06-14 11:01 - 00000000 ____D C:\FRST[/FONT]
[FONT=Times New Roman]2012-06-13 01:53 - 2012-06-13 01:53 - 00000000 ____D C:\Program Files\Microsoft Security Client[/FONT]
[FONT=Times New Roman]2012-06-13 01:36 - 2012-06-14 11:00 - 03241472 ____A C:\Windows\ntbtlog.txt[/FONT]
[FONT=Times New Roman]2012-06-10 21:38 - 2012-06-10 21:38 - 00000000 ____D C:\bc65a29436444c4a565c91f029[/FONT]
[FONT=Times New Roman]2012-06-10 21:30 - 2012-06-10 21:37 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)[/FONT]
[FONT=Times New Roman]2012-06-10 21:12 - 2012-06-10 21:12 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED[/FONT]
[FONT=Times New Roman]2012-06-10 21:04 - 2012-06-10 21:05 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo[/FONT]
[FONT=Times New Roman]2012-06-10 20:56 - 2012-06-10 21:07 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1[/FONT]
[FONT=Times New Roman]2012-05-22 14:14 - 2012-06-07 10:41 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip[/FONT]
[FONT=Times New Roman]2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Users\All Users\Tarma Installer[/FONT]
[FONT=Times New Roman]2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Program Files\Yontoo[/FONT]
[FONT=Times New Roman]2012-05-22 14:11 - 2012-05-22 14:11 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk[/FONT]
[FONT=Times New Roman]2012-05-22 14:00 - 2012-05-22 14:00 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk[/FONT]
[FONT=Times New Roman]2012-05-22 13:50 - 2012-05-22 14:10 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe[/FONT]
[FONT=Times New Roman]2012-05-22 13:48 - 2012-05-22 13:49 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar[/FONT]
[FONT=Times New Roman]2012-05-22 13:48 - 2012-05-22 13:49 - 00000000 ____D C:\Program Files\Application Updater[/FONT]
[FONT=Times New Roman]2012-05-22 13:48 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\Common Files\Spigot[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]============ 3 Months Modified Files and Folders ===============[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]2012-06-14 11:02 - 2010-05-24 23:32 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\uTorrent[/FONT]
[FONT=Times New Roman]2012-06-14 11:02 - 2010-05-16 17:45 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\DNA[/FONT]
[FONT=Times New Roman]2012-06-14 11:02 - 2010-04-14 17:31 - 00000425 ____A C:\Users\All Users\HPWALog.txt[/FONT]
[FONT=Times New Roman]2012-06-14 11:02 - 2010-03-12 16:17 - 00000177 ____H C:\dvmexp.idx[/FONT]
[FONT=Times New Roman]2012-06-14 11:01 - 2012-06-14 11:01 - 00000000 ____D C:\FRST[/FONT]
[FONT=Times New Roman]2012-06-14 11:01 - 2011-08-08 23:39 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\FileServe Manager[/FONT]
[FONT=Times New Roman]2012-06-14 11:01 - 2011-05-06 11:02 - 00055721 ____A C:\Windows\setupact.log[/FONT]
[FONT=Times New Roman]2012-06-14 11:01 - 2010-08-16 22:52 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job[/FONT]
[FONT=Times New Roman]2012-06-14 11:01 - 2009-07-14 10:23 - 00000006 ___AH C:\Windows\Tasks\SA.DAT[/FONT]
[FONT=Times New Roman]2012-06-14 11:00 - 2012-06-13 01:36 - 03241472 ____A C:\Windows\ntbtlog.txt[/FONT]
[FONT=Times New Roman]2012-06-13 02:10 - 2010-03-12 15:42 - 01753639 ____A C:\Windows\WindowsUpdate.log[/FONT]
[FONT=Times New Roman]2012-06-13 01:53 - 2012-06-13 01:53 - 00000000 ____D C:\Program Files\Microsoft Security Client[/FONT]
[FONT=Times New Roman]2012-06-13 01:53 - 2011-02-23 18:17 - 00000000 __SHD C:\Config.Msi[/FONT]
[FONT=Times New Roman]2012-06-13 01:53 - 2011-01-31 23:39 - 00001945 ____A C:\Windows\epplauncher.mif[/FONT]
[FONT=Times New Roman]2012-06-13 01:53 - 2009-09-07 04:32 - 00722802 ____A C:\Windows\System32\PerfStringBackup.INI[/FONT]
[FONT=Times New Roman]2012-06-13 01:51 - 2011-03-02 01:56 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\Orbit[/FONT]
[FONT=Times New Roman]2012-06-13 01:38 - 2012-01-11 22:06 - 00000000 __SHD C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}[/FONT]
[FONT=Times New Roman]2012-06-13 01:37 - 2010-08-16 22:52 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job[/FONT]
[FONT=Times New Roman]2012-06-13 01:36 - 2009-07-14 10:23 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT[/FONT]
[FONT=Times New Roman]2012-06-10 21:38 - 2012-06-10 21:38 - 00000000 ____D C:\bc65a29436444c4a565c91f029[/FONT]
[FONT=Times New Roman]2012-06-10 21:37 - 2012-06-10 21:30 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)[/FONT]
[FONT=Times New Roman]2012-06-10 21:33 - 2010-04-25 00:42 - 00129024 ____A C:\Users\SHARBARI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[/FONT]
[FONT=Times New Roman]2012-06-10 21:28 - 2009-12-22 07:40 - 00000000 ____D C:\Users\All Users\Microsoft Help[/FONT]
[FONT=Times New Roman]2012-06-10 21:12 - 2012-06-10 21:12 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED[/FONT]
[FONT=Times New Roman]2012-06-10 21:11 - 2011-10-02 20:43 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\vlc[/FONT]
[FONT=Times New Roman]2012-06-10 21:07 - 2012-06-10 20:56 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1[/FONT]
[FONT=Times New Roman]2012-06-10 21:05 - 2012-06-10 21:04 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo[/FONT]
[FONT=Times New Roman]2012-06-10 21:03 - 2009-07-14 10:04 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]
[FONT=Times New Roman]2012-06-10 21:03 - 2009-07-14 10:04 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]
[FONT=Times New Roman]2012-06-07 10:41 - 2012-05-22 14:14 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip[/FONT]
[FONT=Times New Roman]2012-06-07 09:55 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\System32\NDF[/FONT]
[FONT=Times New Roman]2012-06-07 09:49 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\Microsoft.NET[/FONT]
[FONT=Times New Roman]2012-05-22 14:25 - 2010-04-14 17:27 - 00000000 ____D C:\users\SHARBARI[/FONT]
[FONT=Times New Roman]2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Users\All Users\Tarma Installer[/FONT]
[FONT=Times New Roman]2012-05-22 14:14 - 2012-05-22 14:14 - 00000000 ____D C:\Program Files\Yontoo[/FONT]
[FONT=Times New Roman]2012-05-22 14:13 - 2012-01-23 17:05 - 00000000 ____D C:\Program Files\WinZipBar[/FONT]
[FONT=Times New Roman]2012-05-22 14:13 - 2010-11-26 00:35 - 00000000 ____D C:\Users\All Users\WinZip[/FONT]
[FONT=Times New Roman]2012-05-22 14:11 - 2012-05-22 14:11 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk[/FONT]
[FONT=Times New Roman]2012-05-22 14:11 - 2010-04-14 19:29 - 00000000 ____D C:\Program Files\WinZip[/FONT]
[FONT=Times New Roman]2012-05-22 14:10 - 2012-05-22 13:50 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe[/FONT]
[FONT=Times New Roman]2012-05-22 14:00 - 2012-05-22 14:00 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk[/FONT]
[FONT=Times New Roman]2012-05-22 13:49 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar[/FONT]
[FONT=Times New Roman]2012-05-22 13:49 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\Application Updater[/FONT]
[FONT=Times New Roman]2012-05-22 13:49 - 2010-04-14 17:27 - 00000000 ____D C:\Users\SHARBARI\AppData\LocalLow[/FONT]
[FONT=Times New Roman]2012-05-22 13:48 - 2012-05-22 13:48 - 00000000 ____D C:\Program Files\Common Files\Spigot[/FONT]
[FONT=Times New Roman]2012-05-22 13:47 - 2009-07-14 08:07 - 00000000 ___RD C:\users\Public[/FONT]
[FONT=Times New Roman]2012-05-22 13:41 - 2011-07-31 10:12 - 00017020 ____A C:\Windows\PFRO.log[/FONT]
[FONT=Times New Roman]2012-04-26 20:08 - 2011-11-10 22:01 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe[/FONT]
[FONT=Times New Roman]2012-04-22 23:47 - 2009-12-22 09:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight[/FONT]
[FONT=Times New Roman]2012-04-22 23:42 - 2010-04-15 21:55 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\dvdcss[/FONT]
[FONT=Times New Roman]2012-04-22 23:12 - 2009-07-14 10:03 - 00418208 ____A C:\Windows\System32\FNTCACHE.DAT[/FONT]
[FONT=Times New Roman]2012-03-31 10:09 - 2012-04-22 23:51 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe[/FONT]
[FONT=Times New Roman]2012-03-31 10:09 - 2012-04-22 23:51 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe[/FONT]
[FONT=Times New Roman]2012-03-31 08:06 - 2012-04-22 23:51 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys[/FONT]
[FONT=Times New Roman]2012-03-30 15:53 - 2012-04-22 23:52 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys[/FONT]
[FONT=Times New Roman]2012-03-20 20:44 - 2012-03-20 20:44 - 00171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys[/FONT]
[FONT=Times New Roman]2012-03-20 20:44 - 2012-03-20 20:44 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys[/FONT]
[FONT=Times New Roman]2012-03-17 12:57 - 2012-04-22 23:43 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]ZeroAccess:[/FONT]
[FONT=Times New Roman]C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}[/FONT]
[FONT=Times New Roman]C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\@[/FONT]
[FONT=Times New Roman]C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\L[/FONT]
[FONT=Times New Roman]C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\n[/FONT]
[FONT=Times New Roman]C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\U[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]ZeroAccess:[/FONT]
[FONT=Times New Roman]C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}[/FONT]
[FONT=Times New Roman]C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\@[/FONT]
[FONT=Times New Roman]C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\L[/FONT]
[FONT=Times New Roman]C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\U[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]========================= Known DLLs (Whitelisted) ============[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]========================= Bamital & volsnap Check ============[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]C:\Windows\explorer.exe => MD5 is legit[/FONT]
[FONT=Times New Roman]C:\Windows\System32\winlogon.exe => MD5 is legit[/FONT]
[FONT=Times New Roman]C:\Windows\System32\wininit.exe => MD5 is legit[/FONT]
[FONT=Times New Roman]C:\Windows\System32\svchost.exe => MD5 is legit[/FONT]
[FONT=Times New Roman]C:\Windows\System32\services.exe[/FONT]
[FONT=Times New Roman][2009-07-14 04:41] - [2009-07-14 06:44] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]C:\Windows\System32\User32.dll => MD5 is legit[/FONT]
[FONT=Times New Roman]C:\Windows\System32\userinit.exe => MD5 is legit[/FONT]
[FONT=Times New Roman]C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]==================== EXE ASSOCIATION =====================[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]HKLM\...\.exe: <===== ATTENTION![/FONT]
[FONT=Times New Roman]HKLM\...\exefile\DefaultIcon: <===== ATTENTION![/FONT]
[FONT=Times New Roman]HKLM\...\exefile\open\command: <===== ATTENTION![/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]========================= Memory info ====================== [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Percentage of memory in use: 39%[/FONT]
[FONT=Times New Roman]Total physical RAM: 1910.84 MB[/FONT]
[FONT=Times New Roman]Available physical RAM: 1157.93 MB[/FONT]
[FONT=Times New Roman]Total Pagefile: 3821.68 MB[/FONT]
[FONT=Times New Roman]Available Pagefile: 3059.41 MB[/FONT]
[FONT=Times New Roman]Total Virtual: 2047.88 MB[/FONT]
[FONT=Times New Roman]Available Virtual: 1928.01 MB[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]======================= Partitions =========================[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]1 Drive c: () (Fixed) (Total:142.28 GB) (Free:69.85 GB) NTFS ==>[System with boot components (obtained from reading drive)][/FONT]
[FONT=Times New Roman]2 Drive d: () (Fixed) (Total:155.51 GB) (Free:30.88 GB) NTFS[/FONT]
[FONT=Times New Roman]3 Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32[/FONT]
[FONT=Times New Roman]5 Drive g: () (Removable) (Total:1.9 GB) (Free:0.01 GB) FAT32[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]DiskPart has encountered an error: The RPC server is unavailable.[/FONT]
[FONT=Times New Roman]See the System Event Log for more information.[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]==========================================================[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]Last Boot: 2012-03-02 23:42[/FONT]
[FONT=Times New Roman] [/FONT]
[FONT=Times New Roman]======================= End Of Log ==========================[/FONT]

 

[Broni]

You ran the tool from within Windows. That won't work.
You have to boot to System Recovery Options.
We can't fix your issue from within Windows.

Also, please don't change your post font as it's harder to read.

 

[S Basu]

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 12-06-2012 02
Ran by SYSTEM at 14-06-2012 11:07:23
Running from H:\
Windows 7 Home Basic (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-11-06] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [175128 2009-11-06] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [166936 2009-11-06] (Intel Corporation)
HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [282624 2009-05-14] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [495708 2009-10-20] (IDT, Inc.)
HKLM\...\Run: [HPCam_Menu] "c:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [567864 2009-08-25] ()
HKLM\...\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-07-01] (DigitalPersona, Inc.)
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [600936 2009-06-29] (Symantec Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM\...\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31072 2008-10-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [111856 2009-02-23] (Yahoo! Inc)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [FileServe Manager Task] "C:\Program Files\FileServe Manager\FSStarter.exe" [954648 2011-06-20] (FileServe Limited)
HKLM\...\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE [1698744 2011-09-19] (MusicLab, LLC)
HKLM\...\Run: [] [x]
HKLM\...\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe" [992648 2012-05-25] (Spigot, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\SHARBARI\...\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-10-16] (Hewlett-Packard Company)
HKU\SHARBARI\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\SHARBARI\...\Run: [BitTorrent DNA] "C:\Users\SHARBARI\Program Files\DNA\btdna.exe" [323392 2010-05-16] (BitTorrent, Inc.)
HKU\SHARBARI\...\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [395640 2011-01-16] (BitTorrent, Inc.)
HKU\SHARBARI\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-16] (Google Inc.)
HKU\SHARBARI\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet [5252408 2010-05-31] (Yahoo! Inc.)
HKU\SHARBARI\...\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-23] (Yahoo! Inc)
HKU\SHARBARI\...\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme [x]
HKU\SHARBARI\...\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1479680 2010-05-13] (Nokia)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll
Tcpip\..\Interfaces\{7CEE0C2C-1FA1-4527-A85D-65C23D4E06AF}: [NameServer]10.10.0.1,4.2.2.2
Lsa: [Notification Packages] scecli
DPPWDFLT
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk
ShortcutTarget: Kaspersky Security Scan.lnk -> C:\Program Files\Kaspersky Security Scan\KSS.exe ()
Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\SHARBARI\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
================================ Services (Whitelisted) ==================
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\aestsrv.exe [81920 2009-03-03] (Andrea Electronics Corporation)
2 Application Updater; "C:\Program Files\Application Updater\ApplicationUpdater.exe" [785344 2012-05-25] (Spigot, Inc.)
3 Boonty Games; "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" [69120 2010-09-20] (BOONTY)
2 btwdins; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [582944 2009-07-30] (Broadcom Corporation.)
2 DvmMDES; "C:\SPLASH.SYS\config\DVMExportService.exe" [323584 2009-07-08] (DeviceVM, Inc.)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [246520 2010-06-18] (WildTangent, Inc.)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [71168 2010-11-20] (Microsoft Corporation)
2 HP Health Check Service; "C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [120832 2009-10-15] (Hewlett-Packard)
3 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG)
2 RichVideo; "C:\Program Files\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_94cb740f1febe83e\STacSV.exe [221266 2009-10-20] (IDT, Inc.)
2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-12] (Validity Sensors, Inc.)
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
2 Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
========================== Drivers (Whitelisted) =============
1 DVMIO; \??\C:\SPLASH.SYS\config\dvmio.sys [17624 2009-09-29] (DeviceVM, Inc.)
1 ElRawDisk; \??\C:\Windows\system32\drivers\dddsk.sys [22312 2009-02-12] (EldoS Corporation)
0 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [41040 2009-07-13] (Intel Corp./ICP vortex GmbH)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [74112 2012-03-20] (Microsoft Corporation)
3 pccsmcfd; C:\Windows\System32\DRIVERS\pccsmcfd.sys [18816 2008-08-25] (Nokia)
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2011-01-16] (VSO Software)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [150048 2009-11-12] (Realtek Semiconductor Corp.)
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [181792 2009-11-12] (Realtek Semiconductor Corp.)
3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_i386.sys [39808 2007-07-25] ()
3 SrvHsfHDA; C:\Windows\System32\DRIVERS\VSTAZL3.SYS [207360 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfV92; C:\Windows\System32\DRIVERS\VSTDPV3.SYS [980992 2009-07-13] (Conexant Systems, Inc.)
3 SrvHsfWinac; C:\Windows\System32\DRIVERS\VSTCNXT3.SYS [661504 2009-07-13] (Conexant Systems, Inc.)
3 usbser; C:\Windows\system32\drivers\usbser.sys [27648 2010-11-20] (Microsoft Corporation)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8192 2010-12-01] (Nokia)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [311296 2009-07-13] (Marvell)
1 bprrenqy; \??\C:\Windows\system32\drivers\bprrenqy.sys [x]
1 enkcykrx; \??\C:\Windows\system32\drivers\enkcykrx.sys [x]
1 hhtxggve; \??\C:\Windows\system32\drivers\hhtxggve.sys [x]
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [x]
1 tsbohyrq; \??\C:\Windows\system32\drivers\tsbohyrq.sys [x]
1 ttbrkkxa; \??\C:\Windows\system32\drivers\ttbrkkxa.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-13 21:31 - 2012-06-14 11:07 - 00000000 ____D C:\FRST
2012-06-12 12:23 - 2012-06-12 12:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-12 12:06 - 2012-06-13 21:30 - 03241472 ____A C:\Windows\ntbtlog.txt
2012-06-10 08:08 - 2012-06-10 08:08 - 00000000 ____D C:\bc65a29436444c4a565c91f029
2012-06-10 08:00 - 2012-06-10 08:07 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)
2012-06-10 07:42 - 2012-06-10 07:42 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
2012-06-10 07:34 - 2012-06-10 07:35 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
2012-06-10 07:26 - 2012-06-10 07:37 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1
2012-05-22 00:44 - 2012-06-06 21:11 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip
2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Program Files\Yontoo
2012-05-22 00:41 - 2012-05-22 00:41 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-05-22 00:30 - 2012-05-22 00:30 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk
2012-05-22 00:20 - 2012-05-22 00:40 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe
2012-05-22 00:18 - 2012-05-22 00:19 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar
2012-05-22 00:18 - 2012-05-22 00:19 - 00000000 ____D C:\Program Files\Application Updater
2012-05-22 00:18 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\Common Files\Spigot
============ 3 Months Modified Files and Folders ===============
2012-06-14 11:00 - 2010-04-14 04:11 - 00000000 ____D C:\Users\All Users\Recovery
2012-06-13 21:31 - 2011-08-08 10:09 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\FileServe Manager
2012-06-13 21:31 - 2010-05-24 10:02 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\uTorrent
2012-06-13 21:31 - 2010-05-16 04:15 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\DNA
2012-06-13 21:31 - 2010-03-12 02:47 - 00000177 ____H C:\dvmexp.idx
2012-06-13 21:30 - 2012-06-12 12:06 - 03241472 ____A C:\Windows\ntbtlog.txt
2012-06-13 21:30 - 2011-05-05 21:32 - 00056505 ____A C:\Windows\setupact.log
2012-06-13 21:30 - 2010-08-16 09:22 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-13 21:30 - 2010-04-14 04:01 - 00000174 ____A C:\Users\All Users\HPWALog.txt
2012-06-13 21:30 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-12 12:40 - 2010-03-12 02:12 - 01753639 ____A C:\Windows\WindowsUpdate.log
2012-06-12 12:23 - 2012-06-12 12:23 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-12 12:23 - 2011-02-23 04:47 - 00000000 __SHD C:\Config.Msi
2012-06-12 12:23 - 2011-01-31 10:09 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-12 12:23 - 2009-09-06 15:02 - 00722802 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-12 12:21 - 2011-03-01 12:26 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\Orbit
2012-06-12 12:08 - 2012-01-11 08:36 - 00000000 __SHD C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}
2012-06-12 12:07 - 2010-08-16 09:22 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-12 12:06 - 2009-07-13 20:53 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-10 08:08 - 2012-06-10 08:08 - 00000000 ____D C:\bc65a29436444c4a565c91f029
2012-06-10 08:07 - 2012-06-10 08:00 - 00000000 ____D C:\Users\SHARBARI\Downloads\Real Steel (2011)
2012-06-10 08:03 - 2010-04-24 11:12 - 00129024 ____A C:\Users\SHARBARI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-10 07:58 - 2009-12-21 18:10 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-06-10 07:42 - 2012-06-10 07:42 - 00000000 ____D C:\Users\SHARBARI\Downloads\Mission Impossible 4 Ghost Protocol (2011) DVDRip XviD-MAXSPEED
2012-06-10 07:41 - 2011-10-02 07:13 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\vlc
2012-06-10 07:37 - 2012-06-10 07:26 - 00000000 ____D C:\Users\All Users\B7E8586B0023961C01404F54B4EB23C1
2012-06-10 07:35 - 2012-06-10 07:34 - 00000000 ____D C:\Users\SHARBARI\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
2012-06-10 07:33 - 2009-07-13 20:34 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-10 07:33 - 2009-07-13 20:34 - 00021248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-06 21:11 - 2012-05-22 00:44 - 00000000 ____D C:\Users\SHARBARI\AppData\Local\WinZip
2012-06-06 20:25 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
2012-06-06 20:19 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-05-22 00:55 - 2010-04-14 03:57 - 00000000 ____D C:\users\SHARBARI
2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Users\All Users\Tarma Installer
2012-05-22 00:44 - 2012-05-22 00:44 - 00000000 ____D C:\Program Files\Yontoo
2012-05-22 00:43 - 2012-01-23 03:35 - 00000000 ____D C:\Program Files\WinZipBar
2012-05-22 00:43 - 2010-11-25 11:05 - 00000000 ____D C:\Users\All Users\WinZip
2012-05-22 00:41 - 2012-05-22 00:41 - 00002205 ____A C:\Users\Public\Desktop\WinZip.lnk
2012-05-22 00:41 - 2010-04-14 05:59 - 00000000 ____D C:\Program Files\WinZip
2012-05-22 00:40 - 2012-05-22 00:20 - 54314312 ____A C:\Users\SHARBARI\Desktop\winzip160.exe
2012-05-22 00:30 - 2012-05-22 00:30 - 00001229 ____A C:\Users\SHARBARI\Desktop\Play HP Games.lnk
2012-05-22 00:19 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\YouTube Downloader Toolbar
2012-05-22 00:19 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\Application Updater
2012-05-22 00:19 - 2010-04-14 03:57 - 00000000 ____D C:\Users\SHARBARI\AppData\LocalLow
2012-05-22 00:18 - 2012-05-22 00:18 - 00000000 ____D C:\Program Files\Common Files\Spigot
2012-05-22 00:17 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-05-22 00:11 - 2011-07-30 20:42 - 00017020 ____A C:\Windows\PFRO.log
2012-04-26 06:38 - 2011-11-10 08:31 - 55656824 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-22 10:17 - 2009-12-21 19:31 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-04-22 10:12 - 2010-04-15 08:25 - 00000000 ____D C:\Users\SHARBARI\AppData\Roaming\dvdcss
2012-04-22 09:42 - 2009-07-13 20:33 - 00418208 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-30 20:39 - 2012-04-22 10:21 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-03-30 20:39 - 2012-04-22 10:21 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 18:36 - 2012-04-22 10:21 - 02343424 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 02:23 - 2012-04-22 10:22 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-20 07:14 - 2012-03-20 07:14 - 00171064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-03-20 07:14 - 2012-03-20 07:14 - 00074112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys

ZeroAccess:
C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}
C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\@
C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\L
C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\n
C:\Windows\Installer\{59549a40-78be-6076-8cf5-2cd7e244131a}\U
ZeroAccess:
C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}
C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\@
C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\L
C:\Users\SHARBARI\AppData\Local\{59549a40-78be-6076-8cf5-2cd7e244131a}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 27%
Total physical RAM: 1910.84 MB
Available physical RAM: 1378.87 MB
Total Pagefile: 1910.84 MB
Available Pagefile: 1385.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.62 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:142.28 GB) (Free:69.76 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:155.51 GB) (Free:30.88 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: (Recovery14) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
5 Drive h: () (Removable) (Total:1.9 GB) (Free:0.01 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 1024 KB
Disk 1 Online 1953 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 142 GB 200 MB
Partition 0 Extended 155 GB 142 GB
Partition 4 Logical 155 GB 142 GB
Partition 3 Primary 103 MB 297 GB
======================================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 142 GB Healthy
======================================================================================================
Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 155 GB Healthy
======================================================================================================
Disk: 0
Partition 3
Type : 0C
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1952 MB 122 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 1952 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-03-02 10:12
======================= End Of Log ==========================

 

[Broni]

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.