[Thowra]

My son is using my old HP e9227c computer with Win 7. He said the computer got hit with the ukash virus. He followed some instructions that he found on Google for changing the Winlogon thru Regedit. When Windows failed to start, we chose Launch Startup Repair, then it went to Windows Boot Manager and continued on with that cycle. We then created and used a Win 7 Repair CD. Startup Repair couldn't correct any errors nor could we do a system restore. We then tried Boot Repair Disk. After it said we should be able to boot up, we came up with the %hs error. We tried an AVG Rescue CD but it wouldn't recognize the hard drive. We then went with Kaspersky Rescue 10. We tried Boot Repair Disk again but still have the %hs error. We then did a scan with the Farbar Recovery Scan Tool. I have attached the results.

Thanks in advance for your help.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-SSGEL9E on 13-10-2013 09:04:33
Running from D:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SwitchBoard] - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-03-31] (IvoSoft)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] - C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe [245544 2010-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\Collyne\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Collyne\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [1647448 2011-11-12] (IObit)
HKU\Collyne\...\Run: [Google Update] - [x]
HKU\Collyne\...\Run: [dalatr] - "C:\Windows\System32\rundll32.exe" "C:\Users\Collyne\AppData\Roaming\dalatr.dll",IgnoreErrors <===== ATTENTION
HKU\Collyne\...\Run: [wepal] - "C:\Windows\System32\rundll32.exe" "C:\Users\Collyne\AppData\Roaming\wepal.dll",write_rows <===== ATTENTION
HKU\Collyne\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe [420552 2012-08-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll acaptuser32.dll [ ] ()

==================== Services (Whitelisted) =================

S4 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-25] (Atheros)
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
S3 msiserver_old; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S4 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-03-04] (NovaStor)
S4 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [301024 2010-09-28] ()
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;
S4 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [x]
S4 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [x]
S4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\ \...\???\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2010-02-23] (VSO Software)
S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [39904 2010-09-28] (Macrium Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-28] (Duplex Secure Ltd.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 cpuz132; No ImagePath
S1 kzpvhoib; No ImagePath
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\System32\DRIVERS\atikmpag.sys 1AA6F50A8E7F8413377C979CEF5218A5
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 7D89B0C443F6068E5B27AA3B972069FF
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 88798B4381FD58FAE2DA07880C177C5C
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\drivers\npf.sys 3CEEE0BE85D24D911B9C02714817774C
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\Drivers\pcouffin64a.sys 8B45FC1EB90119D9EF46B46A89864189
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\psmounter.sys 64FB5893C11C2DBDE8FE656D9DBBB1D5
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rcmirror.sys 96597C96D5ACF4A3EF0B24D396853879
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Windows\System32\Drivers\Sahdad64.sys 27DB9153D259D632D15483DEEAB799ED
C:\Windows\System32\Drivers\Saibad64.sys F77849D909B90BCACFCF7295AECF299B
C:\Windows\System32\Drivers\SaibVdAd64.sys 704D415290A568F68DE20942DAC23F7E
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VX3000.sys E13B31E0ADA64CF1513D993F436CA39D
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 15:20 - 2013-10-11 21:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST
2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-10 06:52 - 2013-10-10 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-06 18:49 - 2013-10-09 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-02 06:46 - 2013-10-06 06:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-09-30 18:45 - 2013-10-01 18:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-09-27 18:43 - 2013-09-30 06:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log
2013-09-25 21:11 - 2013-09-25 21:11 - 00389120 _____ (Soft Systems) C:\Users\Collyne\AppData\Roaming\wepal.dll
2013-09-25 21:10 - 2013-09-25 21:11 - 00761856 _____ () C:\Users\Collyne\AppData\Roaming\dalatr.dll
2013-09-15 06:36 - 2013-09-27 06:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887}
2013-09-14 06:35 - 2013-09-14 18:36 - 00000000 ____D C:\Users\Collyne\AppData\Local\{1E1AE8C0-515F-420A-87B5-25815C268AE8}
2013-09-13 06:34 - 2013-09-13 18:35 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3D75E92E-EA51-4F1E-8741-68FDA1887650}
2013-09-13 01:05 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-13 01:05 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-13 01:05 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-13 01:05 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-13 01:05 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-13 01:05 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-13 01:05 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 01:05 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 01:05 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-13 01:05 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 01:05 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-13 01:05 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2013-10-11 21:09 - 2013-10-11 15:20 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 20:35 - 2010-03-30 18:12 - 00000000 ____D C:\Program Files (x86)\Dvd-cloner
2013-10-11 10:16 - 2012-05-12 01:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 10:16 - 2011-01-28 05:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-11 10:16 - 2009-12-25 12:52 - 00000000 ____D C:\users\Collyne
2013-10-11 10:16 - 2009-09-10 07:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 10:16 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-11 10:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-11 10:14 - 2012-04-24 04:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\Western_Digital
2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST
2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-10 22:50 - 2010-04-22 20:14 - 00000000 ____D C:\Windows\Minidump
2013-10-10 18:52 - 2013-10-10 06:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-10 01:33 - 2010-11-05 04:57 - 00000000 ____D C:\Users\Collyne\AppData\Local\Windows Live
2013-10-10 01:07 - 2013-08-14 15:11 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 18:52 - 2013-10-06 18:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-06 06:49 - 2013-10-02 06:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-10-02 00:26 - 2012-04-12 13:35 - 01448758 _____ C:\Windows\WindowsUpdate.log
2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:20 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-01 20:14 - 2012-04-15 23:32 - 00036774 _____ C:\Windows\setupact.log
2013-10-01 20:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 20:13 - 2012-04-27 07:48 - 00008334 _____ C:\Windows\PFRO.log
2013-10-01 20:12 - 2012-03-28 07:41 - 00000000 ____D C:\Users\Collyne\Downloads\Adobe.Photoshop.CS5.1.Extended.v12.1.Keygen.CRACK.2011
2013-10-01 18:46 - 2013-09-30 18:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-10-01 18:23 - 2013-03-14 21:42 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 18:23 - 2010-02-05 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 06:37 - 2010-01-21 10:03 - 00001328 _____ C:\Users\Collyne\AppData\Roaming\wklnhst.dat
2013-10-01 06:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-09-30 06:45 - 2013-09-27 18:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-27 17:19 - 2010-08-07 20:42 - 00000000 ____D C:\Program Files\World of Warcraft
2013-09-27 06:43 - 2013-09-15 06:36 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887}
2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log
2013-09-25 21:11 - 2013-09-25 21:11 - 00389120 _____ (Soft Systems) C:\Users\Collyne\AppData\Roaming\wepal.dll
2013-09-25 21:11 - 2013-09-25 21:10 - 00761856 _____ () C:\Users\Collyne\AppData\Roaming\dalatr.dll
2013-09-14 18:36 - 2013-09-14 06:35 - 00000000 ____D C:\Users\Collyne\AppData\Local\{1E1AE8C0-515F-420A-87B5-25815C268AE8}
2013-09-13 18:35 - 2013-09-13 06:34 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3D75E92E-EA51-4F1E-8741-68FDA1887650}
2013-09-13 12:59 - 2011-08-22 10:33 - 00000000 ____D C:\Users\Collyne\Documents\Fax
2013-09-13 01:24 - 2009-07-13 20:45 - 05113552 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-13 01:01 - 2009-12-26 23:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-767980251-3588343150-394316217-1000\$6a3f89d6835778a87618a6ddc863dde8

Files to move or delete:
====================
ZeroAccess:
C:\Users\Collyne\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Collyne\AppData\Local\Temp\checktbexist.exe
C:\Users\Collyne\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Collyne\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Collyne\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Collyne\AppData\Local\Temp\mconduitinstaller.exe


==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

11
Restore point made on: 2013-08-19 01:31:00
Restore point made on: 2013-08-22 21:00:16
Restore point made on: 2013-08-26 11:43:04
Restore point made on: 2013-09-05 23:52:27
Restore point made on: 2013-09-13 01:00:24
Restore point made on: 2013-09-17 00:01:50
Restore point made on: 2013-09-21 00:01:46
Restore point made on: 2013-09-25 00:01:44
Restore point made on: 2013-09-28 17:41:10
Restore point made on: 2013-10-02 00:26:10
Restore point made on: 2013-10-10 01:00:24

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8191.18 MB
Available physical RAM: 7321.7 MB
Total Pagefile: 8189.38 MB
Available Pagefile: 7318.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.57 GB) (Free:111.78 GB) NTFS
Drive d: (Lexar) (Removable) (Total:59.69 GB) (Free:59.68 GB) FAT32
Drive f: (FACTORY_IMAGE) (Fixed) (Total:12.84 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 60 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=60 GB) - (Type=0C)


LastRegBack: 2010-10-26 23:37

==================== End Of Log ============================



Thowra

Attached Files

•  FRST.txt   34.25KB   363 downloads

[Advertisements]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

It looks like Ukash brought along some very nasty Zero Access. Let me go over the log and then we'll see if we can get this thing booting.

[Buddierdl]

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

It looks like Ukash brought along some very nasty Zero Access. Let me go over the log and then we'll see if we can get this thing booting.

[Buddierdl]

Let's get started. Please download the attached fixlist.txt to the same flash drive as FRST. Then run FRST again in the same way, except this time select "Fix." Please include the fixlog.txt that will be created on the flash drive in your next reply.

Then try booting the computer. If it boots, please don't use the computer until we do some more cleaning. If it doesn't boot, run FRST again, and this time type LPK.* into the search box. Then press "Search" and include the resulting search.txt in your next reply as well.

Attached Files

•  fixlist.txt   1.3KB   577 downloads

[Thowra]

Thanks Buddierdl.
I used the Win 7 Repair CD and then ran the "fix option" in Farbar Recovery Scan Tool. I tried to reboot but couldn't. I used the Win 7 Repair CD again and ran the "search option" in Farbar. I have uploaded both files for you.

Attached Files

•  Fixlog.txt   2.72KB   387 downloads
•  Search.txt   11.64KB   377 downloads

[Buddierdl]

Okay, this should allow the computer to boot. Please run the attached fix in the same way as before.

If the computer boots after this, please run FRST.exe in normal mode and get a scan for me. Please don't use the computer until we can finish cleaning it up.

Attached Files

•  fixlist.txt   289bytes   487 downloads

[Thowra]

I ran the "fix option" and have attached the file. The computer would not reboot. It just cycles between Windows Error Recovery and Windows Boot Manager. I then ran a "scan option" and attached the file.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-6S62P35 on 15-10-2013 11:41:29
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SwitchBoard] - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-03-31] (IvoSoft)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] - C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe [245544 2010-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\Collyne\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Collyne\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [1647448 2011-11-12] (IObit)
HKU\Collyne\...\Run: [Google Update] - [x]
HKU\Collyne\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe [420552 2012-08-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll acaptuser32.dll [ ] ()

==================== Services (Whitelisted) =================

S4 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-25] (Atheros)
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
S3 msiserver_old; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S4 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-03-04] (NovaStor)
S4 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [301024 2010-09-28] ()
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;
S4 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [x]
S4 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [x]
S4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\ \...\???\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2010-02-23] (VSO Software)
S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [39904 2010-09-28] (Macrium Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-28] (Duplex Secure Ltd.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 cpuz132; No ImagePath
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\System32\DRIVERS\atikmpag.sys 1AA6F50A8E7F8413377C979CEF5218A5
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 7D89B0C443F6068E5B27AA3B972069FF
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 88798B4381FD58FAE2DA07880C177C5C
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\drivers\npf.sys 3CEEE0BE85D24D911B9C02714817774C
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\Drivers\pcouffin64a.sys 8B45FC1EB90119D9EF46B46A89864189
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\psmounter.sys 64FB5893C11C2DBDE8FE656D9DBBB1D5
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rcmirror.sys 96597C96D5ACF4A3EF0B24D396853879
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Windows\System32\Drivers\Sahdad64.sys 27DB9153D259D632D15483DEEAB799ED
C:\Windows\System32\Drivers\Saibad64.sys F77849D909B90BCACFCF7295AECF299B
C:\Windows\System32\Drivers\SaibVdAd64.sys 704D415290A568F68DE20942DAC23F7E
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VX3000.sys E13B31E0ADA64CF1513D993F436CA39D
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 11:28 - 2012-12-16 09:19 - 00041472 _____ (Microsoft Corporation) C:\Windows\System32\LPK.dll
2013-10-15 11:28 - 2012-12-16 08:34 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
2013-10-11 15:20 - 2013-10-11 21:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST
2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-10 06:52 - 2013-10-10 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-06 18:49 - 2013-10-09 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-02 06:46 - 2013-10-06 06:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-09-30 18:45 - 2013-10-01 18:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-09-27 18:43 - 2013-09-30 06:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log
2013-09-15 06:36 - 2013-09-27 06:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887}

==================== One Month Modified Files and Folders =======

2013-10-11 21:09 - 2013-10-11 15:20 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 20:35 - 2010-03-30 18:12 - 00000000 ____D C:\Program Files (x86)\Dvd-cloner
2013-10-11 10:16 - 2012-05-12 01:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 10:16 - 2011-01-28 05:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-11 10:16 - 2009-12-25 12:52 - 00000000 ____D C:\users\Collyne
2013-10-11 10:16 - 2009-09-10 07:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 10:16 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-11 10:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-11 10:14 - 2012-04-24 04:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\Western_Digital
2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST
2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-10 22:50 - 2010-04-22 20:14 - 00000000 ____D C:\Windows\Minidump
2013-10-10 18:52 - 2013-10-10 06:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-10 01:33 - 2010-11-05 04:57 - 00000000 ____D C:\Users\Collyne\AppData\Local\Windows Live
2013-10-10 01:07 - 2013-08-14 15:11 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 18:52 - 2013-10-06 18:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-06 06:49 - 2013-10-02 06:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-10-02 00:26 - 2012-04-12 13:35 - 01448758 _____ C:\Windows\WindowsUpdate.log
2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:20 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-01 20:14 - 2012-04-15 23:32 - 00036774 _____ C:\Windows\setupact.log
2013-10-01 20:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 20:13 - 2012-04-27 07:48 - 00008334 _____ C:\Windows\PFRO.log
2013-10-01 18:46 - 2013-09-30 18:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-10-01 18:23 - 2013-03-14 21:42 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 18:23 - 2010-02-05 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 06:37 - 2010-01-21 10:03 - 00001328 _____ C:\Users\Collyne\AppData\Roaming\wklnhst.dat
2013-10-01 06:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-09-30 06:45 - 2013-09-27 18:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-27 17:19 - 2010-08-07 20:42 - 00000000 ____D C:\Program Files\World of Warcraft
2013-09-27 06:43 - 2013-09-15 06:36 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887}
2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log

Some content of TEMP:
====================
C:\Users\Collyne\AppData\Local\Temp\checktbexist.exe
C:\Users\Collyne\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Collyne\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Collyne\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Collyne\AppData\Local\Temp\mconduitinstaller.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

11
Restore point made on: 2013-08-19 01:31:00
Restore point made on: 2013-08-22 21:00:16
Restore point made on: 2013-08-26 11:43:04
Restore point made on: 2013-09-05 23:52:27
Restore point made on: 2013-09-13 01:00:24
Restore point made on: 2013-09-17 00:01:50
Restore point made on: 2013-09-21 00:01:46
Restore point made on: 2013-09-25 00:01:44
Restore point made on: 2013-09-28 17:41:10
Restore point made on: 2013-10-02 00:26:10
Restore point made on: 2013-10-10 01:00:24

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8191.18 MB
Available physical RAM: 7330 MB
Total Pagefile: 8189.38 MB
Available Pagefile: 7328.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.57 GB) (Free:111.78 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:12.84 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive h: (Lexar) (Removable) (Total:59.69 GB) (Free:59.68 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 60 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=60 GB) - (Type=0C)


LastRegBack: 2010-10-26 23:37

==================== End Of Log ============================

Attached Files

•  Fixlog.txt   1007bytes   363 downloads
•  FRST.txt   28.98KB   345 downloads

[Buddierdl]

Ok, let's try a different fix. Does it still give the same error on boot?

Attached Files

•  fixlist.txt   289bytes   425 downloads

[Thowra]

When Windows starts to load it then goes to Windows Error Recovery and then cycles between it and Windows Boot Manager. If I boot the computer with the Win 7 Repair CD in, then I can get to System Recovery Options. So, it looks like the problem "program can't start because &hs is missing from your computer" is now gone.

[Buddierdl]

Did you try booting after running the fix I just gave you? Can you give me the latest fixlog.txt?

[Thowra]

Sorry about that. Here I had totally missed the fix file you had sent me before. I ran the fix now and have uploaded the file for you. The computer still cycles between Windows Boot Manager and Windows Error Recovery when trying to boot.

Attached Files

•  Fixlog.txt   1021bytes   403 downloads

[Buddierdl]

Let's check the winlogon value by running this fix:  fixlist.txt   191bytes   421 downloads

What happens if you try selecting "Safe Mode" from the Windows Boot Manager?

[Thowra]

I was able to get the Safe Mode option to come up after hitting F8 on reboot. I was able to choose it and Windows opened up.

[Buddierdl]

Great. Can you please run FRST in "Scan" mode from Safe Mode and post the log for me?

[Thowra]

Here is the scan log.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Collyne (administrator) on COLLYNE on 16-10-2013 07:46:33
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SwitchBoard] - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-03-31] (IvoSoft)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [1647448 2011-11-12] (IObit)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe -update activex [420552 2012-08-27] (Adobe Systems Incorporated)
MountPoints2: G - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
MountPoints2: K - K:\DigitalPhotoViewer.exe
MountPoints2: {92f810ba-5880-11e1-be22-90e6ba585629} - "I:\WD SmartWare.exe" autoplay=true
MountPoints2: {ac6f5282-ba0a-11df-b0c4-90e6ba585629} - "K:\WD SmartWare.exe" autoplay=true
MountPoints2: {cd22396f-1f53-11e1-92cb-90e6ba585629} - K:\DigitalPhotoViewer.exe
MountPoints2: {cdbb2a6e-b6d5-11df-bbce-90e6ba585629} - "K:\WD SmartWare.exe" autoplay=true
MountPoints2: {eae00bae-d89e-11e2-8e5d-90e6ba585629} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe
HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] - C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe [245544 2010-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll acaptuser32.dll [ ] ()
Startup: C:\ProgramData\1912 Titanic Mystery ()
Startup: C:\ProgramData\1click dvd copy pro ()
Startup: C:\ProgramData\892808C74E.sys ()
Startup: C:\ProgramData\Adobe ()
Startup: C:\ProgramData\Apple ()
Startup: C:\ProgramData\Apple Computer ()
Startup: C:\ProgramData\Application Data ()
Startup: C:\ProgramData\Atheros ()
Startup: C:\ProgramData\ATI ()
Startup: C:\ProgramData\Azureus ()
Startup: C:\ProgramData\azzCardfile ()
Startup: C:\ProgramData\Battle.net ()
Startup: C:\ProgramData\Blizzard ()
Startup: C:\ProgramData\Blizzard Entertainment ()
Startup: C:\ProgramData\Borland ()
Startup: C:\ProgramData\Broderbund ()
Startup: C:\ProgramData\Bureau ()
Startup: C:\ProgramData\Corel ()
Startup: C:\ProgramData\CyberLink ()
Startup: C:\ProgramData\Desktop ()
Startup: C:\ProgramData\DivX ()
Startup: C:\ProgramData\Documents ()
Startup: C:\ProgramData\eSellerate ()
Startup: C:\ProgramData\ezsidmv.dat ()
Startup: C:\ProgramData\Favorites ()
Startup: C:\ProgramData\FileServe Limited ()
Startup: C:\ProgramData\FLEXnet ()
Startup: C:\ProgramData\Flood Light Games ()
Startup: C:\ProgramData\Floodlight Games ()
Startup: C:\ProgramData\FreeDownloadManager.ORG ()
Startup: C:\ProgramData\Gogii ()
Startup: C:\ProgramData\Google ()
Startup: C:\ProgramData\Hewlett-Packard ()
Startup: C:\ProgramData\HP ()
Startup: C:\ProgramData\hpzinstall.log ()
Startup: C:\ProgramData\InstallShield ()
Startup: C:\ProgramData\IObit ()
Startup: C:\ProgramData\iolo ()
Startup: C:\ProgramData\Karen's Power Tools ()
Startup: C:\ProgramData\KGyGaAvL.sys ()
Startup: C:\ProgramData\Macrium ()
Startup: C:\ProgramData\Macrovision ()
Startup: C:\ProgramData\MAGIX ()
Startup: C:\ProgramData\Malwarebytes ()
Startup: C:\ProgramData\Microsoft ()
Startup: C:\ProgramData\Microsoft Help ()
Startup: C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ()
Startup: C:\ProgramData\NovaStor ()
Startup: C:\ProgramData\ParetoLogic ()
Startup: C:\ProgramData\PC Drivers HeadQuarters ()
Startup: C:\ProgramData\PC-Doctor for Windows ()
Startup: C:\ProgramData\PhotoShow Shared Assets ()
Startup: C:\ProgramData\Recovery ()
Startup: C:\ProgramData\regid.1986-12.com.adobe ()
Startup: C:\ProgramData\ScanSoft ()
Startup: C:\ProgramData\Skype ()
Startup: C:\ProgramData\SmartSound Software Inc ()
Startup: C:\ProgramData\Sonic ()
Startup: C:\ProgramData\SpeedBit ()
Startup: C:\ProgramData\SpeedyPC Software ()
Startup: C:\ProgramData\SpinTop Games ()
Startup: C:\ProgramData\Start Menu ()
Startup: C:\ProgramData\Success Studios ()
Startup: C:\ProgramData\Sun ()
Startup: C:\ProgramData\Systweak ()
Startup: C:\ProgramData\TechSmith ()
Startup: C:\ProgramData\Temp ()
Startup: C:\ProgramData\Templates ()
Startup: C:\ProgramData\Trymedia ()
Startup: C:\ProgramData\UAB ()
Startup: C:\ProgramData\Ulead Systems ()
Startup: C:\ProgramData\Uninstall ()
Startup: C:\ProgramData\vsosdk ()
Startup: C:\ProgramData\W3i ()
Startup: C:\ProgramData\WD_SmartWareCommon ()
Startup: C:\ProgramData\WEBREG ()
Startup: C:\ProgramData\Western Digital ()
Startup: C:\ProgramData\WildTangent ()
Startup: C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069} ()
Startup: C:\ProgramData\{8F1321D3-1EF3-40FC-BDBA-9FC717831E9B} ()
Startup: C:\ProgramData\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309} ()
Startup: C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} ()
Startup: C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66} ()
Startup: C:\Users\AppData\LocalLow ()
Startup: C:\Users\Collyne\.businessobjects ()
Startup: C:\Users\Collyne\AppData ()
Startup: C:\Users\Collyne\Application Data ()
Startup: C:\Users\Collyne\bin ()
Startup: C:\Users\Collyne\Contacts ()
Startup: C:\Users\Collyne\Daily Files ()
Startup: C:\Users\Collyne\Desktop ()
Startup: C:\Users\Collyne\Documents ()
Startup: C:\Users\Collyne\Downloads ()
Startup: C:\Users\Collyne\Favorites ()
Startup: C:\Users\Collyne\g2mdlhlpx.exe ()
Startup: C:\Users\Collyne\IECompatCache ()
Startup: C:\Users\Collyne\IETldCache ()
Startup: C:\Users\Collyne\InstallAnywhere ()
Startup: C:\Users\Collyne\jre ()
Startup: C:\Users\Collyne\Library ()
Startup: C:\Users\Collyne\Links ()
Startup: C:\Users\Collyne\Music ()
Startup: C:\Users\Collyne\NetHood ()
Startup: C:\Users\Collyne\ntuser.dat ()
Startup: C:\Users\Collyne\ntuser.dat.iobit ()
Startup: C:\Users\Collyne\ntuser.dat.LOG1 ()
Startup: C:\Users\Collyne\ntuser.dat.LOG2 ()
Startup: C:\Users\Collyne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
Startup: C:\Users\Collyne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Collyne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{4051bf7e-35fd-11e3-b3bd-a18fa6f31224}.TM.blf ()
Startup: C:\Users\Collyne\ntuser.dat{4051bf7e-35fd-11e3-b3bd-a18fa6f31224}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{4051bf7e-35fd-11e3-b3bd-a18fa6f31224}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Collyne\NTUSER.DAT{5099fe06-e1f3-11df-9e4a-806e6f6e6963}.TM.blf ()
Startup: C:\Users\Collyne\NTUSER.DAT{5099fe06-e1f3-11df-9e4a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Collyne\NTUSER.DAT{5099fe06-e1f3-11df-9e4a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{80b7ae28-849b-11e1-ae9c-90e6ba585629}.TM.blf ()
Startup: C:\Users\Collyne\ntuser.dat{80b7ae28-849b-11e1-ae9c-90e6ba585629}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{80b7ae28-849b-11e1-ae9c-90e6ba585629}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Collyne\NTUSER.DAT{a99daf88-deb3-11df-8bfb-806e6f6e6963}.TM.blf ()
Startup: C:\Users\Collyne\NTUSER.DAT{a99daf88-deb3-11df-8bfb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Collyne\NTUSER.DAT{a99daf88-deb3-11df-8bfb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{ae5d837a-8d2f-11e2-91a0-f6c721c37223}.TM.blf ()
Startup: C:\Users\Collyne\ntuser.dat{ae5d837a-8d2f-11e2-91a0-f6c721c37223}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{ae5d837a-8d2f-11e2-91a0-f6c721c37223}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{d943dcba-b8b5-11e1-8c12-90e6ba585629}.TM.blf ()
Startup: C:\Users\Collyne\ntuser.dat{d943dcba-b8b5-11e1-8c12-90e6ba585629}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.dat{d943dcba-b8b5-11e1-8c12-90e6ba585629}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Collyne\ntuser.ini ()
Startup: C:\Users\Collyne\Pictures ()
Startup: C:\Users\Collyne\PrintHood ()
Startup: C:\Users\Collyne\PrivacIE ()
Startup: C:\Users\Collyne\Ranch Manager - Cattle Tutorial.pdf ()
Startup: C:\Users\Collyne\Ranch Manager - Goat Tutorial.pdf ()
Startup: C:\Users\Collyne\Ranch Manager - Sheep Tutorial.pdf ()
Startup: C:\Users\Collyne\RanchManager.ico ()
Startup: C:\Users\Collyne\Recent ()
Startup: C:\Users\Collyne\Saved Games ()
Startup: C:\Users\Collyne\Searches ()
Startup: C:\Users\Collyne\SendTo ()
Startup: C:\Users\Collyne\Start Menu ()
Startup: C:\Users\Collyne\Templates ()
Startup: C:\Users\Collyne\Tracing ()
Startup: C:\Users\Collyne\Videos ()
Startup: C:\Users\Default\AppData ()
Startup: C:\Users\Default\Application Data ()
Startup: C:\Users\Default\Cookies ()
Startup: C:\Users\Default\Desktop ()
Startup: C:\Users\Default\Documents ()
Startup: C:\Users\Default\Downloads ()
Startup: C:\Users\Default\Favorites ()
Startup: C:\Users\Default\Links ()
Startup: C:\Users\Default\Local Settings ()
Startup: C:\Users\Default\Music ()
Startup: C:\Users\Default\My Documents ()
Startup: C:\Users\Default\NetHood ()
Startup: C:\Users\Default\NTUSER.DAT ()
Startup: C:\Users\Default\NTUSER.DAT.LOG ()
Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
Startup: C:\Users\Default\Pictures ()
Startup: C:\Users\Default\PrintHood ()
Startup: C:\Users\Default\Recent ()
Startup: C:\Users\Default\Saved Games ()
Startup: C:\Users\Default\SendTo ()
Startup: C:\Users\Default\Start Menu ()
Startup: C:\Users\Default\Templates ()
Startup: C:\Users\Default\Videos ()
Startup: C:\Users\Public\Desktop ()
Startup: C:\Users\Public\Documents ()
Startup: C:\Users\Public\Libraries ()
Startup: C:\Users\Public\Music ()
Startup: C:\Users\Public\Pictures ()
Startup: C:\Users\Public\Recorded TV ()
Startup: C:\Users\Public\Videos ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
SearchScopes: HKLM - DefaultScope {1A9551B7-968E-48EC-8C68-0922C5909BF2} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {7B459405-AC99-4ABB-99B0-7034780B4A22} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKLM-x32 - DefaultScope {1A9551B7-968E-48EC-8C68-0922C5909BF2} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {7B459405-AC99-4ABB-99B0-7034780B4A22} URL = http://www.ask.com/w...}&l=dis&o=cahpd
SearchScopes: HKCU - {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.n...q={searchTerms}
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
SearchScopes: HKCU - {7B459405-AC99-4ABB-99B0-7034780B4A22} URL = http://www.ask.com/w...}&l=dis&o=cahpd
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\RanchManagerEquine\jre\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - No File
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
Toolbar: HKCU - No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB
Handler: grooveLocalGWS - No CLSID Value -
Handler-x32: grooveLocalGWS - No CLSID Value -
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ]
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9-x64 01 C:\Windows\system32\iavlsp64.dll [160256] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\iavlsp64.dll [160256] ()
Winsock: Catalog9-x64 13 C:\Windows\system32\iavlsp64.dll [160256] ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default
FF user.js: detected! => C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\user.js
FF DefaultSearchEngine: Search
FF Homepage: www.google.ca
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.732 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF SearchPlugin: C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\searchplugins\web-search-flylady.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
FF Extension: FLYLADY - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\[email protected]
FF Extension: Conduit Engine - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\[email protected]
FF Extension: Personas - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
FF Extension: Addons Engine - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\{071777e6-266a-11e3-8277-b8ac6f996f26}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: No Name - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
FF Extension: No Name - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF Extension: DownloadHelper - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Adblock Plus - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF Extension: fdm_ffext - C:\Users\Collyne\AppData\Roaming\Mozilla\Firefox\Profiles\gpgv2iyu.default\Extensions\[email protected]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}] - C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF Extension: FileServe Manager - C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}
FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF Extension: No Name - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKCU\...\Firefox\Extensions: [{1266764D-FC4F-4FA7-B63B-884D53B1680F}] - C:\Users\Collyne\AppData\Roaming\NetAssistant\
FF Extension: Freeze.com NetAssistant - C:\Users\Collyne\AppData\Roaming\NetAssistant\

==================== Services (Whitelisted) =================

S4 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-25] (Atheros)
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
S3 msiserver_old; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S4 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-03-04] (NovaStor)
S4 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [301024 2010-09-28] ()
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;
S4 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [x]
S4 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [x]
U4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\ \...\???\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2010-02-23] (VSO Software)
S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [39904 2010-09-28] (Macrium Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-28] (Duplex Secure Ltd.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 cpuz132; No ImagePath
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\System32\DRIVERS\atikmpag.sys 1AA6F50A8E7F8413377C979CEF5218A5
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 7D89B0C443F6068E5B27AA3B972069FF
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 88798B4381FD58FAE2DA07880C177C5C
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\drivers\npf.sys 3CEEE0BE85D24D911B9C02714817774C
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\Drivers\pcouffin64a.sys 8B45FC1EB90119D9EF46B46A89864189
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\psmounter.sys 64FB5893C11C2DBDE8FE656D9DBBB1D5
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rcmirror.sys 96597C96D5ACF4A3EF0B24D396853879
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Windows\System32\Drivers\Sahdad64.sys 27DB9153D259D632D15483DEEAB799ED
C:\Windows\System32\Drivers\Saibad64.sys F77849D909B90BCACFCF7295AECF299B
C:\Windows\System32\Drivers\SaibVdAd64.sys 704D415290A568F68DE20942DAC23F7E
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VX3000.sys E13B31E0ADA64CF1513D993F436CA39D
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-15 13:28 - 2009-07-13 19:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\LPK.dll
2013-10-15 13:28 - 2009-07-13 19:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
2013-10-11 17:20 - 2013-10-11 23:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 11:27 - 2013-10-11 11:27 - 00000000 ____D C:\FRST
2013-10-11 04:29 - 2013-10-11 04:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-10 08:52 - 2013-10-10 20:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-06 20:49 - 2013-10-09 20:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-02 08:46 - 2013-10-06 08:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-09-30 20:45 - 2013-10-01 20:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-09-27 20:43 - 2013-09-30 08:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-26 01:47 - 2013-09-26 01:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log

==================== One Month Modified Files and Folders =======

2013-10-16 07:44 - 2012-04-12 15:35 - 01454150 _____ C:\Windows\WindowsUpdate.log
2013-10-15 18:57 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-15 18:53 - 2009-12-25 14:52 - 00000000 ____D C:\Users\Collyne
2013-10-11 23:09 - 2013-10-11 17:20 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 22:35 - 2010-03-30 20:12 - 00000000 ____D C:\Program Files (x86)\Dvd-cloner
2013-10-11 12:16 - 2012-05-12 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 12:16 - 2011-01-28 07:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-11 12:16 - 2009-09-10 09:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 12:16 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-11 12:16 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 12:16 - 2009-07-13 21:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-11 12:15 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-10-11 12:14 - 2012-04-24 06:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\Western_Digital
2013-10-11 11:27 - 2013-10-11 11:27 - 00000000 ____D C:\FRST
2013-10-11 04:29 - 2013-10-11 04:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-11 00:50 - 2010-04-22 22:14 - 00000000 ____D C:\Windows\Minidump
2013-10-10 20:52 - 2013-10-10 08:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-10 03:33 - 2010-11-05 06:57 - 00000000 ____D C:\Users\Collyne\AppData\Local\Windows Live
2013-10-10 03:07 - 2013-08-14 17:11 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 20:52 - 2013-10-06 20:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-06 08:49 - 2013-10-02 08:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-10-01 22:25 - 2009-07-13 22:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 22:25 - 2009-07-13 22:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 22:14 - 2012-04-16 01:32 - 00036774 _____ C:\Windows\setupact.log
2013-10-01 22:14 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 22:13 - 2012-04-27 09:48 - 00008334 _____ C:\Windows\PFRO.log
2013-10-01 20:46 - 2013-09-30 20:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-10-01 20:23 - 2013-03-14 23:42 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 20:23 - 2010-02-05 16:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 08:37 - 2010-01-21 12:03 - 00001328 _____ C:\Users\Collyne\AppData\Roaming\wklnhst.dat
2013-10-01 08:24 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-30 08:45 - 2013-09-27 20:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-27 19:19 - 2010-08-07 22:42 - 00000000 ____D C:\Program Files\World of Warcraft
2013-09-27 08:43 - 2013-09-15 08:36 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887}
2013-09-26 01:47 - 2013-09-26 01:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log

Some content of TEMP:
====================
C:\Users\Collyne\AppData\Local\Temp\checktbexist.exe
C:\Users\Collyne\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Collyne\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Collyne\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Collyne\AppData\Local\Temp\mconduitinstaller.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2010-10-27 01:37

==================== End Of Log ============================

Attached Files

•  FRST.txt   48.51KB   332 downloads

[Buddierdl]

Sorry for the delay. I am really busy today and I might not be able to get the next steps for you until tomorrow.