Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

black screen mouse problem


  • This topic is locked This topic is locked
6 replies to this topic

#1 honnybee7

honnybee7

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 10 March 2016 - 02:57 AM

Hello this past week I have been locked out my labtop everytime the windows login screen should come up I see a black screen with mouse, I have tried all options to get in, safe mode doesn't work all advanced options can't help me, I can't use restore points in other threads informed me when its that serious it might be a virus someone adviced me to use the Kaspersky rescue disk 10 it wouldn't let me scan because of database corruption, I did startup repair it said boot configuration corruption,when opening task mangaer through command prompt it shows that explorer.exe isn't there, I'm sure this is virus related and might be the zeroaccess virus, when I tried to use the window defender offline it couldn't scan because it needed to do an update and it couldn't do that because it didn't let it connect to the internet, I tried using frst I think the steps is you scan it, it saves a notepad file to flashdrive you rename it fixlist.txt  and restart your computer and click fix, but when I do it it says warning you don't know what your doing and gets out, and I tried accessing kaspersky tdsskiller through  command prompt, but said I need something to access it from command prompt from recover options window. The only ways I can do anything to the computer is through command prompt on recover options and downloading a bootable usb. I know this issue is fixable by getting to the virus its just making it real difficult getting to it, I really need a program that I can access my computer through bootable usb or through command prompts from recover options to get rid of the zero access virus.

 

Heres the scan I got from frst

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SYSTEM on MININT-9HARCDA (09-03-2016 23:04:51)
Running from g:\
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9636896 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-16] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-17] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c\n. <==== ATTENTION
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKU\Default\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\Default User\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\owner\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-14] (Google Inc.)
HKU\owner\...\Run: [Google Update**.d<*>] => "C:\Users\owner\AppData\Local\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\owner\...\Run: [Google Update] => C:\Users\owner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc.)
HKU\owner\...\Run: [pronto] => C:\Program Files (x86)\Blackboard\Blackboard IM\blackboardim.exe [23053400 2012-07-06] ()
HKU\owner\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\TEMP\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-01-14]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-01-14]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2012-08-26]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2010-04-17]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-10] (AVAST Software)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2015-04-05] (Lavasoft Limited)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [257936 2010-08-12] (Sony Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-10-15] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-10-15] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\   \...\ﯹ๛\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-10] (AVAST Software)
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-02-10] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-10] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-10] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-10] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-10] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-10] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 Lavasoft Kernexplorer; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-11-20] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 ecxncijc; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S3 epmnvwyv; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S2 MSSQL$DDNI; no ImagePath
S2 Oasis2Service; no ImagePath

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\Apfiltr.sys 1661F9C9E4B0049FA0A5E30264375A87
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\system32\drivers\aswHwid.sys 7E66DFE6B62C6C34FD6B09DB6169E9F6
C:\Windows\system32\drivers\aswKbd.sys AECE9E699CAC76DC993BB988652B5AD8
C:\Windows\system32\drivers\aswMonFlt.sys 259ABA699202DCE45815128D7BEAE41E
C:\Windows\system32\drivers\aswRdr2.sys 0866D5FE02D614501B7B4AD5E1BC7B53
C:\Windows\System32\Drivers\aswRvrt.sys 0AA12ADF5F87B4A70BDBAED77F54B978
C:\Windows\system32\drivers\aswSnx.sys C445C4459ADC7A04E02D4646980515FC
C:\Windows\system32\drivers\aswSP.sys 43F46E7D103F46EC345B1056BDD2A60B
C:\Windows\system32\drivers\aswStm.sys 219D0E2348629FAE4E6E3478C21B23D6
C:\Windows\System32\Drivers\aswVmm.sys 9949BBD5BB70C4D317B7549896132579
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 0ACC06FCF46F64ED4F11E57EE461C1F4
C:\Windows\System32\DRIVERS\atikmdag.sys 89A3D56CE4044F35B9D08DD37193BBFC
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btusbflt.sys 6E04458E98DAF28826482E41A7A62DF5
C:\Windows\System32\drivers\btwaudio.sys 4BDBDB86ABBA924E029FB2683BE7C505
C:\Windows\system32\drivers\btwavdt.sys 5C849BD7C78791C5CEE9F4651D7FE38D
C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975
C:\Windows\system32\drivers\btwrchid.sys 3E1991AFA851A36DC978B0A1B0535C8B
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys 073A606333B6F7BBF20AA856DF7F0997
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 31D1AFF484D8A0906CF8D44251EC390F
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys 36FDF367A1DABFF903E2214023D71368
C:\Windows\System32\drivers\RTKVHD64.sys 0F144E5F46CB9043004B5E84AA4BCA6A
C:\Windows\System32\DRIVERS\IntcDAud.sys 408B401CD7CDB075C7470B0FF7BA8D0B
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
\??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys 9A7FA6371F68335FD3C3D6488BC5A9F8
C:\Windows\System32\DRIVERS\Lbd.sys C8B3131857931AE76798A741CC52B021
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys AED797CCA02783296C68AA10D0CFF8A9
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\system32\drivers\rimssne64.sys 5CA4ABD888B602551B59BAA26941C167
C:\Windows\system32\drivers\risdsne64.sys BB6E138AEB351728959DA5E2731D8140
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\SFEP.sys 70F9C476B62DE4F2823E918A6C181ADE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:06 - 2016-03-07 12:37 - 00001922 _____ C:\ProgramData\Desktop\Avast Free Antivirus.lnk
2016-02-28 03:04 - 2016-02-10 02:32 - 00398152 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2016-02-20 17:46 - 2016-03-03 14:55 - 00003622 _____ C:\Windows\System32\Tasks\Ad-Aware Update (Weekly)
2016-02-19 04:39 - 2016-02-19 04:39 - 00024995 _____ C:\Windows\RGID673.tmp
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-03-07 12:37 - 00001037 _____ C:\ProgramData\Desktop\Avast SafeZone Browser.lnk
2016-02-11 02:49 - 2016-02-28 03:06 - 00003052 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1455187739
2016-02-10 02:33 - 2016-02-10 02:31 - 00037144 _____ (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2016-02-10 02:32 - 2016-02-10 02:32 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-02-10 02:31 - 2016-02-10 02:31 - 00478128 _____ (AVAST Software) C:\Windows\System32\Drivers\aswNdisFlt.sys
2016-02-03 21:43 - 2016-02-03 21:44 - 02600244 _____ C:\Users\owner\Downloads\Ch 5 Version 2(2).pptx
2016-01-18 21:47 - 2016-01-18 21:47 - 00024995 _____ C:\Windows\RGI43C4.tmp
2016-01-17 00:40 - 2016-03-07 12:41 - 00044119 _____ C:\Users\owner\Documents\parking.pdf
2016-01-17 00:38 - 2016-01-17 00:38 - 00042858 _____ C:\Users\owner\Downloads\document.pdf
2015-12-26 04:46 - 2015-12-26 22:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-22 00:53 - 2015-12-22 00:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-15 05:02 - 2015-12-15 05:02 - 00024995 _____ C:\Windows\RGI70D2.tmp
2016-03-07 12:41 - 00023900 _____ C:\Users\owner\Documents\Fin-423-Exit Survey Fall 2015.docx
2015-12-11 05:17 - 2015-12-11 05:17 - 00000162 ____H C:\Users\owner\Documents\~$n-423-Exit Survey Fall 2015.docx
2015-12-10 23:49 - 2015-12-10 23:49 - 00479920 _____ C:\Windows\System32\s000005.dat

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-08 01:05 - 2010-04-10 15:10 - 00000000 ____D C:\users\owner
2016-03-08 00:03 - 2010-06-27 14:12 - 06503870 _____ C:\Windows\ntbtlog.txt
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\Users\Public\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-11-20 16:23 - 00001060 _____ C:\ProgramData\Desktop\Ad-Aware.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2011-08-30 15:56 - 00001147 _____ C:\ProgramData\Desktop\Mozilla Firefox.lnk
2016-03-07 12:37 - 2010-04-10 15:10 - 00000020 ___SH C:\Users\owner\ntuser.ini
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\Users\Public\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:37 - 2010-01-14 05:35 - 00001031 _____ C:\ProgramData\Desktop\Best Buy Software Installer.lnk
2016-03-07 12:36 - 2015-11-02 02:28 - 00000383 _____ C:\ftconfig.ini
2016-03-07 12:36 - 2012-11-17 18:44 - 00000009 _____ C:\END
2016-03-07 12:36 - 2012-03-24 00:25 - 00000237 _____ C:\user.js
2016-03-07 12:36 - 2012-02-16 07:37 - 00000510 _____ C:\settings.ini
2016-03-07 12:36 - 2011-08-11 19:52 - 00002688 _____ C:\{75A1F188-D10C-47C6-BC9B-90D81BBCE53C}
2016-03-07 12:36 - 2010-06-20 14:53 - 00302997 _____ C:\test.xml
2016-03-07 12:36 - 2009-12-15 11:53 - 00003872 ____H C:\version
2016-03-07 12:36 - 2009-01-21 21:40 - 00000073 ____H C:\splash.idx
2016-03-07 12:36 - 2007-11-07 07:53 - 00242176 _____ C:\VC_RED.MSI
2016-03-07 12:36 - 2007-11-07 07:50 - 01927956 _____ C:\VC_RED.cab
2016-03-07 12:36 - 2007-11-07 07:44 - 00855040 _____ (Microsoft Corporation) C:\install.exe
2016-03-07 12:36 - 2007-11-07 07:44 - 00096272 _____ (Microsoft Corporation) C:\install.res.1036.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.3082.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00095248 _____ (Microsoft Corporation) C:\install.res.1031.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00094224 _____ (Microsoft Corporation) C:\install.res.1040.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00090128 _____ (Microsoft Corporation) C:\install.res.1033.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00080400 _____ (Microsoft Corporation) C:\install.res.1041.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00078864 _____ (Microsoft Corporation) C:\install.res.1042.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00075280 _____ (Microsoft Corporation) C:\install.res.1028.dll
2016-03-07 12:36 - 2007-11-07 07:44 - 00074768 _____ (Microsoft Corporation) C:\install.res.2052.dll
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.3082.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.2052.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1042.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1040.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1036.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1031.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00017734 _____ C:\eula.1028.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00010134 _____ C:\eula.1033.txt
2016-03-07 12:36 - 2007-11-07 07:00 - 00005686 _____ C:\vcredist.bmp
2016-03-07 12:36 - 2007-11-07 07:00 - 00001110 _____ C:\globdata.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000843 _____ C:\install.ini
2016-03-07 12:36 - 2007-11-07 07:00 - 00000118 _____ C:\eula.1041.txt
2016-02-12 21:50 - 2015-11-12 05:30 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-10 02:35 - 2014-04-15 22:43 - 00287016 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2016-02-10 02:32 - 2014-04-24 22:10 - 00037656 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00165344 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00107792 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00103064 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2016-02-10 02:32 - 2014-04-15 22:43 - 00074544 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2016-02-10 02:32 - 2014-04-15 22:40 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-10 02:31 - 2014-04-15 22:43 - 01065720 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2016-02-10 02:31 - 2014-04-15 22:42 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-10 01:26 - 2012-05-08 04:26 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 01:26 - 2012-05-08 04:26 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 01:26 - 2011-11-20 15:20 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Users\owner\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1798455190-986609235-2888039337-1001\$70fcdb70c5b8d46645f03adef7c0c75c

==================== Known DLLs (Whitelisted) =========================

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE Association (Whitelisted) =============

==================== Restore Points =========================

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {default}
resumeobject            {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
noerrordisplay          No
custom:26000025         Yes

Windows Boot Loader
-------------------
identifier              {7a82d5b3-7634-11e1-8e2d-bce9bfac6809}
device                  locate=\windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
path                    \windows\system32\winload.exe
description             Microsoft Windows
locale                  en-us
loadoptions             DDISABLE_INTEGRITY_CHECKS
inherit                 {bootloadersettings}
nointegritychecks       Yes
custom:17000077         352321653
osdevice                locate=\windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
systemroot              \windows
custom:22000005         \windows\{bd2ab1c0-2289-472b-a7ff-1ae5d1f2ab81}
resumeobject            {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
nx                      OptIn
pae                     Default
driverloadfailurepolicy UseErrorControl
custom:250000c2         1
detecthal               Yes
nocrashautoreboot       Yes
uselegacyapicmode       Yes

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium (recovered)
locale                  en-US
recoverysequence        {ae696999-e5d7-11e5-881e-931eb9452383}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows

Windows Boot Loader
-------------------
identifier              {ae696999-e5d7-11e5-881e-931eb9452383}
device                  ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{ae69699a-e5d7-11e5-881e-931eb9452383}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                 
osdevice                ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{ae69699a-e5d7-11e5-881e-931eb9452383}
systemroot              \windows
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
device                  locate=unknown
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-us
inherit                 {resumeloadersettings}
custom:17000077         352321653
filedevice              partition=C:
filepath                \hiberfil.sys
custom:25000008         1
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-us
inherit                 {globalsettings}
badmemoryaccess         Yes
custom:17000077         352321653

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ae69699a-e5d7-11e5-881e-931eb9452383}
ramdisksdidevice        partition=E:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3758.1 MB
Available physical RAM: 3042.57 MB
Total Virtual: 3756.25 MB
Available Virtual: 3039.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:289.23 GB) (Free:119.45 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:8.77 GB) (Free:0.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ROS_SysRec7_64) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive g: (USB20FD) (Removable) (Total:14.84 GB) (Free:14.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5BC53D8B)
Partition 1: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=289.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)

LastRegBack: 2016-03-03 04:26

==================== End of FRST.txt ============================


Edited by hamluis, 10 March 2016 - 01:59 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 11 March 2016 - 10:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Windows\system64

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c\n. <==== ATTENTION
HKU\owner\...\Run: [Google Update**.d<*>] => "C:\Users\owner\AppData\Local\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\???\???\??\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\   \...\??\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
S3 ecxncijc; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S3 epmnvwyv; \??\C:\Windows\system32\drivers\ngiodriver_x64 [X]
S2 MSSQL$DDNI; no ImagePath
S2 Oasis2Service; no ImagePath
C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c\n.
C:\Program Files (x86)\Google\Desktop\Install\{70fcdb70-c5b8-d466-45f0-3adef7c0c75c}
C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
C:\Users\owner\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
C:\$Recycle.Bin\S-1-5-18\$70fcdb70c5b8d46645f03adef7c0c75c
C:\$Recycle.Bin\S-1-5-21-1798455190-986609235-2888039337-1001\$70fcdb70c5b8d46645f03adef7c0c75c

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run this tool before posting the logs.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please let me know what problem persists with this computer.

p.s.
I also need to see the Addition.txt file that was created by the Farbar tool.
Please attach it to your next reply.

#3 honnybee7

honnybee7
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:11 PM

Posted 12 March 2016 - 06:34 PM

Hello Nasdaq, heres the frst, I've been working on getting this issue resolved on a separate site forum, the individual that was helping me was able to get rid of the zero access virus, but I still have the blackscreen, when I open task manager from command prompt, explorer.exe is missing.
 
I think this forum is addressing how to resolve my issue
 
http://www.tomshardware.com/forum/86497-45-windows-find-explorer
 
but I'm not really sure how about going about this. Other options I've read on the Internet to fix the issue I can also specifically restore the registry.

I bought roguekiller premium and downloaded rofuekullercmd I'm confused on how to use the command lines.

Attached Files

  • Attached File  FRST.txt   57.96KB   2 downloads

Edited by honnybee7, 13 March 2016 - 02:20 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,926 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:11 AM

Posted 13 March 2016 - 08:12 AM

 
I never used the rofuekullercmd tool.
I can read and appreciate the commnds listed.
 
Are you able to just run the RogueKiller tool as I have suggested?
Post the log if you can.
===
 

when I open task manager from command prompt, explorer.exe is missing.
 
Let find out if you have a good copy of the Explorer.exe file on your system.
 
Please download SystemLook from one of the links below and save it to your Desktop.
 
If your operating system is 64 bit download this tool:
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
  • :regfind 
    explorer.exe
    :filefind 
    explorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
  • ===


    #5 honnybee7

    honnybee7
    • Topic Starter

    • Members
    • 6 posts
    • OFFLINE
    •  
    • Local time:10:11 PM

    Posted 13 March 2016 - 06:26 PM

    I did what you said no notepad pop out, searched my computer if it was saved anywhere none was made. I try to fix the values for shell a days userinit in registry editor but after restart goes back to what it was.

    #6 honnybee7

    honnybee7
    • Topic Starter

    • Members
    • 6 posts
    • OFFLINE
    •  
    • Local time:10:11 PM

    Posted 14 March 2016 - 02:13 AM

    Hello nascar I ended up restoring my computer to factory settings everything is working fine now, but for post repair what anti-virus should I download and any other important applications that you think are important to my computer so an issue like this doesn't happen again. Lastly thanks for the help. :)

    #7 nasdaq

    nasdaq

    • Malware Response Team
    • 39,926 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:02:11 AM

    Posted 14 March 2016 - 07:18 AM

    Since I just found out that you have other topics opened..

     

    http://www.sevenforums.com/general-discussion/392715-black-screen-please-help.html

     

    and 

     

    http://www.geekstogo.com/forum/topic/360061-black-screen-mouse-issue/page-5

     

    I will leave it to the other helpers to give you their recommendations.

     

    It's not proper to get help in more than one forum using the resources of helpers when others are waiting to be helped.

    The resources of helpers in all the forums are limited and should be abused.

     

    This topic will be closed..






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users