Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by Collyne (administrator) on COLLYNE on 16-10-2013 07:46:33 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Safe Mode (minimal) ==================== Processes (Whitelisted) ================= ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SwitchBoard] - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [StartCCC] - c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-03-31] (IvoSoft) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation) HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation) HKCU\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [1647448 2011-11-12] (IObit) HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe -update activex [420552 2012-08-27] (Adobe Systems Incorporated) MountPoints2: G - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe MountPoints2: K - K:\DigitalPhotoViewer.exe MountPoints2: {92f810ba-5880-11e1-be22-90e6ba585629} - "I:\WD SmartWare.exe" autoplay=true MountPoints2: {ac6f5282-ba0a-11df-b0c4-90e6ba585629} - "K:\WD SmartWare.exe" autoplay=true MountPoints2: {cd22396f-1f53-11e1-92cb-90e6ba585629} - K:\DigitalPhotoViewer.exe MountPoints2: {cdbb2a6e-b6d5-11df-bbce-90e6ba585629} - "K:\WD SmartWare.exe" autoplay=true MountPoints2: {eae00bae-d89e-11e2-8e5d-90e6ba585629} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL G:\start.exe HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] - C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe [245544 2010-09-24] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKU\Default\...\Run: [HPADVISOR] - [x] HKU\Default User\...\Run: [HPADVISOR] - [x] AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.) AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll acaptuser32.dll [ ] () Startup: C:\ProgramData\1912 Titanic Mystery () Startup: C:\ProgramData\1click dvd copy pro () Startup: C:\ProgramData\892808C74E.sys () Startup: C:\ProgramData\Adobe () Startup: C:\ProgramData\Apple () Startup: C:\ProgramData\Apple Computer () Startup: C:\ProgramData\Application Data () Startup: C:\ProgramData\Atheros () Startup: C:\ProgramData\ATI () Startup: C:\ProgramData\Azureus () Startup: C:\ProgramData\azzCardfile () Startup: C:\ProgramData\Battle.net () Startup: C:\ProgramData\Blizzard () Startup: C:\ProgramData\Blizzard Entertainment () Startup: C:\ProgramData\Borland () Startup: C:\ProgramData\Broderbund () Startup: C:\ProgramData\Bureau () Startup: C:\ProgramData\Corel () Startup: C:\ProgramData\CyberLink () Startup: C:\ProgramData\Desktop () Startup: C:\ProgramData\DivX () Startup: C:\ProgramData\Documents () Startup: C:\ProgramData\eSellerate () Startup: C:\ProgramData\ezsidmv.dat () Startup: C:\ProgramData\Favorites () Startup: C:\ProgramData\FileServe Limited () Startup: C:\ProgramData\FLEXnet () Startup: C:\ProgramData\Flood Light Games () Startup: C:\ProgramData\Floodlight Games () Startup: C:\ProgramData\FreeDownloadManager.ORG () Startup: C:\ProgramData\Gogii () Startup: C:\ProgramData\Google () Startup: C:\ProgramData\Hewlett-Packard () Startup: C:\ProgramData\HP () Startup: C:\ProgramData\hpzinstall.log () Startup: C:\ProgramData\InstallShield () Startup: C:\ProgramData\IObit () Startup: C:\ProgramData\iolo () Startup: C:\ProgramData\Karen's Power Tools () Startup: C:\ProgramData\KGyGaAvL.sys () Startup: C:\ProgramData\Macrium () Startup: C:\ProgramData\Macrovision () Startup: C:\ProgramData\MAGIX () Startup: C:\ProgramData\Malwarebytes () Startup: C:\ProgramData\Microsoft () Startup: C:\ProgramData\Microsoft Help () Startup: C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc () Startup: C:\ProgramData\NovaStor () Startup: C:\ProgramData\ParetoLogic () Startup: C:\ProgramData\PC Drivers HeadQuarters () Startup: C:\ProgramData\PC-Doctor for Windows () Startup: C:\ProgramData\PhotoShow Shared Assets () Startup: C:\ProgramData\Recovery () Startup: C:\ProgramData\regid.1986-12.com.adobe () Startup: C:\ProgramData\ScanSoft () Startup: C:\ProgramData\Skype () Startup: C:\ProgramData\SmartSound Software Inc () Startup: C:\ProgramData\Sonic () Startup: C:\ProgramData\SpeedBit () Startup: C:\ProgramData\SpeedyPC Software () Startup: C:\ProgramData\SpinTop Games () Startup: C:\ProgramData\Start Menu () Startup: C:\ProgramData\Success Studios () Startup: C:\ProgramData\Sun () Startup: C:\ProgramData\Systweak () Startup: C:\ProgramData\TechSmith () Startup: C:\ProgramData\Temp () Startup: C:\ProgramData\Templates () Startup: C:\ProgramData\Trymedia () Startup: C:\ProgramData\UAB () Startup: C:\ProgramData\Ulead Systems () Startup: C:\ProgramData\Uninstall () Startup: C:\ProgramData\vsosdk () Startup: C:\ProgramData\W3i () Startup: C:\ProgramData\WD_SmartWareCommon () Startup: C:\ProgramData\WEBREG () Startup: C:\ProgramData\Western Digital () Startup: C:\ProgramData\WildTangent () Startup: C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069} () Startup: C:\ProgramData\{8F1321D3-1EF3-40FC-BDBA-9FC717831E9B} () Startup: C:\ProgramData\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309} () Startup: C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} () Startup: C:\ProgramData\{DA06AA03-DF24-4ECE-939E-1B0939235C66} () Startup: C:\Users\AppData\LocalLow () Startup: C:\Users\Collyne\.businessobjects () Startup: C:\Users\Collyne\AppData () Startup: C:\Users\Collyne\Application Data () Startup: C:\Users\Collyne\bin () Startup: C:\Users\Collyne\Contacts () Startup: C:\Users\Collyne\Daily Files () Startup: C:\Users\Collyne\Desktop () Startup: C:\Users\Collyne\Documents () Startup: C:\Users\Collyne\Downloads () Startup: C:\Users\Collyne\Favorites () Startup: C:\Users\Collyne\g2mdlhlpx.exe () Startup: C:\Users\Collyne\IECompatCache () Startup: C:\Users\Collyne\IETldCache () Startup: C:\Users\Collyne\InstallAnywhere () Startup: C:\Users\Collyne\jre () Startup: C:\Users\Collyne\Library () Startup: C:\Users\Collyne\Links () Startup: C:\Users\Collyne\Music () Startup: C:\Users\Collyne\NetHood () Startup: C:\Users\Collyne\ntuser.dat () Startup: C:\Users\Collyne\ntuser.dat.iobit () Startup: C:\Users\Collyne\ntuser.dat.LOG1 () Startup: C:\Users\Collyne\ntuser.dat.LOG2 () Startup: C:\Users\Collyne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () Startup: C:\Users\Collyne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Collyne\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{4051bf7e-35fd-11e3-b3bd-a18fa6f31224}.TM.blf () Startup: C:\Users\Collyne\ntuser.dat{4051bf7e-35fd-11e3-b3bd-a18fa6f31224}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{4051bf7e-35fd-11e3-b3bd-a18fa6f31224}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Collyne\NTUSER.DAT{5099fe06-e1f3-11df-9e4a-806e6f6e6963}.TM.blf () Startup: C:\Users\Collyne\NTUSER.DAT{5099fe06-e1f3-11df-9e4a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Collyne\NTUSER.DAT{5099fe06-e1f3-11df-9e4a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{80b7ae28-849b-11e1-ae9c-90e6ba585629}.TM.blf () Startup: C:\Users\Collyne\ntuser.dat{80b7ae28-849b-11e1-ae9c-90e6ba585629}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{80b7ae28-849b-11e1-ae9c-90e6ba585629}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Collyne\NTUSER.DAT{a99daf88-deb3-11df-8bfb-806e6f6e6963}.TM.blf () Startup: C:\Users\Collyne\NTUSER.DAT{a99daf88-deb3-11df-8bfb-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Collyne\NTUSER.DAT{a99daf88-deb3-11df-8bfb-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{ae5d837a-8d2f-11e2-91a0-f6c721c37223}.TM.blf () Startup: C:\Users\Collyne\ntuser.dat{ae5d837a-8d2f-11e2-91a0-f6c721c37223}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{ae5d837a-8d2f-11e2-91a0-f6c721c37223}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{d943dcba-b8b5-11e1-8c12-90e6ba585629}.TM.blf () Startup: C:\Users\Collyne\ntuser.dat{d943dcba-b8b5-11e1-8c12-90e6ba585629}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Collyne\ntuser.dat{d943dcba-b8b5-11e1-8c12-90e6ba585629}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Collyne\ntuser.ini () Startup: C:\Users\Collyne\Pictures () Startup: C:\Users\Collyne\PrintHood () Startup: C:\Users\Collyne\PrivacIE () Startup: C:\Users\Collyne\Ranch Manager - Cattle Tutorial.pdf () Startup: C:\Users\Collyne\Ranch Manager - Goat Tutorial.pdf () Startup: C:\Users\Collyne\Ranch Manager - Sheep Tutorial.pdf () Startup: C:\Users\Collyne\RanchManager.ico () Startup: C:\Users\Collyne\Recent () Startup: C:\Users\Collyne\Saved Games () Startup: C:\Users\Collyne\Searches () Startup: C:\Users\Collyne\SendTo () Startup: C:\Users\Collyne\Start Menu () Startup: C:\Users\Collyne\Templates () Startup: C:\Users\Collyne\Tracing () Startup: C:\Users\Collyne\Videos () Startup: C:\Users\Default\AppData () Startup: C:\Users\Default\Application Data () Startup: C:\Users\Default\Cookies () Startup: C:\Users\Default\Desktop () Startup: C:\Users\Default\Documents () Startup: C:\Users\Default\Downloads () Startup: C:\Users\Default\Favorites () Startup: C:\Users\Default\Links () Startup: C:\Users\Default\Local Settings () Startup: C:\Users\Default\Music () Startup: C:\Users\Default\My Documents () Startup: C:\Users\Default\NetHood () Startup: C:\Users\Default\NTUSER.DAT () Startup: C:\Users\Default\NTUSER.DAT.LOG () Startup: C:\Users\Default\NTUSER.DAT.LOG1 () Startup: C:\Users\Default\NTUSER.DAT.LOG2 () Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf () Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms () Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms () Startup: C:\Users\Default\Pictures () Startup: C:\Users\Default\PrintHood () Startup: C:\Users\Default\Recent () Startup: C:\Users\Default\Saved Games () Startup: C:\Users\Default\SendTo () Startup: C:\Users\Default\Start Menu () Startup: C:\Users\Default\Templates () Startup: C:\Users\Default\Videos () Startup: C:\Users\Public\Desktop () Startup: C:\Users\Public\Documents () Startup: C:\Users\Public\Libraries () Startup: C:\Users\Public\Music () Startup: C:\Users\Public\Pictures () Startup: C:\Users\Public\Recorded TV () Startup: C:\Users\Public\Videos () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ SearchScopes: HKLM - DefaultScope {1A9551B7-968E-48EC-8C68-0922C5909BF2} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {7B459405-AC99-4ABB-99B0-7034780B4A22} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd SearchScopes: HKLM-x32 - DefaultScope {1A9551B7-968E-48EC-8C68-0922C5909BF2} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {7B459405-AC99-4ABB-99B0-7034780B4A22} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd SearchScopes: HKCU - {3A40E547-20FD-44a2-94D0-1C98342D1507} URL = http://search.daum.net/search?nil_profile=ie&ref_code=ms&q={searchTerms} SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=_MYze1dZ5KO5tQLEbXIwlU2jaDU?q={searchTerms} SearchScopes: HKCU - {7B459405-AC99-4ABB-99B0-7034780B4A22} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation) BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO-x32: FileServeManager - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited) BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: DivX Plus Web Player HTML5