Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by SYSTEM on MININT-6S62P35 on 15-10-2013 11:41:29 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SwitchBoard] - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [StartCCC] - c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-03-31] (IvoSoft) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation) HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] - C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe [245544 2010-09-24] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKU\Collyne\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKU\Collyne\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [1647448 2011-11-12] (IObit) HKU\Collyne\...\Run: [Google Update] - [x] HKU\Collyne\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe [420552 2012-08-27] (Adobe Systems Incorporated) HKU\Default\...\Run: [HPADVISOR] - [x] HKU\Default User\...\Run: [HPADVISOR] - [x] AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.) AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll acaptuser32.dll [ ] () ==================== Services (Whitelisted) ================= S4 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit) S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-25] (Atheros) S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) S4 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google) S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] () S3 msiserver_old; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation) S4 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-03-04] (NovaStor) S4 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [301024 2010-09-28] () S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; S4 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [x] S4 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [x] S4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\ \...\???\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation) S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies) S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2010-02-23] (VSO Software) S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [39904 2010-09-28] (Macrium Software) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-28] (Duplex Secure Ltd.) S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.) S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.) S3 Andbus; system32\DRIVERS\lgandbus64.sys [x] S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x] S3 AndGps; system32\DRIVERS\lgandgps64.sys [x] S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x] S3 cpuz132; No ImagePath S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899 C:\Windows\System32\DRIVERS\atikmpag.sys 1AA6F50A8E7F8413377C979CEF5218A5 C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys 7D89B0C443F6068E5B27AA3B972069FF C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8 C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361 C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys 88798B4381FD58FAE2DA07880C177C5C C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C C:\Windows\System32\drivers\npf.sys 3CEEE0BE85D24D911B9C02714817774C C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE C:\Windows\System32\Drivers\pcouffin64a.sys 8B45FC1EB90119D9EF46B46A89864189 C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\psmounter.sys 64FB5893C11C2DBDE8FE656D9DBBB1D5 C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1 C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rcmirror.sys 96597C96D5ACF4A3EF0B24D396853879 C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB C:\Windows\System32\Drivers\Sahdad64.sys 27DB9153D259D632D15483DEEAB799ED C:\Windows\System32\Drivers\Saibad64.sys F77849D909B90BCACFCF7295AECF299B C:\Windows\System32\Drivers\SaibVdAd64.sys 704D415290A568F68DE20942DAC23F7E C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29 C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\system32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\VX3000.sys E13B31E0ADA64CF1513D993F436CA39D C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615 c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-15 11:28 - 2012-12-16 09:19 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\LPK.dll 2013-10-15 11:28 - 2012-12-16 08:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll 2013-10-11 15:20 - 2013-10-11 21:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST 2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles 2013-10-10 06:52 - 2013-10-10 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7} 2013-10-06 18:49 - 2013-10-09 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09} 2013-10-02 06:46 - 2013-10-06 06:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531} 2013-09-30 18:45 - 2013-10-01 18:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B} 2013-09-27 18:43 - 2013-09-30 06:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B} 2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log 2013-09-15 06:36 - 2013-09-27 06:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887} ==================== One Month Modified Files and Folders ======= 2013-10-11 21:09 - 2013-10-11 15:20 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-11 20:35 - 2010-03-30 18:12 - 00000000 ____D C:\Program Files (x86)\Dvd-cloner 2013-10-11 10:16 - 2012-05-12 01:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-11 10:16 - 2011-01-28 05:35 - 00000000 ____D C:\Program Files\Microsoft Security Client 2013-10-11 10:16 - 2009-12-25 12:52 - 00000000 ____D C:\users\Collyne 2013-10-11 10:16 - 2009-09-10 07:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-11 10:16 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-10-11 10:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-10-11 10:14 - 2012-04-24 04:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\Western_Digital 2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST 2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles 2013-10-10 22:50 - 2010-04-22 20:14 - 00000000 ____D C:\Windows\Minidump 2013-10-10 18:52 - 2013-10-10 06:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7} 2013-10-10 01:33 - 2010-11-05 04:57 - 00000000 ____D C:\Users\Collyne\AppData\Local\Windows Live 2013-10-10 01:07 - 2013-08-14 15:11 - 00000000 ____D C:\Windows\System32\MRT 2013-10-09 18:52 - 2013-10-06 18:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09} 2013-10-06 06:49 - 2013-10-02 06:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531} 2013-10-02 00:26 - 2012-04-12 13:35 - 01448758 _____ C:\Windows\WindowsUpdate.log 2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-01 20:20 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-01 20:14 - 2012-04-15 23:32 - 00036774 _____ C:\Windows\setupact.log 2013-10-01 20:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-01 20:13 - 2012-04-27 07:48 - 00008334 _____ C:\Windows\PFRO.log 2013-10-01 18:46 - 2013-09-30 18:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B} 2013-10-01 18:23 - 2013-03-14 21:42 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-01 18:23 - 2010-02-05 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-01 06:37 - 2010-01-21 10:03 - 00001328 _____ C:\Users\Collyne\AppData\Roaming\wklnhst.dat 2013-10-01 06:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2013-09-30 06:45 - 2013-09-27 18:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B} 2013-09-27 17:19 - 2010-08-07 20:42 - 00000000 ____D C:\Program Files\World of Warcraft 2013-09-27 06:43 - 2013-09-15 06:36 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887} 2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log Some content of TEMP: ==================== C:\Users\Collyne\AppData\Local\Temp\checktbexist.exe C:\Users\Collyne\AppData\Local\Temp\InstallFlashPlayer.exe C:\Users\Collyne\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\Collyne\AppData\Local\Temp\KMP_3.3.0.33.exe C:\Users\Collyne\AppData\Local\Temp\mconduitinstaller.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 11 Restore point made on: 2013-08-19 01:31:00 Restore point made on: 2013-08-22 21:00:16 Restore point made on: 2013-08-26 11:43:04 Restore point made on: 2013-09-05 23:52:27 Restore point made on: 2013-09-13 01:00:24 Restore point made on: 2013-09-17 00:01:50 Restore point made on: 2013-09-21 00:01:46 Restore point made on: 2013-09-25 00:01:44 Restore point made on: 2013-09-28 17:41:10 Restore point made on: 2013-10-02 00:26:10 Restore point made on: 2013-10-10 01:00:24 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8191.18 MB Available physical RAM: 7330 MB Total Pagefile: 8189.38 MB Available Pagefile: 7328.29 MB Total Virtual: 8192 MB Available Virtual: 8191.89 MB ==================== Drives ================================ Drive c: (HP) (Fixed) (Total:918.57 GB) (Free:111.78 GB) NTFS Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.84 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF Drive h: (Lexar) (Removable) (Total:59.69 GB) (Free:59.68 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 1549F232) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 60 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=60 GB) - (Type=0C) LastRegBack: 2010-10-26 23:37 ==================== End Of Log ============================