Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.0access and Rootkit.0Access.NRX hanging near RDPWD.sys from rem

Started by PaulP , May 19 2013 12:17 AM

  • Please log in to reply

#1
PaulP
Posted 19 May 2013 - 12:17 AM

PaulP

    New Member

  • Member
  • Pip
  • 7 posts
I've tried some various tools to get some cleanage, but they all hang up the system or bsod around rdpwd.sys.

I'm capable to do something manual if needed, but I'm totally lost with this one.


OTL logfile created on: 5/19/2013 1:50:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.74 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 68.52% Memory free
3.49 Gb Paging File | 2.75 Gb Available in Paging File | 78.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 216.64 Gb Free Space | 93.06% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/19 01:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2013/05/14 19:06:00 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/20 02:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/09/20 02:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/05/14 19:06:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/16 12:21:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/20 02:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/20 10:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/09/20 03:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/09/20 03:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/09/20 02:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 C7 A8 6D 05 51 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8F910C72-9FC6-4BC0-9E6A-A3B8FC80EFF3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8F910C72-9FC6-4BC0-9E6A-A3B8FC80EFF3}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\
CHR - Extension: YouTube = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Search = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Gmail = C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE8D3E41-98DC-45B7-BAFA-5907AE84A843}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/19 01:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/05/19 00:28:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\mbar-1.05.0.1001
[2013/05/18 21:23:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2013/05/18 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\FixZeroAccess
[2013/05/18 20:40:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\RK_Quarantine
[2013/05/14 20:26:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\tdsskiller.exe
[2013/05/14 19:29:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2013/05/14 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/14 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/14 19:28:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/14 19:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/14 19:15:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/05/13 22:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/05/13 22:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/05/13 22:13:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Conduit
[2013/05/09 22:02:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Programs
[2013/05/08 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Google
[2013/05/08 20:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/05/06 23:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

========== Files - Modified Within 30 Days ==========

[2013/05/19 01:52:13 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 01:52:12 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/19 01:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/05/19 01:45:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/19 01:45:00 | 165,786,874 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/19 01:45:00 | 1405,194,240 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/19 01:38:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/19 00:28:07 | 012,917,756 | ---- | M] () -- C:\Users\Paul\Desktop\mbar-1.05.0.1001.zip
[2013/05/18 21:24:33 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2013/05/18 20:39:10 | 000,816,128 | ---- | M] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2013/05/17 19:13:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/17 19:13:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/17 19:07:34 | 000,294,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/17 18:11:03 | 000,672,251 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 2b.jpg
[2013/05/17 18:07:53 | 000,543,030 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 2a.jpg
[2013/05/17 18:06:06 | 000,443,201 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 1.jpg
[2013/05/15 16:55:34 | 000,651,519 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 2b.jpg
[2013/05/15 16:54:48 | 000,558,542 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 2a.jpg
[2013/05/15 16:53:21 | 000,462,441 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 1.jpg
[2013/05/14 20:26:09 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\tdsskiller.exe
[2013/05/14 19:28:10 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/13 22:14:35 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/11 17:50:20 | 000,567,015 | ---- | M] () -- C:\Users\Paul\Documents\roller job 2b.jpg
[2013/05/11 17:49:37 | 000,417,994 | ---- | M] () -- C:\Users\Paul\Documents\roller job 1.jpg
[2013/05/11 17:48:52 | 000,489,323 | ---- | M] () -- C:\Users\Paul\Documents\roller job 2a.jpg
[2013/05/08 22:18:56 | 000,000,188 | ---- | M] () -- C:\Users\Paul\Desktop\craigslist tri-cities, TN classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2013/05/01 13:39:22 | 000,534,269 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 2b.jpg
[2013/05/01 13:38:28 | 000,459,623 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 2a.jpg
[2013/05/01 13:37:34 | 000,452,518 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 1.jpg
[2013/04/27 18:22:27 | 000,462,182 | ---- | M] () -- C:\Users\Paul\Documents\roller, barbara tile estimate.jpg
[2013/04/24 17:54:33 | 000,650,784 | ---- | M] () -- C:\Users\Paul\Documents\wood job 2b.jpg
[2013/04/24 17:52:16 | 000,587,097 | ---- | M] () -- C:\Users\Paul\Documents\wood job 2a.jpg
[2013/04/24 17:50:46 | 000,416,678 | ---- | M] () -- C:\Users\Paul\Documents\wood job 1.jpg
[2013/04/22 18:49:42 | 000,000,210 | ---- | M] () -- C:\Users\Paul\Desktop\MapQuest Maps - Driving Directions - Map.url
[2013/04/21 21:25:25 | 000,572,364 | ---- | M] () -- C:\Users\Paul\Documents\fulmar job 2b.jpg
[2013/04/21 21:23:50 | 000,518,360 | ---- | M] () -- C:\Users\Paul\Documents\fulmar job 2a.jpg
[2013/04/21 21:22:00 | 000,426,616 | ---- | M] () -- C:\Users\Paul\Documents\fulmer job 1.jpg
[2013/04/20 21:04:29 | 000,442,414 | ---- | M] () -- C:\Users\Paul\Documents\beyersdorf project list.jpg
[2013/04/20 20:59:33 | 000,468,594 | ---- | M] () -- C:\Users\Paul\Documents\beyersdorf job revised 4-20-2013.jpg

========== Files Created - No Company Name ==========

[2013/05/19 00:27:58 | 012,917,756 | ---- | C] () -- C:\Users\Paul\Desktop\mbar-1.05.0.1001.zip
[2013/05/18 20:39:10 | 000,816,128 | ---- | C] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2013/05/17 18:11:02 | 000,672,251 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 2b.jpg
[2013/05/17 18:07:53 | 000,543,030 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 2a.jpg
[2013/05/17 18:06:06 | 000,443,201 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 1.jpg
[2013/05/15 16:55:34 | 000,651,519 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 2b.jpg
[2013/05/15 16:54:48 | 000,558,542 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 2a.jpg
[2013/05/15 16:53:21 | 000,462,441 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 1.jpg
[2013/05/14 19:28:10 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/13 22:14:35 | 000,000,009 | ---- | C] () -- C:\END
[2013/05/11 17:50:20 | 000,567,015 | ---- | C] () -- C:\Users\Paul\Documents\roller job 2b.jpg
[2013/05/11 17:49:37 | 000,417,994 | ---- | C] () -- C:\Users\Paul\Documents\roller job 1.jpg
[2013/05/11 17:48:52 | 000,489,323 | ---- | C] () -- C:\Users\Paul\Documents\roller job 2a.jpg
[2013/05/08 22:18:56 | 000,000,188 | ---- | C] () -- C:\Users\Paul\Desktop\craigslist tri-cities, TN classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2013/05/01 13:39:22 | 000,534,269 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 2b.jpg
[2013/05/01 13:38:28 | 000,459,623 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 2a.jpg
[2013/05/01 13:37:34 | 000,452,518 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 1.jpg
[2013/04/27 18:22:27 | 000,462,182 | ---- | C] () -- C:\Users\Paul\Documents\roller, barbara tile estimate.jpg
[2013/04/24 17:54:33 | 000,650,784 | ---- | C] () -- C:\Users\Paul\Documents\wood job 2b.jpg
[2013/04/24 17:52:16 | 000,587,097 | ---- | C] () -- C:\Users\Paul\Documents\wood job 2a.jpg
[2013/04/24 17:50:45 | 000,416,678 | ---- | C] () -- C:\Users\Paul\Documents\wood job 1.jpg
[2013/04/21 21:25:25 | 000,572,364 | ---- | C] () -- C:\Users\Paul\Documents\fulmar job 2b.jpg
[2013/04/21 21:23:49 | 000,518,360 | ---- | C] () -- C:\Users\Paul\Documents\fulmar job 2a.jpg
[2013/04/21 21:22:00 | 000,426,616 | ---- | C] () -- C:\Users\Paul\Documents\fulmer job 1.jpg
[2013/04/20 21:04:29 | 000,442,414 | ---- | C] () -- C:\Users\Paul\Documents\beyersdorf project list.jpg
[2013/04/20 18:38:11 | 000,468,594 | ---- | C] () -- C:\Users\Paul\Documents\beyersdorf job revised 4-20-2013.jpg
[2013/01/17 04:49:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/01/17 04:49:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/01/17 04:49:14 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2013/01/16 12:13:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/18 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FixZeroAccess
[2013/01/16 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Phel
Posted 19 May 2013 - 01:15 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, PaulP and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, wait for a while now, currently I'm analyzing your logs. Please note, that my answers could come with a slight delay, because they are checked by my teacher.
  • 0

#3
Phel
Posted 19 May 2013 - 05:35 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey, fix is here!

Please, follow these steps:

Trojan.0access and Rootkit.0Access.NRX


How did you know that you are infected certainly with this infection? Have antvirus scanner showed your warning abut this or anything else?

Step 1. TDSSKiller scan.

Please download the latest version of TDSSKiller from here and save it to your Desktop.
Reboot your computer to Safe Mode now (Press F8 key while computer is starting). When it's finished, follow these steps:
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Now boot your computer to the normal mode.

Step 2. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. OTL fix.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2013/05/13 22:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/05/13 22:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/05/13 22:13:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Conduit

:Commands
[REBOOT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

So, please, don't forget to post in your next message:

  • OTL log
  • TDSSKiller log
  • AdwCleaner log

  • 0

#4
PaulP
Posted 19 May 2013 - 12:57 PM

PaulP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
mbam is the one who said Trojan.0access and Rootkit.0Access.NRX

TDSS fails near RDPWD.sys. The condition is BSOD. Here is the last line of the log:
21:01:32.0745 4040 [ CE6D27958651F3FC30B1EE4B8E4115DC ] RDPWD C:\Windows\system32\drivers\RDPWD.sys


12:16:35.0029 1712 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:16:35.0575 1712 ============================================================
12:16:35.0575 1712 Current date / time: 2013/05/19 12:16:35.0575
12:16:35.0575 1712 SystemInfo:
12:16:35.0575 1712
12:16:35.0575 1712 OS Version: 6.1.7601 ServicePack: 1.0
12:16:35.0575 1712 Product type: Workstation
12:16:35.0575 1712 ComputerName: PAUL-PC
12:16:35.0575 1712 UserName: Paul
12:16:35.0575 1712 Windows directory: C:\Windows
12:16:35.0575 1712 System windows directory: C:\Windows
12:16:35.0575 1712 Processor architecture: Intel x86
12:16:35.0575 1712 Number of processors: 1
12:16:35.0575 1712 Page size: 0x1000
12:16:35.0575 1712 Boot type: Normal boot
12:16:35.0575 1712 ============================================================
12:16:39.0148 1712 BG loaded
12:16:39.0540 1712 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:16:39.0540 1712 ============================================================
12:16:39.0540 1712 \Device\Harddisk0\DR0:
12:16:39.0550 1712 MBR partitions:
12:16:39.0550 1712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:16:39.0550 1712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
12:16:39.0550 1712 ============================================================
12:16:39.0610 1712 C: <-> \Device\Harddisk0\DR0\Partition2
12:16:39.0610 1712 ============================================================
12:16:39.0610 1712 Initialize success
12:16:39.0610 1712 ============================================================
12:16:49.0733 2436 ============================================================
12:16:49.0733 2436 Scan started
12:16:49.0733 2436 Mode: Manual; SigCheck; TDLFS;
12:16:49.0733 2436 ============================================================
12:16:51.0527 2436 ================ Scan system memory ========================
12:16:51.0527 2436 System memory - ok
12:16:51.0527 2436 ================ Scan services =============================
12:16:51.0808 2436 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:16:58.0173 2436 1394ohci - ok
12:16:58.0251 2436 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:16:58.0266 2436 ACPI - ok
12:16:58.0329 2436 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:16:58.0391 2436 AcpiPmi - ok
12:16:58.0563 2436 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:16:58.0578 2436 AdobeARMservice - ok
12:16:58.0672 2436 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:16:58.0687 2436 AdobeFlashPlayerUpdateSvc - ok
12:16:58.0734 2436 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:16:58.0765 2436 adp94xx - ok
12:16:58.0812 2436 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:16:58.0843 2436 adpahci - ok
12:16:58.0875 2436 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:16:58.0906 2436 adpu320 - ok
12:16:58.0937 2436 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:16:59.0093 2436 AeLookupSvc - ok
12:16:59.0202 2436 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
12:16:59.0280 2436 AFD - ok
12:16:59.0327 2436 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
12:16:59.0343 2436 agp440 - ok
12:16:59.0389 2436 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:16:59.0405 2436 aic78xx - ok
12:16:59.0483 2436 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
12:16:59.0545 2436 ALG - ok
12:16:59.0577 2436 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
12:16:59.0608 2436 aliide - ok
12:16:59.0655 2436 [ 1C775E8EE2CE07E765C3A403E8573782 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:16:59.0717 2436 AMD External Events Utility - ok
12:16:59.0748 2436 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:16:59.0764 2436 amdagp - ok
12:16:59.0779 2436 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
12:16:59.0795 2436 amdide - ok
12:16:59.0842 2436 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:16:59.0873 2436 AmdK8 - ok
12:17:00.0185 2436 [ F76623CE6B541717728F8A9797E23C7E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:00.0294 2436 amdkmdag - ok
12:17:00.0341 2436 [ 8679F2006DE04882C07A43DDC74A1D0B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:17:00.0403 2436 amdkmdap - ok
12:17:00.0450 2436 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:17:00.0513 2436 AmdPPM - ok
12:17:00.0575 2436 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:17:00.0606 2436 amdsata - ok
12:17:00.0669 2436 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:17:00.0700 2436 amdsbs - ok
12:17:00.0731 2436 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:17:00.0747 2436 amdxata - ok
12:17:00.0778 2436 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
12:17:00.0856 2436 AppID - ok
12:17:00.0887 2436 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:17:00.0918 2436 AppIDSvc - ok
12:17:00.0981 2436 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
12:17:01.0043 2436 Appinfo - ok
12:17:01.0090 2436 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
12:17:01.0105 2436 arc - ok
12:17:01.0137 2436 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:17:01.0152 2436 arcsas - ok
12:17:01.0168 2436 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:17:01.0339 2436 AsyncMac - ok
12:17:01.0371 2436 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
12:17:01.0386 2436 atapi - ok
12:17:01.0495 2436 [ CFE432E8EEACBCEA3DBF53EA76978A65 ] athr C:\Windows\system32\DRIVERS\athr.sys
12:17:01.0589 2436 athr - ok
12:17:01.0776 2436 [ F76623CE6B541717728F8A9797E23C7E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:17:01.0854 2436 atikmdag - ok
12:17:01.0932 2436 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:17:02.0026 2436 AudioEndpointBuilder - ok
12:17:02.0119 2436 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:17:02.0166 2436 Audiosrv - ok
12:17:02.0197 2436 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:17:02.0307 2436 AxInstSV - ok
12:17:02.0353 2436 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
12:17:02.0416 2436 b06bdrv - ok
12:17:02.0478 2436 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
12:17:02.0525 2436 b57nd60x - ok
12:17:02.0603 2436 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
12:17:02.0665 2436 BDESVC - ok
12:17:02.0697 2436 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
12:17:02.0821 2436 Beep - ok
12:17:02.0884 2436 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
12:17:02.0931 2436 BFE - ok
12:17:02.0993 2436 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
12:17:03.0040 2436 BITS - ok
12:17:03.0071 2436 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:17:03.0102 2436 blbdrive - ok
12:17:03.0133 2436 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:17:03.0165 2436 bowser - ok
12:17:03.0196 2436 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:17:03.0258 2436 BrFiltLo - ok
12:17:03.0274 2436 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:17:03.0321 2436 BrFiltUp - ok
12:17:03.0352 2436 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
12:17:03.0430 2436 Browser - ok
12:17:03.0445 2436 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:17:03.0508 2436 Brserid - ok
12:17:03.0523 2436 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:17:03.0555 2436 BrSerWdm - ok
12:17:03.0586 2436 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:17:03.0648 2436 BrUsbMdm - ok
12:17:03.0648 2436 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:17:03.0679 2436 BrUsbSer - ok
12:17:03.0695 2436 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:17:03.0726 2436 BTHMODEM - ok
12:17:03.0789 2436 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
12:17:03.0867 2436 bthserv - ok
12:17:03.0898 2436 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:17:03.0945 2436 cdfs - ok
12:17:04.0007 2436 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:17:04.0054 2436 cdrom - ok
12:17:04.0116 2436 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
12:17:04.0179 2436 CertPropSvc - ok
12:17:04.0257 2436 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
12:17:04.0303 2436 circlass - ok
12:17:04.0366 2436 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
12:17:04.0397 2436 CLFS - ok
12:17:04.0475 2436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:04.0506 2436 clr_optimization_v2.0.50727_32 - ok
12:17:04.0631 2436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:04.0693 2436 clr_optimization_v4.0.30319_32 - ok
12:17:04.0740 2436 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:17:04.0771 2436 CmBatt - ok
12:17:04.0834 2436 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:17:04.0849 2436 cmdide - ok
12:17:04.0896 2436 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
12:17:04.0927 2436 CNG - ok
12:17:04.0943 2436 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:17:04.0959 2436 Compbatt - ok
12:17:04.0990 2436 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:17:05.0037 2436 CompositeBus - ok
12:17:05.0068 2436 COMSysApp - ok
12:17:05.0115 2436 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:17:05.0130 2436 crcdisk - ok
12:17:05.0177 2436 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:17:05.0239 2436 CryptSvc - ok
12:17:05.0302 2436 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
12:17:05.0380 2436 DcomLaunch - ok
12:17:05.0427 2436 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
12:17:05.0473 2436 defragsvc - ok
12:17:05.0505 2436 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:17:05.0551 2436 DfsC - ok
12:17:05.0645 2436 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
12:17:05.0707 2436 Dhcp - ok
12:17:05.0739 2436 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
12:17:05.0770 2436 discache - ok
12:17:05.0817 2436 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
12:17:05.0832 2436 Disk - ok
12:17:05.0895 2436 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:17:05.0973 2436 Dnscache - ok
12:17:06.0019 2436 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
12:17:06.0066 2436 dot3svc - ok
12:17:06.0097 2436 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
12:17:06.0144 2436 DPS - ok
12:17:06.0207 2436 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:17:06.0253 2436 drmkaud - ok
12:17:06.0441 2436 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:17:06.0487 2436 DXGKrnl - ok
12:17:06.0519 2436 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
12:17:06.0597 2436 EapHost - ok
12:17:06.0706 2436 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
12:17:06.0815 2436 ebdrv - ok
12:17:06.0862 2436 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
12:17:06.0940 2436 EFS - ok
12:17:07.0018 2436 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:17:07.0065 2436 ehRecvr - ok
12:17:07.0080 2436 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
12:17:07.0111 2436 ehSched - ok
12:17:07.0174 2436 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:17:07.0189 2436 elxstor - ok
12:17:07.0205 2436 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:17:07.0252 2436 ErrDev - ok
12:17:07.0345 2436 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
12:17:07.0408 2436 EventSystem - ok
12:17:07.0439 2436 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
12:17:07.0470 2436 exfat - ok
12:17:07.0501 2436 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:17:07.0548 2436 fastfat - ok
12:17:07.0611 2436 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
12:17:07.0689 2436 Fax - ok
12:17:07.0704 2436 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
12:17:07.0735 2436 fdc - ok
12:17:07.0767 2436 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
12:17:07.0829 2436 fdPHost - ok
12:17:07.0860 2436 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
12:17:07.0876 2436 FDResPub - ok
12:17:07.0907 2436 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:17:07.0923 2436 FileInfo - ok
12:17:07.0954 2436 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:17:08.0032 2436 Filetrace - ok
12:17:08.0063 2436 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:17:08.0094 2436 flpydisk - ok
12:17:08.0141 2436 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:17:08.0172 2436 FltMgr - ok
12:17:08.0250 2436 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
12:17:08.0313 2436 FontCache - ok
12:17:08.0375 2436 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:17:08.0391 2436 FontCache3.0.0.0 - ok
12:17:08.0406 2436 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:17:08.0422 2436 FsDepends - ok
12:17:08.0453 2436 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:17:08.0469 2436 Fs_Rec - ok
12:17:08.0500 2436 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:17:08.0515 2436 fvevol - ok
12:17:08.0547 2436 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:17:08.0562 2436 gagp30kx - ok
12:17:08.0609 2436 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
12:17:08.0671 2436 gpsvc - ok
12:17:08.0718 2436 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:17:08.0765 2436 hcw85cir - ok
12:17:08.0843 2436 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:17:08.0968 2436 HdAudAddService - ok
12:17:09.0030 2436 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:17:09.0202 2436 HDAudBus - ok
12:17:09.0233 2436 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:17:09.0264 2436 HidBatt - ok
12:17:09.0280 2436 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:17:09.0327 2436 HidBth - ok
12:17:09.0358 2436 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:17:09.0389 2436 HidIr - ok
12:17:09.0436 2436 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
12:17:09.0467 2436 hidserv - ok
12:17:09.0514 2436 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:17:09.0545 2436 HidUsb - ok
12:17:09.0592 2436 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:17:09.0607 2436 hkmsvc - ok
12:17:09.0763 2436 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:17:09.0810 2436 HomeGroupListener - ok
12:17:09.0841 2436 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:17:09.0873 2436 HomeGroupProvider - ok
12:17:09.0904 2436 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:17:09.0904 2436 HpSAMD - ok
12:17:09.0951 2436 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:17:09.0982 2436 HTTP - ok
12:17:09.0997 2436 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:17:10.0013 2436 hwpolicy - ok
12:17:10.0044 2436 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:17:10.0075 2436 i8042prt - ok
12:17:10.0138 2436 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:17:10.0185 2436 iaStorV - ok
12:17:10.0387 2436 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:17:10.0434 2436 idsvc - ok
12:17:10.0481 2436 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:17:10.0497 2436 iirsp - ok
12:17:10.0528 2436 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
12:17:10.0590 2436 IKEEXT - ok
12:17:10.0621 2436 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
12:17:10.0637 2436 intelide - ok
12:17:10.0684 2436 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
12:17:10.0715 2436 intelppm - ok
12:17:10.0777 2436 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:17:10.0809 2436 IPBusEnum - ok
12:17:10.0824 2436 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:17:10.0871 2436 IpFilterDriver - ok
12:17:10.0933 2436 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:17:11.0011 2436 iphlpsvc - ok
12:17:11.0043 2436 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:17:11.0058 2436 IPMIDRV - ok
12:17:11.0089 2436 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:17:11.0167 2436 IPNAT - ok
12:17:11.0199 2436 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:17:11.0230 2436 IRENUM - ok
12:17:11.0261 2436 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:17:11.0277 2436 isapnp - ok
12:17:11.0292 2436 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:17:11.0308 2436 iScsiPrt - ok
12:17:11.0355 2436 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:17:11.0355 2436 kbdclass - ok
12:17:11.0433 2436 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:17:11.0464 2436 kbdhid - ok
12:17:11.0495 2436 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
12:17:11.0511 2436 KeyIso - ok
12:17:11.0557 2436 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:17:11.0589 2436 KSecDD - ok
12:17:11.0620 2436 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:17:11.0635 2436 KSecPkg - ok
12:17:11.0682 2436 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
12:17:11.0745 2436 KtmRm - ok
12:17:11.0807 2436 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
12:17:11.0854 2436 LanmanServer - ok
12:17:11.0901 2436 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:17:11.0947 2436 LanmanWorkstation - ok
12:17:12.0010 2436 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:17:12.0072 2436 lltdio - ok
12:17:12.0119 2436 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:17:12.0135 2436 lltdsvc - ok
12:17:12.0166 2436 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
12:17:12.0197 2436 lmhosts - ok
12:17:12.0244 2436 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:17:12.0259 2436 LSI_FC - ok
12:17:12.0291 2436 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:17:12.0306 2436 LSI_SAS - ok
12:17:12.0353 2436 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:17:12.0369 2436 LSI_SAS2 - ok
12:17:12.0384 2436 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:17:12.0400 2436 LSI_SCSI - ok
12:17:12.0415 2436 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
12:17:12.0462 2436 luafv - ok
12:17:12.0493 2436 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:17:12.0509 2436 Mcx2Svc - ok
12:17:12.0540 2436 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
12:17:12.0556 2436 megasas - ok
12:17:12.0587 2436 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:17:12.0603 2436 MegaSR - ok
12:17:12.0634 2436 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
12:17:12.0681 2436 MMCSS - ok
12:17:12.0727 2436 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
12:17:12.0790 2436 Modem - ok
12:17:12.0837 2436 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:17:12.0868 2436 monitor - ok
12:17:12.0899 2436 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:17:12.0915 2436 mouclass - ok
12:17:12.0946 2436 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:17:12.0977 2436 mouhid - ok
12:17:12.0993 2436 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:17:13.0008 2436 mountmgr - ok
12:17:13.0024 2436 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
12:17:13.0039 2436 mpio - ok
12:17:13.0055 2436 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:17:13.0102 2436 mpsdrv - ok
12:17:13.0180 2436 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:17:13.0273 2436 MpsSvc - ok
12:17:13.0305 2436 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:17:13.0320 2436 MRxDAV - ok
12:17:13.0351 2436 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:17:13.0383 2436 mrxsmb - ok
12:17:13.0414 2436 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:17:13.0445 2436 mrxsmb10 - ok
12:17:13.0476 2436 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:17:13.0507 2436 mrxsmb20 - ok
12:17:13.0539 2436 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
12:17:13.0570 2436 msahci - ok
12:17:13.0585 2436 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:17:13.0601 2436 msdsm - ok
12:17:13.0632 2436 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
12:17:13.0679 2436 MSDTC - ok
12:17:13.0726 2436 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:17:13.0757 2436 Msfs - ok
12:17:13.0804 2436 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:17:13.0819 2436 mshidkmdf - ok
12:17:13.0835 2436 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:17:13.0851 2436 msisadrv - ok
12:17:13.0897 2436 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:17:13.0960 2436 MSiSCSI - ok
12:17:13.0960 2436 msiserver - ok
12:17:14.0022 2436 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:17:14.0053 2436 MSKSSRV - ok
12:17:14.0116 2436 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:17:14.0194 2436 MSPCLOCK - ok
12:17:14.0194 2436 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:17:14.0241 2436 MSPQM - ok
12:17:14.0303 2436 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:17:14.0334 2436 MsRPC - ok
12:17:14.0365 2436 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:17:14.0381 2436 mssmbios - ok
12:17:14.0428 2436 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:17:14.0490 2436 MSTEE - ok
12:17:14.0506 2436 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:17:14.0553 2436 MTConfig - ok
12:17:14.0584 2436 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
12:17:14.0599 2436 Mup - ok
12:17:14.0646 2436 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
12:17:14.0693 2436 napagent - ok
12:17:14.0755 2436 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:17:14.0771 2436 NativeWifiP - ok
12:17:14.0802 2436 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:17:14.0833 2436 NDIS - ok
12:17:14.0865 2436 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:17:14.0927 2436 NdisCap - ok
12:17:14.0974 2436 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:17:15.0005 2436 NdisTapi - ok
12:17:15.0067 2436 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:17:15.0130 2436 Ndisuio - ok
12:17:15.0161 2436 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:17:15.0192 2436 NdisWan - ok
12:17:15.0239 2436 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:17:15.0255 2436 NDProxy - ok
12:17:15.0301 2436 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:17:15.0379 2436 NetBIOS - ok
12:17:15.0426 2436 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:17:15.0442 2436 NetBT - ok
12:17:15.0457 2436 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
12:17:15.0473 2436 Netlogon - ok
12:17:15.0520 2436 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
12:17:15.0551 2436 Netman - ok
12:17:15.0567 2436 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
12:17:15.0613 2436 netprofm - ok
12:17:15.0660 2436 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:15.0691 2436 NetTcpPortSharing - ok
12:17:15.0738 2436 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:17:15.0754 2436 nfrd960 - ok
12:17:15.0785 2436 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
12:17:15.0816 2436 NlaSvc - ok
12:17:15.0847 2436 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:17:15.0879 2436 Npfs - ok
12:17:15.0910 2436 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
12:17:16.0003 2436 nsi - ok
12:17:16.0035 2436 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:17:16.0081 2436 nsiproxy - ok
12:17:16.0191 2436 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:17:16.0237 2436 Ntfs - ok
12:17:16.0269 2436 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
12:17:16.0347 2436 Null - ok
12:17:16.0362 2436 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:17:16.0393 2436 nvraid - ok
12:17:16.0425 2436 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:17:16.0440 2436 nvstor - ok
12:17:16.0456 2436 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:17:16.0471 2436 nv_agp - ok
12:17:16.0487 2436 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:17:16.0518 2436 ohci1394 - ok
12:17:16.0565 2436 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:17:16.0643 2436 p2pimsvc - ok
12:17:16.0690 2436 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
12:17:16.0705 2436 p2psvc - ok
12:17:16.0737 2436 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
12:17:16.0768 2436 Parport - ok
12:17:16.0830 2436 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:17:16.0830 2436 partmgr - ok
12:17:16.0861 2436 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:17:16.0877 2436 Parvdm - ok
12:17:16.0924 2436 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:17:16.0939 2436 PcaSvc - ok
12:17:16.0955 2436 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
12:17:16.0971 2436 pci - ok
12:17:17.0002 2436 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
12:17:17.0017 2436 pciide - ok
12:17:17.0033 2436 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:17:17.0049 2436 pcmcia - ok
12:17:17.0064 2436 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
12:17:17.0080 2436 pcw - ok
12:17:17.0111 2436 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:17:17.0173 2436 PEAUTH - ok
12:17:17.0251 2436 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
12:17:17.0392 2436 pla - ok
12:17:17.0439 2436 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:17:17.0485 2436 PlugPlay - ok
12:17:17.0517 2436 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:17:17.0548 2436 PNRPAutoReg - ok
12:17:17.0579 2436 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:17:17.0579 2436 PNRPsvc - ok
12:17:17.0673 2436 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:17:17.0751 2436 PolicyAgent - ok
12:17:17.0797 2436 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
12:17:17.0829 2436 Power - ok
12:17:17.0875 2436 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:17:17.0922 2436 PptpMiniport - ok
12:17:17.0953 2436 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
12:17:18.0000 2436 Processor - ok
12:17:18.0063 2436 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
12:17:18.0156 2436 ProfSvc - ok
12:17:18.0172 2436 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:17:18.0187 2436 ProtectedStorage - ok
12:17:18.0219 2436 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:17:18.0250 2436 Psched - ok
12:17:18.0297 2436 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:17:18.0359 2436 ql2300 - ok
12:17:18.0375 2436 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:17:18.0390 2436 ql40xx - ok
12:17:18.0437 2436 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
12:17:18.0484 2436 QWAVE - ok
12:17:18.0515 2436 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:17:18.0531 2436 QWAVEdrv - ok
12:17:18.0577 2436 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:17:18.0655 2436 RasAcd - ok
12:17:18.0702 2436 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:17:18.0780 2436 RasAgileVpn - ok
12:17:18.0843 2436 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
12:17:18.0921 2436 RasAuto - ok
12:17:18.0952 2436 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:17:18.0999 2436 Rasl2tp - ok
12:17:19.0061 2436 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
12:17:19.0108 2436 RasMan - ok
12:17:19.0155 2436 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:17:19.0186 2436 RasPppoe - ok
12:17:19.0233 2436 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:17:19.0279 2436 RasSstp - ok
12:17:19.0342 2436 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:17:19.0420 2436 rdbss - ok
12:17:19.0435 2436 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:17:19.0451 2436 rdpbus - ok
12:17:19.0482 2436 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:17:19.0545 2436 RDPCDD - ok
12:17:19.0576 2436 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:17:19.0623 2436 RDPENCDD - ok
12:17:19.0654 2436 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:17:19.0685 2436 RDPREFMP - ok
12:17:19.0747 2436 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:17:19.0825 2436 RdpVideoMiniport - ok
12:17:26.0128 2436 [ CE6D27958651F3FC30B1EE4B8E4115DC ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

Edited by PaulP, 19 May 2013 - 01:04 PM.

  • 0

#5
PaulP
Posted 19 May 2013 - 02:43 PM

PaulP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I know you don't want me running tools and changing things, but I just tried avast scanner and it shows rdpwd is locked.

before I came here i tried mbam and mbar, and roguekiller, and tdsskiller and they all hung up the system (not responding), or BSOD...

this is why I wanted help, because I am lost with this.

I saw a youtube vid about roguekiller succeeding here(rogukiller vs zeroaccess), but it was in french so I can follow all of it.

what do you think?
  • 0

#6
Phel
Posted 20 May 2013 - 01:16 PM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey,

what do you think?


Try to follow next steps, maybe they will show us the truth. :) Your case seems to be really unusual. Talking about tools, I'm just using programs, whose are able to remove ZeroAccess rootkit. Success doesn't depend on the count of tools. Usually that's enough to use one tool to get rid of this nasty infection.

mbam is the one who said Trojan.0access and Rootkit.0Access.NRX


Can you please view MBAM logs and say what files were detected under this infection name?

What about AdwCleaner and OTL logs?

Please, follow these steps:

Step 1. aswMBR scan.

  • Double click the aswMBR.exe file on your Desktop to run it.

    Posted Image
  • Click the [Scan] button to start scan.

    Posted Image
  • On completion of the scan click [Save log], save it to your desktop and post in your next reply.

Step 2. Virustotal scan.

  • Please, upload the file C:\Windows\system32\drivers\RDPWD.sys to VirusTotal.
  • If File already analysed window will appear, click on Reanalyse button.
  • When scan will be finished, post the link to result (you can copy it from address bar in your browser) in your next message.

So, please, don't forget to post in your next message:

  • aswMBR log
  • Link to scan results
  • Logs from the previous message

  • 0

#7
PaulP
Posted 20 May 2013 - 02:24 PM

PaulP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
mbam says:
Files Detected: 4
C:\Users\Paul\AppData\Local\Temp\9E3C.tmp (Trojan.Agent.FSA46) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$588d38112f58e2cf5210e760d13f84b6\n (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3058810797-1579176631-7905616-1000\$R9EE119F2 (Rootkit.0Access.NRX) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3058810797-1579176631-7905616-1000\$588d38112f58e2cf5210e760d13f84b6\n (Trojan.0Access) -> No action taken.






19:02:59.0481 2356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:03:00.0760 2356 ============================================================
19:03:00.0760 2356 Current date / time: 2013/05/19 19:03:00.0760
19:03:00.0760 2356 SystemInfo:
19:03:00.0760 2356
19:03:00.0760 2356 OS Version: 6.1.7601 ServicePack: 1.0
19:03:00.0760 2356 Product type: Workstation
19:03:00.0760 2356 ComputerName: PAUL-PC
19:03:00.0760 2356 UserName: Paul
19:03:00.0760 2356 Windows directory: C:\Windows
19:03:00.0760 2356 System windows directory: C:\Windows
19:03:00.0760 2356 Processor architecture: Intel x86
19:03:00.0760 2356 Number of processors: 1
19:03:00.0760 2356 Page size: 0x1000
19:03:00.0760 2356 Boot type: Normal boot
19:03:00.0760 2356 ============================================================
19:03:02.0742 2356 BG loaded
19:03:03.0958 2356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:03:03.0958 2356 ============================================================
19:03:03.0958 2356 \Device\Harddisk0\DR0:
19:03:03.0974 2356 MBR partitions:
19:03:03.0974 2356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:03:03.0974 2356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
19:03:03.0974 2356 ============================================================
19:03:04.0504 2356 C: <-> \Device\Harddisk0\DR0\Partition2
19:03:04.0504 2356 ============================================================
19:03:04.0504 2356 Initialize success
19:03:04.0504 2356 ============================================================
19:03:15.0790 3336 ============================================================
19:03:15.0790 3336 Scan started
19:03:15.0790 3336 Mode: Manual; SigCheck; TDLFS;
19:03:15.0790 3336 ============================================================
19:03:17.0053 3336 ================ Scan system memory ========================
19:03:17.0053 3336 System memory - ok
19:03:17.0053 3336 ================ Scan services =============================
19:03:17.0303 3336 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:03:17.0396 3336 1394ohci - ok
19:03:17.0428 3336 19525566 - ok
19:03:17.0443 3336 28378293 - ok
19:03:17.0474 3336 45020668 - ok
19:03:17.0521 3336 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:03:17.0537 3336 ACPI - ok
19:03:17.0599 3336 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:03:17.0677 3336 AcpiPmi - ok
19:03:17.0771 3336 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:17.0786 3336 AdobeARMservice - ok
19:03:17.0833 3336 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:03:17.0849 3336 adp94xx - ok
19:03:17.0927 3336 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:03:17.0942 3336 adpahci - ok
19:03:17.0958 3336 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:03:17.0974 3336 adpu320 - ok
19:03:18.0020 3336 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:18.0161 3336 AeLookupSvc - ok
19:03:18.0208 3336 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:03:18.0286 3336 AFD - ok
19:03:18.0317 3336 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:03:18.0332 3336 agp440 - ok
19:03:18.0364 3336 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:03:18.0379 3336 aic78xx - ok
19:03:18.0426 3336 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:03:18.0488 3336 ALG - ok
19:03:18.0520 3336 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:03:18.0535 3336 aliide - ok
19:03:18.0582 3336 [ 1C775E8EE2CE07E765C3A403E8573782 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:18.0629 3336 AMD External Events Utility - ok
19:03:18.0660 3336 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:03:18.0676 3336 amdagp - ok
19:03:18.0707 3336 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:03:18.0707 3336 amdide - ok
19:03:18.0738 3336 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:03:18.0769 3336 AmdK8 - ok
19:03:18.0956 3336 [ F76623CE6B541717728F8A9797E23C7E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:19.0050 3336 amdkmdag - ok
19:03:19.0097 3336 [ 8679F2006DE04882C07A43DDC74A1D0B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:03:19.0144 3336 amdkmdap - ok
19:03:19.0190 3336 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:03:19.0206 3336 AmdPPM - ok
19:03:19.0268 3336 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:03:19.0284 3336 amdsata - ok
19:03:19.0331 3336 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:03:19.0331 3336 amdsbs - ok
19:03:19.0362 3336 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:03:19.0362 3336 amdxata - ok
19:03:19.0409 3336 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:19.0456 3336 AppID - ok
19:03:19.0487 3336 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:19.0534 3336 AppIDSvc - ok
19:03:19.0596 3336 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:03:19.0658 3336 Appinfo - ok
19:03:19.0721 3336 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
19:03:19.0736 3336 arc - ok
19:03:19.0752 3336 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:03:19.0768 3336 arcsas - ok
19:03:19.0799 3336 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:19.0924 3336 AsyncMac - ok
19:03:19.0970 3336 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:03:19.0970 3336 atapi - ok
19:03:20.0064 3336 [ CFE432E8EEACBCEA3DBF53EA76978A65 ] athr C:\Windows\system32\DRIVERS\athr.sys
19:03:20.0142 3336 athr - ok
19:03:20.0298 3336 [ F76623CE6B541717728F8A9797E23C7E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:20.0376 3336 atikmdag - ok
19:03:20.0438 3336 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:20.0485 3336 AudioEndpointBuilder - ok
19:03:20.0516 3336 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:03:20.0548 3336 Audiosrv - ok
19:03:20.0579 3336 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:20.0626 3336 AxInstSV - ok
19:03:20.0688 3336 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
19:03:20.0750 3336 b06bdrv - ok
19:03:20.0797 3336 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:03:20.0844 3336 b57nd60x - ok
19:03:20.0922 3336 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:20.0984 3336 BDESVC - ok
19:03:21.0016 3336 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:21.0062 3336 Beep - ok
19:03:21.0125 3336 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:03:21.0187 3336 BFE - ok
19:03:21.0234 3336 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:03:21.0265 3336 BITS - ok
19:03:21.0281 3336 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:21.0312 3336 blbdrive - ok
19:03:21.0343 3336 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:21.0390 3336 bowser - ok
19:03:21.0421 3336 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:03:21.0452 3336 BrFiltLo - ok
19:03:21.0484 3336 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:03:21.0515 3336 BrFiltUp - ok
19:03:21.0562 3336 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:03:21.0608 3336 BridgeMP - ok
19:03:21.0655 3336 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:03:21.0718 3336 Browser - ok
19:03:21.0749 3336 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:21.0827 3336 Brserid - ok
19:03:21.0842 3336 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:21.0874 3336 BrSerWdm - ok
19:03:21.0905 3336 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:21.0936 3336 BrUsbMdm - ok
19:03:21.0936 3336 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:21.0967 3336 BrUsbSer - ok
19:03:21.0998 3336 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:03:22.0030 3336 BTHMODEM - ok
19:03:22.0076 3336 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:03:22.0123 3336 bthserv - ok
19:03:22.0232 3336 catchme - ok
19:03:22.0248 3336 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:22.0295 3336 cdfs - ok
19:03:22.0357 3336 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:03:22.0404 3336 cdrom - ok
19:03:22.0466 3336 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:22.0498 3336 CertPropSvc - ok
19:03:22.0529 3336 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
19:03:22.0560 3336 circlass - ok
19:03:22.0591 3336 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:03:22.0607 3336 CLFS - ok
19:03:22.0685 3336 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:22.0700 3336 clr_optimization_v2.0.50727_32 - ok
19:03:22.0810 3336 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:22.0856 3336 clr_optimization_v4.0.30319_32 - ok
19:03:22.0888 3336 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:22.0919 3336 CmBatt - ok
19:03:22.0966 3336 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:03:22.0966 3336 cmdide - ok
19:03:23.0059 3336 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:23.0090 3336 CNG - ok
19:03:23.0122 3336 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:03:23.0137 3336 Compbatt - ok
19:03:23.0168 3336 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:03:23.0231 3336 CompositeBus - ok
19:03:23.0262 3336 COMSysApp - ok
19:03:23.0278 3336 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:03:23.0293 3336 crcdisk - ok
19:03:23.0356 3336 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:23.0402 3336 CryptSvc - ok
19:03:23.0465 3336 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:23.0512 3336 DcomLaunch - ok
19:03:23.0558 3336 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:23.0605 3336 defragsvc - ok
19:03:23.0652 3336 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:23.0714 3336 DfsC - ok
19:03:23.0761 3336 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:23.0824 3336 Dhcp - ok
19:03:23.0839 3336 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:03:23.0886 3336 discache - ok
19:03:23.0933 3336 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
19:03:23.0933 3336 Disk - ok
19:03:23.0980 3336 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:24.0042 3336 Dnscache - ok
19:03:24.0058 3336 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:24.0120 3336 dot3svc - ok
19:03:24.0151 3336 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:03:24.0198 3336 DPS - ok
19:03:24.0245 3336 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:24.0276 3336 drmkaud - ok
19:03:24.0338 3336 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:24.0354 3336 DXGKrnl - ok
19:03:24.0385 3336 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:03:24.0448 3336 EapHost - ok
19:03:24.0557 3336 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
19:03:24.0666 3336 ebdrv - ok
19:03:24.0697 3336 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:03:24.0760 3336 EFS - ok
19:03:24.0838 3336 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:24.0900 3336 ehRecvr - ok
19:03:24.0931 3336 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:03:24.0962 3336 ehSched - ok
19:03:25.0025 3336 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:03:25.0040 3336 elxstor - ok
19:03:25.0056 3336 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:03:25.0103 3336 ErrDev - ok
19:03:25.0165 3336 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:03:25.0212 3336 EventSystem - ok
19:03:25.0243 3336 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:25.0274 3336 exfat - ok
19:03:25.0306 3336 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:26.0273 3336 fastfat - ok
19:03:26.0335 3336 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:03:26.0476 3336 Fax - ok
19:03:26.0507 3336 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
19:03:26.0522 3336 fdc - ok
19:03:26.0538 3336 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:26.0585 3336 fdPHost - ok
19:03:26.0616 3336 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:26.0647 3336 FDResPub - ok
19:03:26.0663 3336 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:26.0678 3336 FileInfo - ok
19:03:26.0694 3336 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:26.0819 3336 Filetrace - ok
19:03:26.0850 3336 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:03:26.0881 3336 flpydisk - ok
19:03:26.0912 3336 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:26.0928 3336 FltMgr - ok
19:03:26.0990 3336 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
19:03:27.0053 3336 FontCache - ok
19:03:27.0115 3336 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:03:27.0131 3336 FontCache3.0.0.0 - ok
19:03:27.0146 3336 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:27.0162 3336 FsDepends - ok
19:03:27.0193 3336 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:27.0209 3336 Fs_Rec - ok
19:03:27.0256 3336 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:27.0271 3336 fvevol - ok
19:03:27.0302 3336 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:03:27.0318 3336 gagp30kx - ok
19:03:27.0365 3336 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:27.0412 3336 gpsvc - ok
19:03:27.0443 3336 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:27.0458 3336 hcw85cir - ok
19:03:27.0521 3336 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:27.0552 3336 HdAudAddService - ok
19:03:27.0599 3336 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:27.0630 3336 HDAudBus - ok
19:03:27.0661 3336 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:03:27.0692 3336 HidBatt - ok
19:03:27.0724 3336 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:03:27.0755 3336 HidBth - ok
19:03:27.0786 3336 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:03:27.0817 3336 HidIr - ok
19:03:27.0864 3336 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:03:27.0911 3336 hidserv - ok
19:03:27.0942 3336 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:03:27.0973 3336 HidUsb - ok
19:03:28.0020 3336 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:03:28.0036 3336 hkmsvc - ok
19:03:28.0067 3336 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:28.0114 3336 HomeGroupListener - ok
19:03:28.0145 3336 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:28.0176 3336 HomeGroupProvider - ok
19:03:28.0207 3336 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:03:28.0223 3336 HpSAMD - ok
19:03:28.0254 3336 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:03:28.0285 3336 HTTP - ok
19:03:28.0301 3336 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:03:28.0316 3336 hwpolicy - ok
19:03:28.0363 3336 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:28.0394 3336 i8042prt - ok
19:03:28.0457 3336 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:03:28.0472 3336 iaStorV - ok
19:03:28.0519 3336 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:03:28.0566 3336 idsvc - ok
19:03:28.0582 3336 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:03:28.0597 3336 iirsp - ok
19:03:28.0644 3336 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:03:28.0691 3336 IKEEXT - ok
19:03:28.0722 3336 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:03:28.0738 3336 intelide - ok
19:03:28.0784 3336 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:03:28.0816 3336 intelppm - ok
19:03:28.0862 3336 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:03:28.0894 3336 IPBusEnum - ok
19:03:28.0940 3336 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:28.0987 3336 IpFilterDriver - ok
19:03:29.0050 3336 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:03:29.0096 3336 iphlpsvc - ok
19:03:29.0128 3336 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:03:29.0143 3336 IPMIDRV - ok
19:03:29.0174 3336 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:03:29.0221 3336 IPNAT - ok
19:03:29.0252 3336 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:03:29.0284 3336 IRENUM - ok
19:03:29.0315 3336 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:03:29.0330 3336 isapnp - ok
19:03:29.0346 3336 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:03:29.0362 3336 iScsiPrt - ok
19:03:29.0408 3336 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:29.0408 3336 kbdclass - ok
19:03:29.0455 3336 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:03:29.0486 3336 kbdhid - ok
19:03:29.0518 3336 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:03:29.0518 3336 KeyIso - ok
19:03:29.0564 3336 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:03:29.0564 3336 KSecDD - ok
19:03:29.0611 3336 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:03:29.0627 3336 KSecPkg - ok
19:03:29.0658 3336 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:03:29.0705 3336 KtmRm - ok
19:03:29.0767 3336 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:03:29.0798 3336 LanmanServer - ok
19:03:29.0845 3336 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:29.0861 3336 LanmanWorkstation - ok
19:03:29.0908 3336 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:03:29.0954 3336 lltdio - ok
19:03:29.0986 3336 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:03:30.0017 3336 lltdsvc - ok
19:03:30.0032 3336 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:03:30.0079 3336 lmhosts - ok
19:03:30.0126 3336 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:03:30.0126 3336 LSI_FC - ok
19:03:30.0173 3336 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:03:30.0173 3336 LSI_SAS - ok
19:03:30.0204 3336 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:03:30.0220 3336 LSI_SAS2 - ok
19:03:30.0235 3336 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:03:30.0251 3336 LSI_SCSI - ok
19:03:30.0266 3336 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:03:30.0313 3336 luafv - ok
19:03:30.0360 3336 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:03:30.0376 3336 Mcx2Svc - ok
19:03:30.0391 3336 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
19:03:30.0407 3336 megasas - ok
19:03:30.0438 3336 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:03:30.0454 3336 MegaSR - ok
19:03:30.0485 3336 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:03:30.0516 3336 MMCSS - ok
19:03:30.0563 3336 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:03:30.0594 3336 Modem - ok
19:03:30.0641 3336 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:03:30.0672 3336 monitor - ok
19:03:30.0703 3336 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:03:30.0703 3336 mouclass - ok
19:03:30.0734 3336 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:03:30.0766 3336 mouhid - ok
19:03:30.0797 3336 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:03:30.0797 3336 mountmgr - ok
19:03:30.0828 3336 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:03:30.0844 3336 mpio - ok
19:03:30.0859 3336 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:03:30.0906 3336 mpsdrv - ok
19:03:30.0953 3336 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:03:31.0015 3336 MpsSvc - ok
19:03:31.0031 3336 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:03:31.0046 3336 MRxDAV - ok
19:03:31.0093 3336 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:31.0124 3336 mrxsmb - ok
19:03:31.0140 3336 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:31.0156 3336 mrxsmb10 - ok
19:03:31.0171 3336 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:31.0202 3336 mrxsmb20 - ok
19:03:31.0249 3336 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:03:31.0265 3336 msahci - ok
19:03:31.0280 3336 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:03:31.0296 3336 msdsm - ok
19:03:31.0327 3336 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:03:31.0358 3336 MSDTC - ok
19:03:31.0421 3336 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:03:31.0436 3336 Msfs - ok
19:03:31.0468 3336 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:03:31.0499 3336 mshidkmdf - ok
19:03:31.0514 3336 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:03:31.0530 3336 msisadrv - ok
19:03:31.0577 3336 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:03:31.0624 3336 MSiSCSI - ok
19:03:31.0639 3336 msiserver - ok
19:03:31.0686 3336 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:03:31.0702 3336 MSKSSRV - ok
19:03:31.0748 3336 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:31.0795 3336 MSPCLOCK - ok
19:03:31.0811 3336 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:03:31.0842 3336 MSPQM - ok
19:03:31.0889 3336 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:03:31.0904 3336 MsRPC - ok
19:03:31.0920 3336 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:03:31.0936 3336 mssmbios - ok
19:03:31.0982 3336 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:03:32.0014 3336 MSTEE - ok
19:03:32.0014 3336 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:03:32.0045 3336 MTConfig - ok
19:03:32.0076 3336 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:03:32.0092 3336 Mup - ok
19:03:32.0123 3336 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:03:32.0170 3336 napagent - ok
19:03:32.0232 3336 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:03:32.0248 3336 NativeWifiP - ok
19:03:32.0279 3336 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:03:32.0310 3336 NDIS - ok
19:03:32.0341 3336 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:32.0404 3336 NdisCap - ok
19:03:32.0450 3336 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:32.0497 3336 NdisTapi - ok
19:03:32.0544 3336 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:32.0575 3336 Ndisuio - ok
19:03:32.0606 3336 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:32.0653 3336 NdisWan - ok
19:03:32.0700 3336 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:03:32.0716 3336 NDProxy - ok
19:03:32.0778 3336 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:03:32.0809 3336 NetBIOS - ok
19:03:32.0856 3336 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:03:32.0872 3336 NetBT - ok
19:03:32.0887 3336 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:03:32.0903 3336 Netlogon - ok
19:03:32.0934 3336 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:03:32.0965 3336 Netman - ok
19:03:32.0981 3336 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:03:33.0028 3336 netprofm - ok
19:03:33.0074 3336 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:33.0074 3336 NetTcpPortSharing - ok
19:03:33.0121 3336 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:03:33.0121 3336 nfrd960 - ok
19:03:33.0168 3336 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:03:33.0199 3336 NlaSvc - ok
19:03:33.0215 3336 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:03:33.0262 3336 Npfs - ok
19:03:33.0277 3336 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:03:33.0464 3336 nsi - ok
19:03:33.0496 3336 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:03:33.0542 3336 nsiproxy - ok
19:03:33.0620 3336 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:03:33.0667 3336 Ntfs - ok
19:03:33.0698 3336 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:03:33.0776 3336 Null - ok
19:03:33.0792 3336 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:03:33.0823 3336 nvraid - ok
19:03:33.0901 3336 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:03:33.0917 3336 nvstor - ok
19:03:33.0948 3336 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:03:33.0964 3336 nv_agp - ok
19:03:33.0979 3336 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:03:34.0010 3336 ohci1394 - ok
19:03:34.0057 3336 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:03:34.0104 3336 p2pimsvc - ok
19:03:34.0135 3336 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:03:34.0151 3336 p2psvc - ok
19:03:34.0166 3336 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
19:03:34.0182 3336 Parport - ok
19:03:34.0213 3336 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:03:34.0229 3336 partmgr - ok
19:03:34.0244 3336 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:03:34.0291 3336 Parvdm - ok
19:03:34.0322 3336 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:03:34.0338 3336 PcaSvc - ok
19:03:34.0354 3336 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:03:34.0369 3336 pci - ok
19:03:34.0400 3336 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:03:34.0400 3336 pciide - ok
19:03:34.0432 3336 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:03:34.0447 3336 pcmcia - ok
19:03:34.0463 3336 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:03:34.0463 3336 pcw - ok
19:03:34.0494 3336 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:03:34.0556 3336 PEAUTH - ok
19:03:34.0900 3336 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:03:34.0993 3336 pla - ok
19:03:35.0102 3336 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:03:35.0180 3336 PlugPlay - ok
19:03:35.0227 3336 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:03:35.0274 3336 PNRPAutoReg - ok
19:03:35.0352 3336 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:03:35.0352 3336 PNRPsvc - ok
19:03:35.0461 3336 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:03:35.0508 3336 PolicyAgent - ok
19:03:35.0555 3336 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:03:35.0570 3336 Power - ok
19:03:35.0680 3336 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:03:35.0726 3336 PptpMiniport - ok
19:03:35.0758 3336 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
19:03:35.0789 3336 Processor - ok
19:03:35.0898 3336 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:03:35.0960 3336 ProfSvc - ok
19:03:35.0992 3336 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:36.0007 3336 ProtectedStorage - ok
19:03:36.0085 3336 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:03:36.0132 3336 Psched - ok
19:03:36.0428 3336 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:03:36.0460 3336 ql2300 - ok
19:03:36.0491 3336 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:03:36.0506 3336 ql40xx - ok
19:03:36.0569 3336 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:03:36.0616 3336 QWAVE - ok
19:03:36.0631 3336 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:03:36.0647 3336 QWAVEdrv - ok
19:03:36.0709 3336 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:03:36.0787 3336 RasAcd - ok
19:03:36.0850 3336 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:36.0896 3336 RasAgileVpn - ok
19:03:36.0959 3336 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:03:37.0037 3336 RasAuto - ok
19:03:37.0068 3336 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:37.0162 3336 Rasl2tp - ok
19:03:37.0208 3336 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:03:37.0536 3336 RasMan - ok
19:03:37.0583 3336 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:37.0614 3336 RasPppoe - ok
19:03:37.0661 3336 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:03:37.0723 3336 RasSstp - ok
19:03:37.0801 3336 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:03:37.0848 3336 rdbss - ok
19:03:37.0895 3336 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:03:37.0910 3336 rdpbus - ok
19:03:37.0942 3336 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:37.0988 3336 RDPCDD - ok
19:03:38.0098 3336 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:03:38.0160 3336 RDPENCDD - ok
19:03:38.0207 3336 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:03:38.0254 3336 RDPREFMP - ok
19:03:38.0363 3336 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:03:38.0425 3336 RdpVideoMiniport - ok
19:03:44.0774 3336 [ CE6D27958651F3FC30B1EE4B8E4115DC ] RDPWD C:\Windows\system32\drivers\RDPWD.sys












# AdwCleaner v2.301 - Logfile created 05/19/2013 at 12:47:25
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Paul - PAUL-PC
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Paul\AppData\Local\Conduit
Folder Found : C:\Users\Paul\AppData\LocalLow\Conduit
Folder Found : C:\Users\Paul\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3268935
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3267 octets] - [19/05/2013 12:47:25]

########## EOF - C:\AdwCleaner[R1].txt - [3327 octets] ##########










OTL logfile created on: 5/20/2013 3:27:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 71.37% Memory free
3.49 Gb Paging File | 2.78 Gb Available in Paging File | 79.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 217.35 Gb Free Space | 93.37% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/19 01:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/20 02:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/09/20 02:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/01/16 12:21:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/20 02:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Paul\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (45020668)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (28378293)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (19525566)
DRV - [2013/05/20 12:37:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/20 10:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/09/20 03:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/09/20 03:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/09/20 02:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 C7 A8 6D 05 51 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8F910C72-9FC6-4BC0-9E6A-A3B8FC80EFF3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8F910C72-9FC6-4BC0-9E6A-A3B8FC80EFF3}: "URL" = http://search.yahoo....rtPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE8D3E41-98DC-45B7-BAFA-5907AE84A843}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/20 12:37:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/19 17:13:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/19 15:00:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/19 13:36:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/19 13:35:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/19 13:05:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/19 13:05:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/19 13:05:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/19 13:05:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/19 13:04:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/19 13:03:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/19 12:46:10 | 005,067,577 | R--- | C] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2013/05/19 12:43:43 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Paul\Desktop\JRT.exe
[2013/05/19 01:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/05/19 00:28:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\mbar-1.05.0.1001
[2013/05/18 21:23:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2013/05/18 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\FixZeroAccess
[2013/05/18 20:40:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\RK_Quarantine
[2013/05/14 20:26:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\iexplore.exe
[2013/05/14 19:29:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2013/05/14 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/14 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/14 19:28:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/14 19:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/14 19:15:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/09 22:02:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2013/05/20 15:23:56 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 15:23:56 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 15:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/20 15:16:30 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/20 12:37:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/20 10:59:41 | 224,360,058 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/20 08:56:44 | 000,377,856 | ---- | M] () -- C:\Users\Paul\Desktop\pxrowdgm.exe
[2013/05/19 16:33:09 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Desktop\MBR.dat
[2013/05/19 12:46:10 | 005,067,577 | R--- | M] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2013/05/19 12:43:43 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Paul\Desktop\JRT.exe
[2013/05/19 12:42:33 | 000,632,031 | ---- | M] () -- C:\Users\Paul\Desktop\adwcleaner.exe
[2013/05/19 01:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/05/18 21:24:33 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2013/05/18 20:39:10 | 000,816,128 | ---- | M] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2013/05/17 19:13:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/17 19:13:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/17 19:07:34 | 000,294,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/17 18:11:03 | 000,672,251 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 2b.jpg
[2013/05/17 18:07:53 | 000,543,030 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 2a.jpg
[2013/05/17 18:06:06 | 000,443,201 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 1.jpg
[2013/05/15 16:55:34 | 000,651,519 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 2b.jpg
[2013/05/15 16:54:48 | 000,558,542 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 2a.jpg
[2013/05/15 16:53:21 | 000,462,441 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 1.jpg
[2013/05/14 20:26:09 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\iexplore.exe
[2013/05/14 19:28:10 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/11 17:50:20 | 000,567,015 | ---- | M] () -- C:\Users\Paul\Documents\roller job 2b.jpg
[2013/05/11 17:49:37 | 000,417,994 | ---- | M] () -- C:\Users\Paul\Documents\roller job 1.jpg
[2013/05/11 17:48:52 | 000,489,323 | ---- | M] () -- C:\Users\Paul\Documents\roller job 2a.jpg
[2013/05/08 22:18:56 | 000,000,188 | ---- | M] () -- C:\Users\Paul\Desktop\craigslist tri-cities, TN classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2013/05/01 13:39:22 | 000,534,269 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 2b.jpg
[2013/05/01 13:38:28 | 000,459,623 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 2a.jpg
[2013/05/01 13:37:34 | 000,452,518 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 1.jpg
[2013/04/27 18:22:27 | 000,462,182 | ---- | M] () -- C:\Users\Paul\Documents\roller, barbara tile estimate.jpg
[2013/04/24 17:54:33 | 000,650,784 | ---- | M] () -- C:\Users\Paul\Documents\wood job 2b.jpg
[2013/04/24 17:52:16 | 000,587,097 | ---- | M] () -- C:\Users\Paul\Documents\wood job 2a.jpg
[2013/04/24 17:50:46 | 000,416,678 | ---- | M] () -- C:\Users\Paul\Documents\wood job 1.jpg
[2013/04/22 18:49:42 | 000,000,210 | ---- | M] () -- C:\Users\Paul\Desktop\MapQuest Maps - Driving Directions - Map.url
[2013/04/21 21:25:25 | 000,572,364 | ---- | M] () -- C:\Users\Paul\Documents\fulmar job 2b.jpg
[2013/04/21 21:23:50 | 000,518,360 | ---- | M] () -- C:\Users\Paul\Documents\fulmar job 2a.jpg
[2013/04/21 21:22:00 | 000,426,616 | ---- | M] () -- C:\Users\Paul\Documents\fulmer job 1.jpg
[2013/04/20 21:04:29 | 000,442,414 | ---- | M] () -- C:\Users\Paul\Documents\beyersdorf project list.jpg
[2013/04/20 20:59:33 | 000,468,594 | ---- | M] () -- C:\Users\Paul\Documents\beyersdorf job revised 4-20-2013.jpg

========== Files Created - No Company Name ==========

[2013/05/20 08:56:44 | 000,377,856 | ---- | C] () -- C:\Users\Paul\Desktop\pxrowdgm.exe
[2013/05/19 16:33:09 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Desktop\MBR.dat
[2013/05/19 13:05:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/19 13:05:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/19 13:05:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/19 13:05:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/19 13:05:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/19 12:42:32 | 000,632,031 | ---- | C] () -- C:\Users\Paul\Desktop\adwcleaner.exe
[2013/05/18 20:39:10 | 000,816,128 | ---- | C] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2013/05/17 18:11:02 | 000,672,251 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 2b.jpg
[2013/05/17 18:07:53 | 000,543,030 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 2a.jpg
[2013/05/17 18:06:06 | 000,443,201 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 1.jpg
[2013/05/15 16:55:34 | 000,651,519 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 2b.jpg
[2013/05/15 16:54:48 | 000,558,542 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 2a.jpg
[2013/05/15 16:53:21 | 000,462,441 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 1.jpg
[2013/05/14 19:28:10 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/11 17:50:20 | 000,567,015 | ---- | C] () -- C:\Users\Paul\Documents\roller job 2b.jpg
[2013/05/11 17:49:37 | 000,417,994 | ---- | C] () -- C:\Users\Paul\Documents\roller job 1.jpg
[2013/05/11 17:48:52 | 000,489,323 | ---- | C] () -- C:\Users\Paul\Documents\roller job 2a.jpg
[2013/05/08 22:18:56 | 000,000,188 | ---- | C] () -- C:\Users\Paul\Desktop\craigslist tri-cities, TN classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2013/05/01 13:39:22 | 000,534,269 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 2b.jpg
[2013/05/01 13:38:28 | 000,459,623 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 2a.jpg
[2013/05/01 13:37:34 | 000,452,518 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 1.jpg
[2013/04/27 18:22:27 | 000,462,182 | ---- | C] () -- C:\Users\Paul\Documents\roller, barbara tile estimate.jpg
[2013/04/24 17:54:33 | 000,650,784 | ---- | C] () -- C:\Users\Paul\Documents\wood job 2b.jpg
[2013/04/24 17:52:16 | 000,587,097 | ---- | C] () -- C:\Users\Paul\Documents\wood job 2a.jpg
[2013/04/24 17:50:45 | 000,416,678 | ---- | C] () -- C:\Users\Paul\Documents\wood job 1.jpg
[2013/04/21 21:25:25 | 000,572,364 | ---- | C] () -- C:\Users\Paul\Documents\fulmar job 2b.jpg
[2013/04/21 21:23:49 | 000,518,360 | ---- | C] () -- C:\Users\Paul\Documents\fulmar job 2a.jpg
[2013/04/21 21:22:00 | 000,426,616 | ---- | C] () -- C:\Users\Paul\Documents\fulmer job 1.jpg
[2013/04/20 21:04:29 | 000,442,414 | ---- | C] () -- C:\Users\Paul\Documents\beyersdorf project list.jpg
[2013/04/20 18:38:11 | 000,468,594 | ---- | C] () -- C:\Users\Paul\Documents\beyersdorf job revised 4-20-2013.jpg
[2013/01/17 04:49:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/01/17 04:49:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/01/17 04:49:14 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2013/01/16 12:13:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/05/18 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FixZeroAccess
[2013/01/16 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org

========== Purity Check ==========



< End of report >












aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-19 16:08:35
-----------------------------
16:08:35.207 OS Version: Windows 6.1.7601 Service Pack 1
16:08:35.207 Number of processors: 1 586 0x603
16:08:35.207 ComputerName: PAUL-PC UserName: Paul
16:08:36.112 Initialize success
16:10:21.287 AVAST engine defs: 13051900
16:11:08.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:11:08.446 Disk 0 Vendor: WDC_WD2500BEVT-60A23T0 02.01A02 Size: 238475MB BusType: 11
16:11:08.586 Disk 0 MBR read successfully
16:11:08.586 Disk 0 MBR scan
16:11:08.602 Disk 0 Windows 7 default MBR code
16:11:08.618 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:11:08.633 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
16:11:08.633 Disk 0 scanning sectors +488394752
16:11:08.820 Disk 0 scanning C:\Windows\system32\drivers
16:11:59.068 Service scanning
16:13:45.382 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
16:13:58.517 Modules scanning
16:14:19.655 Disk 0 trace - called modules:
16:14:20.186 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
16:14:20.201 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85490030]
16:14:20.217 3 CLASSPNP.SYS[8819d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85005908]
16:14:21.169 AVAST engine scan C:\Windows
16:14:24.382 AVAST engine scan C:\Windows\system32
16:16:35.360 AVAST engine scan C:\Windows\system32\drivers
16:17:28.712 AVAST engine scan C:\Users\Paul
16:31:57.540 AVAST engine scan C:\ProgramData
16:32:16.681 Scan finished successfully
16:33:09.222 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
16:33:09.238 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"



I am not able to do TotalVirus.. I also tried from safe mode but it did not work either, it ended with fatal exception.

thanks Phel.
  • 0

#8
Phel
Posted 21 May 2013 - 09:38 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts

am not able to do TotalVirus


Is it showing anything or just simply going to BSOD?

Please, follow these steps:

Step 1. Copying RDPWD.sys file.

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
I would like to get a suspicious file uploaded for analysis:
  • Firstly we'll use GMER to save the file to your desktop and render it harmless
  • Open the gmer folder and double click gmer.exe to run the program
  • On starting GMER will run a short scan, allow it to complete this.

Posted Image

  • Click on the > > > tab to open the menus

Posted Image

  • Click on the Files tab

Posted Image


  • On the left hand side, Navigate to C:\Windows\system32\drivers

Posted Image


  • Now on the right hand side, locate the file RDPWD.sys (Note: It may help to check the Only Hidden check box on the right)
  • After selecting the file, click the Copy button

Posted Image

  • In the Save As dialog, click on the Desktop button to ensure the file is saved there

Posted Image

  • In the File Name box, type in RDPWD.sys.vir (Note: The filename should have .vir at the end so as to render it harmless)

Step 2. Virustotal scan.

  • Please, upload the file C:\Users\Paul\Desktop\RDPWD.sys.vir to VirusTotal.
  • If File already analysed window will appear, click on Reanalyse button.
  • When scan will be finished, post the link to result (you can copy it from address bar in your browser) in your next message.

Step 3. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.

After reboot:

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Search button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.

So, please, don't forget to post in your next message:

  • AdwCleaner log
  • VT link

  • 0

#9
PaulP
Posted 21 May 2013 - 12:09 PM

PaulP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Is it showing anything or just simply going to BSOD?

it was still not doing anything after 2 hours.. still trying to upload. like thread lock or something.. like 100% cpu usage.

anyway, I did it this time and here is the link, I guess that file is fine:
https://www.virustot...sis/1369158664/








# AdwCleaner v2.301 - Logfile created 05/21/2013 at 13:58:28
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Paul - PAUL-PC
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3396 octets] - [19/05/2013 12:47:25]
AdwCleaner[R2].txt - [632 octets] - [21/05/2013 13:58:28]

########## EOF - C:\AdwCleaner[R2].txt - [810 octets] ##########
  • 0

#10
PaulP
Posted 21 May 2013 - 05:35 PM

PaulP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
oh wow...

looking good.

just ran chk disc.

100's of cases of bad sectors (repaied though).

very nice though.
  • 0

#11
Phel
Posted 24 May 2013 - 10:20 AM

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Sorry for delay, I had some troubles with my internet connection, so I hadn't any ability to inform you.

How your computer is running now?

Please, follow these steps:

  • Doubleclick on TDSSKiller.exe on your Desktop to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#12
PaulP
Posted 25 May 2013 - 10:18 AM

PaulP

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you Phel, it is not a problem I understand things happen and we all have issues.

In fact, I have been out of town since yesterday too. And I will still be out of town for 1 week.

I do think the main problem with this has been the "bad sector" issue, and I would guess that the rest of this will go very smoothly.

I will finish the instructions in one week and let you know what happens.

thanks again Phel!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP