Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

c0000135 the program can't start because %hs is missing from your computer


  • This topic is locked This topic is locked
1 reply to this topic

#1 Thowra

Thowra

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:47 PM

Posted 13 October 2013 - 12:11 PM

My son is using my old HP e9227c computer with Win 7.  He said the computer got hit with the ukash virus.  He followed some instructions that he found on Google for changing the Winlogon thru Regedit.  When Windows failed to start, we chose Launch Startup Repair, then it went to Windows Boot Manager and continued on with that cycle.  We then created and used a Win 7 Repair CD.  Startup Repair couldn't correct any errors nor could we do a system restore.  We then tried Boot Repair Disk.  After it said we should be able to boot up, we came up with the %hs error.  We tried an AVG Rescue CD but it wouldn't recognize the hard drive.  We then went with Kaspersky Rescue 10.  We tried Boot Repair Disk again but still have the %hs error.  We then did a scan with the Farbar Recovery Scan Tool:
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by SYSTEM on MININT-SSGEL9E on 13-10-2013 09:04:33
Running from D:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SwitchBoard] - c:\program files (x86)\common files\adobe\switchboard\switchboard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [StartCCC] - c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Classic Start Menu] - C:\Program Files\Classic Shell\ClassicStartMenu.exe [98304 2011-03-31] (IvoSoft)
HKLM\...\Run: [MSC] - "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Run: [WindowsLiveDeviceIntegrator] - C:\Program Files (x86)\Windows Live\Device Integrator\wldi.exe [245544 2010-09-24] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKU\Collyne\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Collyne\...\Run: [Advanced SystemCare 5] - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe [1647448 2011-11-12] (IObit)
HKU\Collyne\...\Run: [Google Update] - [x]
HKU\Collyne\...\Run: [dalatr] - "C:\Windows\System32\rundll32.exe" "C:\Users\Collyne\AppData\Roaming\dalatr.dll",IgnoreErrors <===== ATTENTION
HKU\Collyne\...\Run: [wepal] - "C:\Windows\System32\rundll32.exe" "C:\Users\Collyne\AppData\Roaming\wepal.dll",write_rows <===== ATTENTION
HKU\Collyne\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_4_402_265_ActiveX.exe [420552 2012-08-27] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
AppInit_DLLs: acaptuser64.dll [119160 2008-06-11] (Adobe Systems, Inc.)
AppInit_DLLs-x32: c:\progra~2\google\google~1\go36f4~1.dll acaptuser32.dll [ ] ()

==================== Services (Whitelisted) =================

S4 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
S4 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [151552 2010-05-25] (Atheros)
S4 FirebirdServerMAGIXInstance; C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)
S4 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-07-30] (Google)
S4 HPBtnSrv; C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [192512 2008-09-30] ()
S3 msiserver_old; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S4 nsService; C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [261256 2010-03-04] (NovaStor)
S4 ReflectService; C:\Program Files\Macrium\Reflect\ReflectService.exe [301024 2010-09-28] ()
S4 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;
S4 RoxMediaDB12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe" [x]
S4 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe" [x]
S4 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\   \...\???\{6a3f89d6-8357-78a8-7618-a6ddc863dde8}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [40464 2007-11-06] (CACE Technologies)
S3 Pcouffin64; C:\Windows\System32\Drivers\pcouffin64a.sys [55136 2010-02-23] (VSO Software)
S3 PSMounter; C:\Windows\system32\drivers\psmounter.sys [39904 2010-09-28] (Macrium Software)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-10-28] (Duplex Secure Ltd.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-10-20] (CyberLink Corp.)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [x]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [x]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [x]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [x]
S3 cpuz132; No ImagePath
S1 kzpvhoib; No ImagePath
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\System32\DRIVERS\atikmpag.sys 1AA6F50A8E7F8413377C979CEF5218A5
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 7D89B0C443F6068E5B27AA3B972069FF
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\atikmdag.sys 21D749E3C8140B16C40A8273FD747899
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 88798B4381FD58FAE2DA07880C177C5C
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ivusb.sys BD5BF20EC242E003A2F570B8754A56D1
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys FC1D590039EF06A381768710E6C07E75
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 8FB3C853E886E1E4D57271672486111C
C:\Windows\System32\drivers\npf.sys 3CEEE0BE85D24D911B9C02714817774C
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
C:\Windows\System32\Drivers\pcouffin64a.sys 8B45FC1EB90119D9EF46B46A89864189
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\psmounter.sys 64FB5893C11C2DBDE8FE656D9DBBB1D5
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rcmirror.sys 96597C96D5ACF4A3EF0B24D396853879
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 763AE0C6D9DF4C24B7E2C26036A8188A
C:\Windows\System32\DRIVERS\Rt64win7.sys AFC12DFA4C7B089673AD67402CA19EDB
C:\Windows\System32\Drivers\Sahdad64.sys 27DB9153D259D632D15483DEEAB799ED
C:\Windows\System32\Drivers\Saibad64.sys F77849D909B90BCACFCF7295AECF299B
C:\Windows\System32\Drivers\SaibVdAd64.sys 704D415290A568F68DE20942DAC23F7E
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys 602884696850C86434530790B110E8EB
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VX3000.sys E13B31E0ADA64CF1513D993F436CA39D
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 74983ADDCA2D9618512C088D856D6615

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 15:20 - 2013-10-11 21:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST
2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-10 06:52 - 2013-10-10 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-06 18:49 - 2013-10-09 18:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-02 06:46 - 2013-10-06 06:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-09-30 18:45 - 2013-10-01 18:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-09-27 18:43 - 2013-09-30 06:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log
2013-09-25 21:11 - 2013-09-25 21:11 - 00389120 _____ (Soft Systems) C:\Users\Collyne\AppData\Roaming\wepal.dll
2013-09-25 21:10 - 2013-09-25 21:11 - 00761856 _____ () C:\Users\Collyne\AppData\Roaming\dalatr.dll
2013-09-15 06:36 - 2013-09-27 06:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887}
2013-09-14 06:35 - 2013-09-14 18:36 - 00000000 ____D C:\Users\Collyne\AppData\Local\{1E1AE8C0-515F-420A-87B5-25815C268AE8}
2013-09-13 06:34 - 2013-09-13 18:35 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3D75E92E-EA51-4F1E-8741-68FDA1887650}
2013-09-13 01:05 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-13 01:05 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-13 01:05 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-13 01:05 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-13 01:05 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-13 01:05 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-13 01:05 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-13 01:05 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-13 01:05 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-13 01:05 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-13 01:05 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-13 01:05 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-13 01:05 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-13 01:05 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2013-10-11 21:09 - 2013-10-11 15:20 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-11 20:35 - 2010-03-30 18:12 - 00000000 ____D C:\Program Files (x86)\Dvd-cloner
2013-10-11 10:16 - 2012-05-12 01:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 10:16 - 2011-01-28 05:35 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-11 10:16 - 2009-12-25 12:52 - 00000000 ____D C:\users\Collyne
2013-10-11 10:16 - 2009-09-10 07:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 10:16 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 10:16 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-11 10:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-10-11 10:14 - 2012-04-24 04:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\Western_Digital
2013-10-11 09:27 - 2013-10-11 09:27 - 00000000 ____D C:\FRST
2013-10-11 02:29 - 2013-10-11 02:29 - 00000000 __SHD C:\$$PendingFiles
2013-10-10 22:50 - 2010-04-22 20:14 - 00000000 ____D C:\Windows\Minidump
2013-10-10 18:52 - 2013-10-10 06:52 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3309D625-556D-452A-95B5-58D1E5943EF7}
2013-10-10 01:33 - 2010-11-05 04:57 - 00000000 ____D C:\Users\Collyne\AppData\Local\Windows Live
2013-10-10 01:07 - 2013-08-14 15:11 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 18:52 - 2013-10-06 18:49 - 00000000 ____D C:\Users\Collyne\AppData\Local\{823E5710-9011-480F-B851-BE68976C3D09}
2013-10-06 06:49 - 2013-10-02 06:46 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B0DF70FB-4073-4BF5-9751-E13BCD02D531}
2013-10-02 00:26 - 2012-04-12 13:35 - 01448758 _____ C:\Windows\WindowsUpdate.log
2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:25 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:20 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-01 20:14 - 2012-04-15 23:32 - 00036774 _____ C:\Windows\setupact.log
2013-10-01 20:14 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 20:13 - 2012-04-27 07:48 - 00008334 _____ C:\Windows\PFRO.log
2013-10-01 20:12 - 2012-03-28 07:41 - 00000000 ____D C:\Users\Collyne\Downloads\Adobe.Photoshop.CS5.1.Extended.v12.1.Keygen.CRACK.2011
2013-10-01 18:46 - 2013-09-30 18:45 - 00000000 ____D C:\Users\Collyne\AppData\Local\{26F686F0-6FBF-4259-9A07-A0E8A0E60E2B}
2013-10-01 18:23 - 2013-03-14 21:42 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-01 18:23 - 2010-02-05 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-01 06:37 - 2010-01-21 10:03 - 00001328 _____ C:\Users\Collyne\AppData\Roaming\wklnhst.dat
2013-10-01 06:24 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-09-30 06:45 - 2013-09-27 18:43 - 00000000 ____D C:\Users\Collyne\AppData\Local\{2FFBAD59-6D0B-4CEC-BB2E-3819D6B3670B}
2013-09-27 17:19 - 2010-08-07 20:42 - 00000000 ____D C:\Program Files\World of Warcraft
2013-09-27 06:43 - 2013-09-15 06:36 - 00000000 ____D C:\Users\Collyne\AppData\Local\{B410DB1A-9A89-4208-85A2-873A5C845887}
2013-09-25 23:47 - 2013-09-25 23:47 - 00013857 _____ C:\Users\Collyne\Desktop\hs_err_pid10224.log
2013-09-25 21:11 - 2013-09-25 21:11 - 00389120 _____ (Soft Systems) C:\Users\Collyne\AppData\Roaming\wepal.dll
2013-09-25 21:11 - 2013-09-25 21:10 - 00761856 _____ () C:\Users\Collyne\AppData\Roaming\dalatr.dll
2013-09-14 18:36 - 2013-09-14 06:35 - 00000000 ____D C:\Users\Collyne\AppData\Local\{1E1AE8C0-515F-420A-87B5-25815C268AE8}
2013-09-13 18:35 - 2013-09-13 06:34 - 00000000 ____D C:\Users\Collyne\AppData\Local\{3D75E92E-EA51-4F1E-8741-68FDA1887650}
2013-09-13 12:59 - 2011-08-22 10:33 - 00000000 ____D C:\Users\Collyne\Documents\Fax
2013-09-13 01:24 - 2009-07-13 20:45 - 05113552 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-13 01:01 - 2009-12-26 23:22 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-767980251-3588343150-394316217-1000\$6a3f89d6835778a87618a6ddc863dde8

Files to move or delete:
====================
ZeroAccess:
C:\Users\Collyne\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install


Some content of TEMP:
====================
C:\Users\Collyne\AppData\Local\Temp\checktbexist.exe
C:\Users\Collyne\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Collyne\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Collyne\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Collyne\AppData\Local\Temp\mconduitinstaller.exe


==================== Known DLLs (Whitelisted) ================

C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!
C:\Windows\SysWOW64\LPK.dll IS MISSING <==== ATTENTION!

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\en-US => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
C:\Program Files\Microsoft Security Client\Antimalware => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

11
Restore point made on: 2013-08-19 01:31:00
Restore point made on: 2013-08-22 21:00:16
Restore point made on: 2013-08-26 11:43:04
Restore point made on: 2013-09-05 23:52:27
Restore point made on: 2013-09-13 01:00:24
Restore point made on: 2013-09-17 00:01:50
Restore point made on: 2013-09-21 00:01:46
Restore point made on: 2013-09-25 00:01:44
Restore point made on: 2013-09-28 17:41:10
Restore point made on: 2013-10-02 00:26:10
Restore point made on: 2013-10-10 01:00:24

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8191.18 MB
Available physical RAM: 7321.7 MB
Total Pagefile: 8189.38 MB
Available Pagefile: 7318.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:918.57 GB) (Free:111.78 GB) NTFS
Drive d: (Lexar) (Removable) (Total:59.69 GB) (Free:59.68 GB) FAT32
Drive f: (FACTORY_IMAGE) (Fixed) (Total:12.84 GB) (Free:2.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 60 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=60 GB) - (Type=0C)


LastRegBack: 2010-10-26 23:37

==================== End Of Log ============================

 

 

I hope this is enough information for someone to start helping me solve this.  Thanks in advance for your help.

 

Thowra



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,415 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:47 AM

Posted 14 October 2013 - 12:45 PM

Hello, because you are already receiving help here, I am closing this topic. 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users