Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess virus and I can't access Windows!


  • This topic is locked This topic is locked
36 replies to this topic

#1 Mr. Wilber

Mr. Wilber

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 12:19 AM

I've read a number of posting here and I see how capable you are at dealing with these issues.  I'd appreciate your excellent assistance too :-) 

A quick history, about two weeks ago the computer would not boot into Windows (7), just a black screen with the cursor.  I tried many cures, RAM changes, boot fixes, hard drives cable changes, etc.  I came upon your posting and decided to run FRST64 and it shows ZeroAccess.  I can't figure out how to eliminate the virus since I can not get into windows.  I am working through CMD in the recovery  disk.  I suspect I need one of those custom codes.

 

Here is the report, I hope to hear from you soon.

Thanx!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by SYSTEM on 19-07-2013 23:51:24
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (All) ===========================

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe, [30720 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] userinit.exe, [26624 2010-11-20] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [2871808 2011-02-24] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-24] (Microsoft Corporation)
Winlogon\Notify\PFW:
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKLM-x32\...\Run: [VolPanel] - "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r [241789 2009-05-04] (Creative Technology Ltd)
HKLM-x32\...\Run: [SSBkgdUpdate] - "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [LifeCam] - "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ATICustomerCare] - "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - "c:\program files (x86)\microsoft office\office14\bcssync.exe" /delayservices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [CTSyncService] - c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe /startrunkey [1233195 2009-07-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [AMD AVT] - cmd.exe /c start "amd accelerated video transcoding device initialization" /min "c:\program files (x86)\amd avt\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKU\Amend Gang\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-06] (Google Inc.)
HKU\Amend Gang\...\Run: [QuickenScheduledUpdates] - C:\Program Files (x86)\Quicken 2\bagent.exe [76072 2013-04-09] (Intuit Inc.)
HKU\Amend Gang\...\Run: [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Amend Gang\...\Run: [Akamai NetSession Interface] - "C:\Users\Amend Gang\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Amend Gang\...\Run: [Advanced SystemCare 6] - "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart [491840 2013-01-15] (IObit)
HKU\Amend Gang\...\Run: [9C87EEA0761B1E752B4778E29E2D0857ADE0872D._service_run] - "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-06-14] (Google Inc.)
HKU\Amend Gang\...\Run: [GarminExpressTrayApp] - "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKU\Amend Gang\...\Run: [Google Update] - "C:\Users\Amend Gang\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-07-09] (Google Inc.)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\HomeGroupUser$\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\HomeGroupUser$\...\Run: [Advanced SystemCare 5] - "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [x]
HKU\HomeGroupUser$\...\Run: [Akamai NetSession Interface] - "C:\Users\Amend Gang\AppData\Local\Akamai\netsession_win.exe" [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\HomeGroupUser$\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-06] (Google Inc.)
HKU\HomeGroupUser$\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [1475584 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
AppInit_DLLs:   0 [97280 2009-07-13] ()
Lsa: [Authentication Packages] msv1_0
Lsa: [Notification Packages] scecli
Startup: C:\Users\Amend Gang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} -  No File
BootExecute: autocheck autochk *
AlternateShell: cmd.exe

==================== Services (All) ========================

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640 2013-05-09] (Adobe Systems Incorporated)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [256904 2013-06-11] (Adobe Systems Incorporated)
S2 AdvancedSystemCareService6; C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
S3 AeLookupSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AppIDSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Appinfo; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008 2012-12-21] (Apple Inc.)
S4 AppMgmt; C:\Windows\System32\appmgmts.dll [193536 2009-07-13] (Microsoft Corporation)
S4 AppMgmt; C:\Windows\SysWow64\appmgmts.dll [149504 2009-07-13] (Microsoft Corporation)
S3 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51648 2012-07-08] (Microsoft Corporation)
S2 AudioEndpointBuilder; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 AudioSrv; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AxInstSV; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
S2 BFE; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 BITS; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
S2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [462184 2011-08-30] (Apple Inc.)
S2 Browser; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S3 bthserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 CertPropSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [104912 2012-07-08] (Microsoft Corporation)
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [123856 2012-07-08] (Microsoft Corporation)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-12-22] (Creative Labs)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-12-22] (Creative Labs)
S3 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-06-14] (Microsoft Corporation)
S4 CscService; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-22] (Creative Technology Ltd)
S2 DcomLaunch; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
S2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation)
S2 Dnscache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 dot3svc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation)
S2 dsNcService; C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe [615720 2009-08-12] (Juniper Networks)
S3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation)
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
S2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation)
S2 fdPHost; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 FDResPub; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 FontCache; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
S3 fsssvc; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [1492840 2011-05-13] (Microsoft Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [130976 2011-03-01] (Futuremark Corporation)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S2 gpsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 gupdate; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-08-16] (Google Inc.)
S3 gupdatem; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176 2011-08-16] (Google Inc.)
S3 gusvc; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2012-08-10] (Google)
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2012-05-15] (Hi-Rez Studios)
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation)
S3 HomeGroupListener; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-04] (Microsoft Corporation)
S2 IKEEXT; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2011-03-14] (iolo technologies, LLC)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [724152 2011-03-14] (iolo technologies, LLC)
S2 IPBusEnum; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 iPod Service; C:\Program Files\iPod\bin\iPodService.exe [641352 2013-05-31] (Apple Inc.)
S3 KtmRm; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 LanmanServer; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 LanmanWorkstation; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 lltdsvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S4 Mcx2Svc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S3 Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [31125880 2011-06-12] (Microsoft Corporation)
S2 MMCSS; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [117144 2013-07-04] (Mozilla Foundation)
S2 MpsSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [194416 2010-12-13] (Microsoft Corporation)
S4 MSiSCSI; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation)
S4 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation)
S3 Netman; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S2 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139696 2012-07-08] (Microsoft Corporation)
S2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3804120 2011-08-07] (INCA Internet Co., Ltd.)
S2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 nvUpdatusService; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1260320 2013-02-25] (NVIDIA Corporation)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [149352 2010-01-09] (Microsoft Corporation)
S3 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4925184 2010-01-09] (Microsoft Corporation)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
S2 PcaSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 PeerDistSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation)
S2 PlugPlay; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-09] ()
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
S3 PNRPsvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 PolicyAgent; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Power; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 ProfSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 QBCFMonitorService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2009-09-02] (Intuit)
S3 QBFCService; c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.)
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
S3 RasAuto; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 RasMan; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
S4 RemoteAccess; C:\Windows\SysWow64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation)
S3 RemoteRegistry; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RpcEptMapper; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 RpcSs; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 SCardSvr; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Schedule; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 SCPolicySvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation)
S3 seclogon; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
S2 SENS; C:\Windows\SysWow64\sens.dll [49664 2009-07-13] (Microsoft Corporation)
S3 SensrSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation)
S3 SessionEnv; C:\Windows\SysWow64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation)
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation)
S2 ShellHWDetection; C:\Windows\SysWow64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation)
S2 SkypeUpdate; C:\Program Files (x86)\Skype\Updater\Updater.exe [162408 2013-06-03] (Skype Technologies)
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2010-12-22] (Creative Labs)
S3 sppuinotify; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SSDPSRV; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 SstpSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [543656 2013-03-15] (Valve Corporation)
S2 Stereo Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264 2013-01-18] (NVIDIA Corporation)
S2 stisvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 StorSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 swprv; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 SysMain; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 TabletInputService; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation)
S3 TapiSrv; C:\Windows\SysWow64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation)
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
S3 TermService; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 Themes; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 THREADORDER; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92592 2011-04-22] (TomTom)
S2 TrkWks; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation)
S3 UmRdpService; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
S2 UxSms; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 W32Time; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WbioSrvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation)
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
S3 WebClient; C:\Windows\System32\webclnt.dll [258560 2010-11-20] (Microsoft Corporation)
S3 Wecsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wercplsupport; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
S3 WinHttpAutoProxySvc; C:\Windows\System32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation)
S2 Winmgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2832384 2012-12-16] (Microsoft Corporation)
S3 Wlansvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S4 wlcrasvc; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
S2 wlidsvc; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096 2011-03-28] (Microsoft Corp.)
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation)
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
S3 WPDBusEnum; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03] (Microsoft Corporation)
S2 wsnm; C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [494192 2012-03-02] (VMware, Inc.)
S2 wsnm_usbctrl; C:\Program Files\VMware\VMware View\Client\bin\wsnm_usbctrl.exe [1125488 2012-03-02] (VMware, Inc.)
S3 wuauserv; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 wudfsvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 WwanSvc; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 xsherlock; C:\Windows\SysWow64\xsherlock.xem [666720 2012-09-19] (Wellbia.com Co., Ltd.)
S3 ALG;
S2 EFS;
S2 eventlog;  [x]
S3 Fax;
S3 KeyIso;
S3 MSDTC;
S4 Netlogon;
S2 nvsvc;
S3 ProtectedStorage;
S3 RpcLocator;
S2 SamSs;
S4 SNMPTRAP;
S2 Spooler;
S2 sppsvc;
S3 UI0Detect;
S3 VaultSvc;
S3 vds;
S3 VSS;
S3 WatAdminSvc;
S3 wbengine;
S3 wmiApSrv;

==================== Drivers (All) ==========================

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation)
S0 ACPI; C:\Windows\System32\drivers\ACPI.sys [334208 2010-11-20] (Microsoft Corporation)
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation)
S3 adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
S3 adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
S3 adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
S1 AFD; C:\Windows\system32\drivers\afd.sys [498688 2011-12-27] (Microsoft Corporation)
S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
S3 amdide; C:\Windows\system32\drivers\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
S3 amdiox64; C:\Windows\System32\DRIVERS\amdiox64.sys [46136 2010-02-18] (Advanced Micro Devices)
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11922944 2012-07-03] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [359936 2012-07-03] (Advanced Micro Devices, Inc.)
S3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
S3 amdsata; C:\Windows\system32\drivers\amdsata.sys [107904 2011-03-10] (Advanced Micro Devices)
S3 amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
S0 amdxata; C:\Windows\System32\drivers\amdxata.sys [27008 2011-03-10] (Advanced Micro Devices)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [36256 2009-11-13] (Google Inc)
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation)
S3 arc; C:\Windows\system32\DRIVERS\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
S3 arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
S0 atapi; C:\Windows\System32\drivers\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [95760 2012-02-23] (Advanced Micro Devices)
S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-01-27] (ATI Technologies, Inc.)
S3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [11922944 2012-07-03] (Advanced Micro Devices, Inc.)
S0 AtiPcie; C:\Windows\System32\DRIVERS\AtiPcie.sys [16440 2013-07-19] (Advanced Micro Devices Inc.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
S1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
S1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
S3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] (Microsoft Corporation)
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
S1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
S3 cmdide; C:\Windows\system32\drivers\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
S0 CNG; C:\Windows\System32\Drivers\cng.sys [458712 2012-10-25] (Microsoft Corporation)
S3 Compbatt; C:\Windows\system32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
S3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation)
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
S1 CSC; C:\Windows\System32\drivers\csc.sys [514560 2010-11-20] (Microsoft Corporation)
S3 dc3d; C:\Windows\System32\DRIVERS\dc3d.sys [75904 2012-11-26] (Microsoft Corporation)
S1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation)
S1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
S0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [32768 2009-08-12] (Juniper Networks)
S3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [983400 2013-04-09] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-13] (Emulex)
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
S0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
S0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [289664 2010-11-20] (Microsoft Corporation)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
S3 fssfltr; C:\Windows\System32\DRIVERS\fssfltr.sys [48488 2010-09-22] (Microsoft Corporation)
S0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23408 2012-02-29] (Microsoft Corporation)
S0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223752 2013-04-10] (Microsoft Corporation)
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
S3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation)
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation)
S3 HpSAMD; C:\Windows\system32\drivers\HpSAMD.sys [78720 2010-11-20] (Hewlett-Packard Company)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [36256 2009-11-13] (Google Inc)
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation)
S0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14720 2010-11-20] (Microsoft Corporation)
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-10] (Intel Corporation)
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
S3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2267552 2010-02-08] (Realtek Semiconductor Corp.)
S3 intelide; C:\Windows\system32\drivers\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation)
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation)
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
S3 isapnp; C:\Windows\system32\drivers\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
S3 iScsiPrt; C:\Windows\system32\drivers\msiscsi.sys [273792 2010-11-20] (Microsoft Corporation)
S3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation)
S0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95600 2012-06-01] (Microsoft Corporation)
S0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [154480 2012-10-25] (Microsoft Corporation)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
S4 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-13] (LSI Corporation)
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
S3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
S0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94592 2010-11-20] (Microsoft Corporation)
S3 mpio; C:\Windows\system32\drivers\mpio.sys [155008 2010-11-20] (Microsoft Corporation)
S3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2010-11-20] (Microsoft Corporation)
S3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-26] (Microsoft Corporation)
S3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-08] (Microsoft Corporation)
S3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-26] (Microsoft Corporation)
S3 msahci; C:\Windows\system32\drivers\msahci.sys [31104 2010-11-20] (Microsoft Corporation)
S3 msdsm; C:\Windows\system32\drivers\msdsm.sys [140672 2010-11-20] (Microsoft Corporation)
S1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
S3 MSHUSBVideo; C:\Windows\System32\Drivers\nx6000.sys [36720 2010-12-13] (Microsoft Corporation)
S0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [366976 2010-11-20] (Microsoft Corporation)
S1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
S0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
S3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
S0 NDIS; C:\Windows\System32\drivers\ndis.sys [950128 2012-08-22] (Microsoft Corporation)
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
S3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
S3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation)
S3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation)
S3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation)
S1 NEOFLTR_650_14599; C:\Windows\system32\Drivers\NEOFLTR_650_14599.SYS [91696 2009-08-12] (Juniper Networks)
S1 NEOFLTR_650_14599; C:\Windows\system32\Drivers\NEOFLTR_650_14599.SYS [91696 2009-08-12] (Juniper Networks)
S1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
S1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation)
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
S1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-01] (INCA Internet Co., Ltd.)
S1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
S3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1656680 2013-04-12] (Microsoft Corporation)
S1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
S3 nusb3hub; C:\Windows\System32\DRIVERS\nusb3hub.sys [77824 2010-01-22] (NEC Electronics Corporation)
S3 nusb3xhc; C:\Windows\System32\DRIVERS\nusb3xhc.sys [180224 2010-01-22] (NEC Electronics Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda64v.sys [189288 2012-07-03] (NVIDIA Corporation)
S3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [11036448 2013-02-25] (NVIDIA Corporation)
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-10] (NVIDIA Corporation)
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-10] (NVIDIA Corporation)
S3 nv_agp; C:\Windows\system32\drivers\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
S0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75120 2012-03-16] (Microsoft Corporation)
S0 pci; C:\Windows\System32\drivers\pci.sys [184704 2010-11-20] (Microsoft Corporation)
S0 pciide; C:\Windows\System32\drivers\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
S0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation)
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [50800 2013-01-29] (Microsoft Corporation)
S3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation)
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation)
S1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation)
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
S3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
S3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation)
S3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
S3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
S1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation)
S3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [165888 2010-11-20] (Microsoft Corporation)
S1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-11-02] (Microsoft Corporation)
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-27] (Microsoft Corporation)
S0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [213888 2010-11-20] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [11264 2009-07-13] (Microsoft Corporation)
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
S2 RtDashPt; C:\Windows\System32\DRIVERS\RtDashPt.sys [38504 2011-09-19] (Windows ® Codename Longhorn DDK provider)
S3 RTL8167; C:\Windows\System32\DRIVERS\Rt64win7.sys [539240 2011-12-27] (Realtek                                            )
S3 s3cap; C:\Windows\system32\drivers\vms3cap.sys [6656 2010-11-20] (Microsoft Corporation)
S3 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [103808 2010-11-20] (Microsoft Corporation)
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation)
S2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
S1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation)
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation)
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-28] (Microsoft Corporation)
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-28] (Microsoft Corporation)
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-28] (Microsoft Corporation)
S3 sscdbus; C:\Windows\System32\DRIVERS\sscdbus.sys [136264 2010-11-10] (MCCI Corporation)
S3 sscdmdfl; C:\Windows\System32\DRIVERS\sscdmdfl.sys [19016 2010-11-10] (MCCI Corporation)
S3 sscdmdm; C:\Windows\System32\DRIVERS\sscdmdm.sys [172104 2010-11-10] (MCCI Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-10] (MCCI Corporation)
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-13] (Promise Technology)
S3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2009-07-13] (Microsoft Corporation)
S0 storflt; C:\Windows\System32\drivers\vmstorfl.sys [46464 2010-11-20] (Microsoft Corporation)
S3 storvsc; C:\Windows\system32\drivers\storvsc.sys [34688 2010-11-20] (Microsoft Corporation)
S3 swenum; C:\Windows\system32\drivers\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
S0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1910632 2013-06-14] (Microsoft Corporation)
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1910632 2013-06-14] (Microsoft Corporation)
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation)
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation)
S1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation)
S1 TermDD; C:\Windows\system32\drivers\termdd.sys [63360 2010-11-20] (Microsoft Corporation)
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39424 2010-11-20] (Microsoft Corporation)
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [57856 2012-11-02] (Microsoft Corporation)
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation)
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation)
S3 uliagpkx; C:\Windows\system32\drivers\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
S3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation)
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.)
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109696 2010-11-20] (Microsoft Corporation)
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2011-03-24] (Microsoft Corporation)
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
S3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52736 2011-03-24] (Microsoft Corporation)
S3 usbfilter; C:\Windows\System32\DRIVERS\usbfilter.sys [38456 2009-12-21] (Advanced Micro Devices)
S3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-24] (Microsoft Corporation)
S3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2011-03-24] (Microsoft Corporation)
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2009-07-13] (Microsoft Corporation)
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-10] (Microsoft Corporation)
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [30720 2009-07-13] (Microsoft Corporation)
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184960 2010-11-20] (Microsoft Corporation)
S0 vdrvroot; C:\Windows\System32\drivers\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
S1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
S3 vhdmp; C:\Windows\system32\drivers\vhdmp.sys [215936 2010-11-20] (Microsoft Corporation)
S3 viaide; C:\Windows\system32\drivers\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
S0 vmbus; C:\Windows\System32\drivers\vmbus.sys [199552 2010-11-20] (Microsoft Corporation)
S3 VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [21760 2010-11-20] (Microsoft Corporation)
S3 vmwvusb; C:\Windows\System32\Drivers\vmwvusb.sys [48240 2012-03-02] (VMware, Inc.)
S0 volmgr; C:\Windows\System32\drivers\volmgr.sys [71552 2010-11-20] (Microsoft Corporation)
S0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363392 2010-11-20] (Microsoft Corporation)
S0 volsnap; C:\Windows\System32\drivers\volsnap.sys [295808 2010-11-20] (Microsoft Corporation)
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
S3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation)
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-13] (Microsoft Corporation)
S0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [785512 2012-07-25] (Microsoft Corporation)
S1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
S3 WIMMount; C:\Windows\SysWow64\drivers\wimmount.sys [19008 2009-07-13] (Microsoft Corporation)
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation)
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
S3 WsAudio_DeviceS(1); C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [29288 2011-12-19] (Wondershare)
S3 WsAudio_DeviceS(2); C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [29288 2011-12-19] (Wondershare)
S3 WsAudio_DeviceS(3); C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [29288 2011-12-19] (Wondershare)
S3 WsAudio_DeviceS(4); C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [29288 2011-12-19] (Wondershare)
S3 WsAudio_DeviceS(5); C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [29288 2011-12-19] (Wondershare)
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation)
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation)
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 dump_wmimmc; \??\C:\AeriaGames\WolfTeam\GameGuard\dump_wmimmc.sys [x]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S1 FileDisk; No ImagePath
S3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
S3 X6va005; \??\C:\Users\AMENDG~1\AppData\Local\Temp\0059D01.tmp [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-19 23:42 - 2013-07-19 23:42 - 00000000 ____D C:\FRST
2013-07-19 15:55 - 2009-07-13 17:34 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\ws2help.dll
2013-07-18 22:48 - 2013-07-18 22:48 - 00000000 _____ C:\firefox.exe
2013-07-13 19:16 - 2013-07-13 19:29 - 00032768 _____ C:\BCD_Backup
2013-07-13 19:16 - 2013-07-13 19:29 - 00029696 ___SH C:\BCD_Backup.LOG
2013-07-09 06:50 - 2013-07-09 18:55 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA.job
2013-07-09 06:50 - 2013-07-09 06:55 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core.job
2013-07-09 06:50 - 2013-07-09 06:50 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA
2013-07-09 06:50 - 2013-07-09 06:50 - 00003516 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core
2013-07-08 07:00 - 2013-07-08 07:00 - 00000000 ____D C:\Users\Amend Gang\Documents\Garmin
2013-07-08 04:07 - 2013-07-08 04:07 - 00003176 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-07-08 04:07 - 2013-07-08 04:07 - 00003174 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-07-08 04:07 - 2013-05-22 14:49 - 00032600 _____ (IObit) C:\Windows\System32\SmartDefragBootTime.exe
2013-07-08 04:07 - 2013-05-22 14:49 - 00017720 _____ C:\Windows\System32\Drivers\SmartDefragDriver.sys
2013-07-08 04:03 - 2013-07-08 04:03 - 00000056 _____ C:\Windows\setupact.log
2013-07-08 04:03 - 2013-07-08 04:03 - 00000000 _____ C:\Windows\setuperr.log
2013-07-06 06:01 - 2013-07-06 06:01 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\{84973820-FA27-4981-8918-69CA9F5C36D0}
2013-07-04 20:40 - 2013-07-05 04:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 12:53 - 2013-06-30 12:53 - 00000000 _____ C:\END
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 04:21 - 2013-06-26 04:22 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE6F.tmp
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE5E.tmp
2013-06-25 14:30 - 2013-06-25 14:31 - 00000000 ____D C:\Users\Amend Gang\Documents\One Note
2013-06-25 14:29 - 2013-06-25 14:29 - 00000000 ____D C:\Users\Amend Gang\Documents\My Practice Files
2013-06-25 13:46 - 2013-06-25 13:47 - 00000000 ____D C:\Users\Public\Documents\Ed's test
2013-06-22 15:08 - 2013-06-22 16:17 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Awesomium
2013-06-22 08:05 - 2013-06-22 08:05 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Sony Online Entertainment

==================== One Month Modified Files and Folders =======

2013-07-19 23:42 - 2013-07-19 23:42 - 00000000 ____D C:\FRST
2013-07-19 18:29 - 2011-05-18 17:52 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\Drivers\AtiPcie.sys
2013-07-18 22:48 - 2013-07-18 22:48 - 00000000 _____ C:\firefox.exe
2013-07-18 12:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\winevt
2013-07-13 19:29 - 2013-07-13 19:16 - 00032768 _____ C:\BCD_Backup
2013-07-13 19:29 - 2013-07-13 19:16 - 00029696 ___SH C:\BCD_Backup.LOG
2013-07-13 09:15 - 2009-07-13 20:45 - 00003072 _____ C:\Windows\System32\umstartup.etl
2013-07-10 16:55 - 2009-07-13 20:45 - 00425104 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-09 18:57 - 2012-03-29 18:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 18:55 - 2013-07-09 06:50 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA.job
2013-07-09 18:47 - 2010-12-22 19:29 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C8715486-E90B-497B-9A3C-3597AA1A5805}
2013-07-09 18:14 - 2011-11-15 19:03 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA.job
2013-07-09 18:08 - 2011-08-16 17:12 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 16:32 - 2012-03-29 18:36 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-09 16:03 - 2011-06-18 18:35 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\.minecraft
2013-07-09 15:14 - 2011-11-15 19:03 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core.job
2013-07-09 09:25 - 2009-07-13 21:13 - 00786558 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-09 06:55 - 2013-07-09 06:50 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core.job
2013-07-09 06:50 - 2013-07-09 06:50 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA
2013-07-09 06:50 - 2013-07-09 06:50 - 00003516 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core
2013-07-09 06:50 - 2011-08-16 17:12 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Google
2013-07-09 06:50 - 2010-12-29 19:36 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Mozilla
2013-07-09 06:08 - 2011-08-16 17:12 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 06:03 - 2011-08-16 17:12 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-09 06:03 - 2011-08-16 17:12 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-08 17:03 - 2011-09-28 18:54 - 00000000 ____D C:\Users\Amend Gang\Documents\Outlook Files
2013-07-08 17:01 - 2010-12-22 20:05 - 00114776 _____ C:\Users\Amend Gang\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-08 07:00 - 2013-07-08 07:00 - 00000000 ____D C:\Users\Amend Gang\Documents\Garmin
2013-07-08 04:12 - 2009-07-13 20:45 - 00013648 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:12 - 2009-07-13 20:45 - 00013648 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:07 - 2013-07-08 04:07 - 00003176 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-07-08 04:07 - 2013-07-08 04:07 - 00003174 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-07-08 04:07 - 2011-01-23 18:39 - 00001134 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-07-08 04:04 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-08 04:03 - 2013-07-08 04:03 - 00000056 _____ C:\Windows\setupact.log
2013-07-08 04:03 - 2013-07-08 04:03 - 00000000 _____ C:\Windows\setuperr.log
2013-07-08 04:03 - 2012-12-02 12:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-08 04:03 - 2012-07-21 05:14 - 00000308 _____ C:\Windows\Tasks\RtlDashSrvStart.job
2013-07-08 04:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-07 05:01 - 2010-12-22 21:58 - 01050607 _____ C:\Windows\WindowsUpdate.log
2013-07-07 04:54 - 2010-12-22 19:02 - 00000000 ____D C:\users\Amend Gang
2013-07-07 04:50 - 2012-01-13 06:16 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Applian FLV and Media Player
2013-07-06 20:00 - 2010-12-22 19:39 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\CrashDumps
2013-07-06 07:44 - 2012-08-17 14:53 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Skype
2013-07-06 06:35 - 2010-12-30 18:39 - 00000000 ____D C:\Users\Amend Gang\Documents\Dad
2013-07-06 06:01 - 2013-07-06 06:01 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\{84973820-FA27-4981-8918-69CA9F5C36D0}
2013-07-05 13:10 - 2012-04-24 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 04:35 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 12:53 - 2013-06-30 12:53 - 00000000 _____ C:\END
2013-06-29 14:15 - 2010-02-01 19:21 - 00000000 ____D C:\Users\HomeGroupUser$\Documents\SSAC
2013-06-29 14:14 - 2008-08-16 08:29 - 00000000 ____D C:\Users\HomeGroupUser$\Documents\My Received Files
2013-06-29 14:08 - 2010-12-26 10:00 - 00009216 ___SH C:\Users\HomeGroupUser$\Downloads\Thumbs.db
2013-06-28 09:04 - 2011-11-09 11:28 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Akamai
2013-06-27 17:15 - 2013-02-09 16:24 - 00000995 _____ C:\Users\Amend Gang\Desktop\PhotoScape.lnk
2013-06-27 17:15 - 2013-02-09 16:24 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 04:22 - 2013-06-26 04:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 04:22 - 2012-04-29 03:34 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-26 04:22 - 2011-03-02 04:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-26 04:22 - 2010-12-28 19:36 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE6F.tmp
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE5E.tmp
2013-06-25 16:53 - 2011-08-05 13:09 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-25 14:31 - 2013-06-25 14:30 - 00000000 ____D C:\Users\Amend Gang\Documents\One Note
2013-06-25 14:29 - 2013-06-25 14:29 - 00000000 ____D C:\Users\Amend Gang\Documents\My Practice Files
2013-06-25 13:59 - 2010-12-26 10:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-25 13:47 - 2013-06-25 13:46 - 00000000 ____D C:\Users\Public\Documents\Ed's test
2013-06-22 18:23 - 2011-01-09 09:44 - 00000000 ____D C:\Users\Amend Gang\Documents\Will
2013-06-22 16:17 - 2013-06-22 15:08 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Awesomium
2013-06-22 15:08 - 2011-08-12 13:04 - 00000000 ____D C:\Users\Amend Gang\Documents\My Games
2013-06-22 08:44 - 2011-11-06 17:16 - 00000419 _____ C:\Windows\BRWMARK.INI
2013-06-22 08:05 - 2013-06-22 08:05 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Sony Online Entertainment
2013-06-20 18:08 - 2012-08-11 05:18 - 00000000 ____D C:\Program Files (x86)\Coupons

ZeroAccess:
C:\Users\Amend Gang\AppData\Local\{e6a17a4a-f943-6edc-ea0d-280d63da238b}
C:\Users\Amend Gang\AppData\Local\{e6a17a4a-f943-6edc-ea0d-280d63da238b}\L
C:\Users\Amend Gang\AppData\Local\{e6a17a4a-f943-6edc-ea0d-280d63da238b}\U

Files to move or delete:
====================
C:\ProgramData\hash.dat

==================== Known DLLs (All) =========================

[2009-07-13 16:00] - [2009-07-13 17:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll
[2009-07-13 15:44] - [2009-07-13 17:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll
[2011-04-21 19:55] - [2010-11-20 05:27] - 2086912 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll
[2011-04-21 19:55] - [2010-11-20 04:20] - 1414144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
[2009-07-13 16:41] - [2009-07-13 17:40] - 0877056 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll
[2011-04-21 19:54] - [2010-11-20 04:18] - 0640512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
[2011-04-21 19:54] - [2010-11-20 05:25] - 0594432 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.dll
[2011-04-21 19:54] - [2010-11-20 04:18] - 0485888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll
[2011-04-21 19:54] - [2010-11-20 05:26] - 0403968 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll
[2011-04-21 19:54] - [2010-11-20 04:08] - 0311296 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
[2013-06-14 03:57] - [2013-06-14 03:57] - 2648064 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll
[2013-06-14 03:57] - [2013-06-14 03:57] - 2046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll
[2012-04-10 17:48] - [2012-02-29 22:33] - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\IMAGEHLP.dll
[2012-04-10 17:48] - [2012-02-29 21:33] - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll
[2011-04-21 19:54] - [2010-11-20 04:08] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll
[2013-01-10 18:30] - [2012-11-29 21:41] - 1161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
[2013-01-10 18:30] - [2012-11-29 20:53] - 1114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll
[2009-07-13 15:25] - [2009-07-13 17:11] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll
[2009-07-13 15:40] - [2009-07-13 17:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll
[2009-07-13 15:28] - [2009-07-13 17:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll
[2012-02-16 13:34] - [2011-12-16 00:46] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll
[2012-02-16 13:34] - [2011-12-15 23:52] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll
[2009-07-13 15:26] - [2009-07-13 17:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll
[2009-07-13 15:15] - [2009-07-13 17:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll
[2011-10-11 16:55] - [2011-10-11 16:55] - 0861696 ____A (Microsoft Corporation) C:\Windows\System32\OLEAUT32.dll
[2011-10-11 16:55] - [2011-10-11 16:55] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\OLEAUT32.dll
[2009-07-13 15:26] - [2009-07-13 17:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll
[2009-07-13 15:15] - [2009-07-13 17:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll
[2011-04-21 19:55] - [2010-11-20 05:27] - 1219584 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
[2011-04-21 19:54] - [2010-11-20 04:08] - 0663040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
[2009-07-13 15:20] - [2009-07-13 17:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll
[2009-07-13 15:11] - [2009-07-13 17:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
[2011-04-21 19:54] - [2010-11-20 05:27] - 1900544 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll
[2011-04-21 19:54] - [2010-11-20 04:21] - 1667584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll
[2013-05-14 10:48] - [2013-02-26 21:52] - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\SHELL32.dll
[2013-05-14 10:48] - [2013-02-26 20:55] - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHELL32.dll
[2011-04-21 19:54] - [2010-11-20 05:27] - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll
[2011-04-21 19:54] - [2010-11-20 04:21] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll
[2013-06-14 03:57] - [2013-06-14 03:57] - 1365504 ____A (Microsoft Corporation) C:\Windows\System32\URLMON.dll
[2013-06-14 03:57] - [2013-06-14 03:57] - 1141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\URLMON.dll
[2011-04-21 19:54] - [2010-11-20 05:27] - 1008128 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll
[2011-04-21 19:54] - [2010-11-20 04:08] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
[2013-01-10 18:31] - [2012-11-21 21:44] - 0800768 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll
[2013-01-10 18:31] - [2012-11-21 20:45] - 0626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll
[2013-06-14 03:58] - [2013-06-14 03:58] - 2241024 ____A (Microsoft Corporation) C:\Windows\System32\WININET.dll
[2013-06-14 03:58] - [2013-06-14 03:58] - 1767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WININET.dll
[2011-04-21 19:54] - [2010-11-20 05:27] - 0312832 ____A (Microsoft Corporation) C:\Windows\System32\WLDAP32.dll
[2011-04-21 19:54] - [2010-11-20 04:21] - 0269824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WLDAP32.dll
[2011-04-21 19:54] - [2010-11-20 05:27] - 0297984 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll
[2011-04-21 19:54] - [2010-11-20 04:21] - 0206848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll
[2009-07-13 15:27] - [2009-07-13 17:40] - 0504320 ____A (Microsoft Corporation) C:\Windows\System32\DifxApi.dll
[2009-07-13 15:16] - [2009-07-13 17:15] - 0315904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DifxApi.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-US
default                 {default}
displayorder            {default}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional
locale                  en-US
osdevice                partition=C:
systemroot              \Windows
resumeobject            {c66568cf-ed85-11e2-b8d2-806e6f6e6963}

Windows Boot Loader
-------------------
identifier              {e0281873-ec35-11e2-8818-a1b5d26b8c9a}
device                  ramdisk=[C:]\Recovery\fe40db71-0e58-11e0-a7f5-d6090fa6889f\Winre.wim,{e0281874-ec35-11e2-8818-a1b5d26b8c9a}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                 
osdevice                ramdisk=[C:]\Recovery\fe40db71-0e58-11e0-a7f5-d6090fa6889f\Winre.wim,{e0281874-ec35-11e2-8818-a1b5d26b8c9a}
systemroot              \windows
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {c66568cf-ed85-11e2-b8d2-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Professional
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US

Device options
--------------
identifier              {e0281874-ec35-11e2-8818-a1b5d26b8c9a}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\fe40db71-0e58-11e0-a7f5-d6090fa6889f\boot.sdi

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4095.24 MB
Available physical RAM: 3407.54 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3412.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 20 July 2013 - 06:15 AM


Hello Mr. Wilber

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
C:\Users\Amend Gang\AppData\Local\{e6a17a4a-f943-6edc-ea0d-280d63da238b}
C:\ProgramData\hash.dat
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 08:23 AM

Gringo,

Thank you for your rapid reply!!!

I run the code as instruicted, then I booted the PC normally.  I still have a black screen witha movable cursor.  I know about a Regedit that can be made to correct this, winlogon, shell.  I've tried that a number of times already but it would revert back to the incorrect code.  I'm assuming the fixes you made might allow the correction to stay.

Waiting your instructions.

Thank you.

Ed



#4 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 08:32 AM

Sorry, I forgot to post the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by SYSTEM at 2013-07-20 09:15:22 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

C:\Users\Amend Gang\AppData\Local\{e6a17a4a-f943-6edc-ea0d-280d63da238b} => Moved successfully.
C:\ProgramData\hash.dat => Moved successfully.
EagleX64 => Service deleted successfully.

==== End of Fixlog ====



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 20 July 2013 - 08:44 AM


Hello Mr. Wilber

Go ahead and do it and then do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 09:15 AM

Gringo,

I performed the regedit but it still won't stay.  Since I can get into Windows I can perfrom the actions you recommend.  Do you have another suggestion?

Thanx

Ed



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 20 July 2013 - 10:24 AM

Yes run combofix if you can get into windows


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 10:27 AM

I can't get into windows.  I am able to run some functions using the taskmgr with the command prompt.  Can combo fix or other fixes be run through CMD?

Thanx

Ed



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 20 July 2013 - 11:22 AM

Hello


We are going to try System Restore to restore the system prior to the infection.

Depending on your Windows version.


Option 1.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
Step 2: Use ctrl/alt/del (keys) to get task manager opened
Step 3: choose file and create new task
Step 4: Then Navigate to:
C:\windows\system32\restore\rstrui.exe and press Enter and press Enter (double click rstrui.exe) and press Enter (double click rstrui)
Step 5: Restore Computer to a Date you know you were virus free
Step 6: Run Malwarebytes

Option 2.

Step 1: Use F8 to Boot to SafeMode With Command Prompt
At the command prompt type in: rstrui.exe
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 11:25 AM

Can't get into safemode.  I don't have any restore point either.  I know beacuse i have tried this already.

Ed



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 20 July 2013 - 02:05 PM

Run me a new scan with frst


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 02:09 PM

OK, In hopes of rebooting windows I am running a Window defender offline scan.  Whan that is done I will run and send the FRST scan results.

Thanx



#13 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 20 July 2013 - 07:04 PM

Gringo,

I'm back :-)

Windows defender offline completed the scan and found Jave trojan/virus.  It fixed/cleaned them.

 

I tried to boot but no luck, I tried to rebuild bootmanger, etc, like before it appears to work but it soon disappears.  I tried to fix the registry issue but that won't keep either.  Tried startup repair....

 

I ran FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-07-2013
Ran by SYSTEM on 20-07-2013 19:51:56
Running from J:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is not loaded.

Startup: C:\Users\Amend Gang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-20 13:17 - 2013-07-20 13:17 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-19 23:42 - 2013-07-19 23:42 - 00000000 ____D C:\FRST
2013-07-19 15:55 - 2009-07-13 17:34 - 00004608 _____ (Microsoft Corporation) C:\Windows\System32\ws2help.dll
2013-07-18 22:48 - 2013-07-18 22:48 - 00000000 _____ C:\firefox.exe
2013-07-13 19:16 - 2013-07-13 19:29 - 00032768 _____ C:\BCD_Backup
2013-07-13 19:16 - 2013-07-13 19:29 - 00029696 ___SH C:\BCD_Backup.LOG
2013-07-09 06:50 - 2013-07-09 18:55 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA.job
2013-07-09 06:50 - 2013-07-09 06:55 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core.job
2013-07-09 06:50 - 2013-07-09 06:50 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA
2013-07-09 06:50 - 2013-07-09 06:50 - 00003516 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core
2013-07-08 07:00 - 2013-07-08 07:00 - 00000000 ____D C:\Users\Amend Gang\Documents\Garmin
2013-07-08 04:07 - 2013-07-08 04:07 - 00003176 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-07-08 04:07 - 2013-07-08 04:07 - 00003174 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-07-08 04:07 - 2013-05-22 14:49 - 00032600 _____ (IObit) C:\Windows\System32\SmartDefragBootTime.exe
2013-07-08 04:07 - 2013-05-22 14:49 - 00017720 _____ C:\Windows\System32\Drivers\SmartDefragDriver.sys
2013-07-08 04:03 - 2013-07-08 04:03 - 00000056 _____ C:\Windows\setupact.log
2013-07-08 04:03 - 2013-07-08 04:03 - 00000000 _____ C:\Windows\setuperr.log
2013-07-06 06:01 - 2013-07-06 06:01 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\{84973820-FA27-4981-8918-69CA9F5C36D0}
2013-07-04 20:40 - 2013-07-05 04:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 12:53 - 2013-06-30 12:53 - 00000000 _____ C:\END
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 04:21 - 2013-06-26 04:22 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE6F.tmp
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE5E.tmp
2013-06-25 14:30 - 2013-06-25 14:31 - 00000000 ____D C:\Users\Amend Gang\Documents\One Note
2013-06-25 14:29 - 2013-06-25 14:29 - 00000000 ____D C:\Users\Amend Gang\Documents\My Practice Files
2013-06-25 13:46 - 2013-06-25 13:47 - 00000000 ____D C:\Users\Public\Documents\Ed's test
2013-06-22 15:08 - 2013-06-22 16:17 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Awesomium
2013-06-22 08:05 - 2013-06-22 08:05 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Sony Online Entertainment

==================== One Month Modified Files and Folders =======

2013-07-20 13:17 - 2013-07-20 13:17 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-07-19 23:42 - 2013-07-19 23:42 - 00000000 ____D C:\FRST
2013-07-19 18:29 - 2011-05-18 17:52 - 00016440 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\Drivers\AtiPcie.sys
2013-07-18 22:48 - 2013-07-18 22:48 - 00000000 _____ C:\firefox.exe
2013-07-18 12:44 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\winevt
2013-07-13 19:29 - 2013-07-13 19:16 - 00032768 _____ C:\BCD_Backup
2013-07-13 19:29 - 2013-07-13 19:16 - 00029696 ___SH C:\BCD_Backup.LOG
2013-07-13 09:15 - 2009-07-13 20:45 - 00003072 _____ C:\Windows\System32\umstartup.etl
2013-07-10 16:55 - 2009-07-13 20:45 - 00425104 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-09 18:57 - 2012-03-29 18:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-09 18:55 - 2013-07-09 06:50 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA.job
2013-07-09 18:47 - 2010-12-22 19:29 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C8715486-E90B-497B-9A3C-3597AA1A5805}
2013-07-09 18:14 - 2011-11-15 19:03 - 00000948 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA.job
2013-07-09 18:08 - 2011-08-16 17:12 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-09 16:32 - 2012-03-29 18:36 - 00001828 _____ C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
2013-07-09 16:03 - 2011-06-18 18:35 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\.minecraft
2013-07-09 15:14 - 2011-11-15 19:03 - 00000926 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core.job
2013-07-09 09:25 - 2009-07-13 21:13 - 00786558 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-09 06:55 - 2013-07-09 06:50 - 00000876 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core.job
2013-07-09 06:50 - 2013-07-09 06:50 - 00003912 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000UA
2013-07-09 06:50 - 2013-07-09 06:50 - 00003516 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2261991642-4200844590-3487352107-1000Core
2013-07-09 06:50 - 2011-08-16 17:12 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Google
2013-07-09 06:50 - 2010-12-29 19:36 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Mozilla
2013-07-09 06:08 - 2011-08-16 17:12 - 00000902 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-09 06:03 - 2011-08-16 17:12 - 00003902 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-09 06:03 - 2011-08-16 17:12 - 00003650 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-08 17:03 - 2011-09-28 18:54 - 00000000 ____D C:\Users\Amend Gang\Documents\Outlook Files
2013-07-08 17:01 - 2010-12-22 20:05 - 00114776 _____ C:\Users\Amend Gang\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-08 07:00 - 2013-07-08 07:00 - 00000000 ____D C:\Users\Amend Gang\Documents\Garmin
2013-07-08 04:12 - 2009-07-13 20:45 - 00013648 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:12 - 2009-07-13 20:45 - 00013648 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-08 04:07 - 2013-07-08 04:07 - 00003176 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-07-08 04:07 - 2013-07-08 04:07 - 00003174 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-07-08 04:07 - 2011-01-23 18:39 - 00001134 _____ C:\Users\Public\Desktop\Smart Defrag 2.lnk
2013-07-08 04:04 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-08 04:03 - 2013-07-08 04:03 - 00000056 _____ C:\Windows\setupact.log
2013-07-08 04:03 - 2013-07-08 04:03 - 00000000 _____ C:\Windows\setuperr.log
2013-07-08 04:03 - 2012-12-02 12:44 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-08 04:03 - 2012-07-21 05:14 - 00000308 _____ C:\Windows\Tasks\RtlDashSrvStart.job
2013-07-08 04:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-07 05:01 - 2010-12-22 21:58 - 01050607 _____ C:\Windows\WindowsUpdate.log
2013-07-07 04:54 - 2010-12-22 19:02 - 00000000 ____D C:\users\Amend Gang
2013-07-07 04:50 - 2012-01-13 06:16 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Applian FLV and Media Player
2013-07-06 20:00 - 2010-12-22 19:39 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\CrashDumps
2013-07-06 07:44 - 2012-08-17 14:53 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Skype
2013-07-06 06:35 - 2010-12-30 18:39 - 00000000 ____D C:\Users\Amend Gang\Documents\Dad
2013-07-06 06:01 - 2013-07-06 06:01 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\{84973820-FA27-4981-8918-69CA9F5C36D0}
2013-07-05 13:10 - 2012-04-24 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-05 04:35 - 2013-07-04 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-30 12:53 - 2013-06-30 12:53 - 00000000 _____ C:\END
2013-06-29 14:15 - 2010-02-01 19:21 - 00000000 ____D C:\Users\HomeGroupUser$\Documents\SSAC
2013-06-29 14:14 - 2008-08-16 08:29 - 00000000 ____D C:\Users\HomeGroupUser$\Documents\My Received Files
2013-06-29 14:08 - 2010-12-26 10:00 - 00009216 ___SH C:\Users\HomeGroupUser$\Downloads\Thumbs.db
2013-06-28 09:04 - 2011-11-09 11:28 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Akamai
2013-06-27 17:15 - 2013-02-09 16:24 - 00000995 _____ C:\Users\Amend Gang\Desktop\PhotoScape.lnk
2013-06-27 17:15 - 2013-02-09 16:24 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-26 04:22 - 2013-06-26 04:22 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-26 04:22 - 2013-06-26 04:21 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-26 04:22 - 2012-04-29 03:34 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-06-26 04:22 - 2011-03-02 04:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-26 04:22 - 2010-12-28 19:36 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE6F.tmp
2013-06-26 04:21 - 2013-06-26 04:21 - 00000000 _____ C:\Windows\SysWOW64\RENAE5E.tmp
2013-06-25 16:53 - 2011-08-05 13:09 - 00000000 ____D C:\Program Files (x86)\Steam
2013-06-25 14:31 - 2013-06-25 14:30 - 00000000 ____D C:\Users\Amend Gang\Documents\One Note
2013-06-25 14:29 - 2013-06-25 14:29 - 00000000 ____D C:\Users\Amend Gang\Documents\My Practice Files
2013-06-25 13:59 - 2010-12-26 10:23 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-25 13:47 - 2013-06-25 13:46 - 00000000 ____D C:\Users\Public\Documents\Ed's test
2013-06-22 18:23 - 2011-01-09 09:44 - 00000000 ____D C:\Users\Amend Gang\Documents\Will
2013-06-22 16:17 - 2013-06-22 15:08 - 00000000 ____D C:\Users\Amend Gang\AppData\Roaming\Awesomium
2013-06-22 15:08 - 2011-08-12 13:04 - 00000000 ____D C:\Users\Amend Gang\Documents\My Games
2013-06-22 08:44 - 2011-11-06 17:16 - 00000419 _____ C:\Windows\BRWMARK.INI
2013-06-22 08:05 - 2013-06-22 08:05 - 00000000 ____D C:\Users\Amend Gang\AppData\Local\Sony Online Entertainment
2013-06-20 18:08 - 2012-08-11 05:18 - 00000000 ____D C:\Program Files (x86)\Coupons

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe:  <===== ATTENTION!
HKLM\...\exefile\DefaultIcon:  <===== ATTENTION!
HKLM\...\exefile\open\command:  <===== ATTENTION!

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4095.24 MB
Available physical RAM: 3531.34 MB
Total Pagefile: 4093.39 MB
Available Pagefile: 3526.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:541.58 GB) NTFS (Disk=0 Partition=2)
Drive e: (GRMCPRXFRER_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
Drive j: (Accelero Flash Drive) (Removable) (Total:7.47 GB) (Free:7.2 GB) NTFS (Disk=5 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: ABE97827)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 6E697373)
Partition 1: (Not Active) - (Size=875 GB) - (Type=4F)
Partition 2: (Not Active) - (Size=260 GB) - (Type=73)
Partition 3: (Not Active) - (Size=259 GB) - (Type=2B)
Partition 4: (Not Active) - (Size=27 MB) - (Type=61)


LastRegBack: 2013-07-04 22:17

==================== End Of Log ============================

 

Thank you for your help!

Ed



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:02 PM

Posted 21 July 2013 - 09:02 AM



Hello Mr. Wilber



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
LastRegBack: 2013-07-04 22:17
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Mr. Wilber

Mr. Wilber
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wake Forest, NC
  • Local time:09:02 PM

Posted 21 July 2013 - 09:40 AM

OMG!!!!

You are a miracle worker!!!

 

Here you go Gringo.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-07-2013
Ran by SYSTEM at 2013-07-21 10:32:28 Run:2
Running from J:\
Boot Mode: Recovery
==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

I I've been able to boot to windows.  I will run combo fix as instructed earlier.

Ed






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users