Welcome aboard! 
This is a new varient of sirefef infection which is tad nasty...
Download OTL to your Desktop.
http://www.geekstogo.com/forum/files/file/398-otl-
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Select All Users
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
netbt.sys
atapi.sys
volsnap.sys
redbook.sys
lsi_sas.sys
lsi_scsi.sys
cdrom*
tcpip.sys
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
CREATERESTOREPOINT
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- attach both logs
NEXT
Download aswmbr.exe ( 1.8mb ) to your desktop.
http://public.avast.com/~gmerek/aswMBR.htm
Double click the aswMBR.exe to run it Click the "Scan" button to start scan.
Click the [Scan] button to start scan
On completion of the scan click [Save log], save it to your desktop and post in your next reply.
Hi malware injected itself into netbt driver.....
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
:FILES C:\WINDOWS\system32\drivers\netbt.sys|C:\WINDOWS\ServicePackFiles\i386\netbt.sys /replace ipconfig /flushdns /c :Commands [purity] [resethosts] [emptytemp] [EMPTYFLASH] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Please attach the log generated after the fix completion.
NEXT
Download ComboFix from the any of the locations given in this website:
- IMPORTANT !!! You need to Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you are still unsure on how to do this, see here
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- If you already have the Recovery Console preinstalled, it will not ask for the following. If it does prompt, allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click Yes, to continue scanning for malware. Please be patient and don't use the PC whilst it is scanning.
When finished, it shall produce a log for you. Please copy & paste the contents of this log (also found at C:\ComboFix.txt) in your next reply at your topic.
Copyright (c) 1989-2012 Trend Micro Incorporated. All rights reserved.
