mbam says:
Files Detected: 4
C:\Users\Paul\AppData\Local\Temp\9E3C.tmp (Trojan.Agent.FSA46) -> No action taken.
C:\$Recycle.Bin\S-1-5-18\$588d38112f58e2cf5210e760d13f84b6\n (Trojan.0Access) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3058810797-1579176631-7905616-1000\$R9EE119F2 (Rootkit.0Access.NRX) -> No action taken.
C:\$Recycle.Bin\S-1-5-21-3058810797-1579176631-7905616-1000\$588d38112f58e2cf5210e760d13f84b6\n (Trojan.0Access) -> No action taken.
19:02:59.0481 2356 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:03:00.0760 2356 ============================================================
19:03:00.0760 2356 Current date / time: 2013/05/19 19:03:00.0760
19:03:00.0760 2356 SystemInfo:
19:03:00.0760 2356
19:03:00.0760 2356 OS Version: 6.1.7601 ServicePack: 1.0
19:03:00.0760 2356 Product type: Workstation
19:03:00.0760 2356 ComputerName: PAUL-PC
19:03:00.0760 2356 UserName: Paul
19:03:00.0760 2356 Windows directory: C:\Windows
19:03:00.0760 2356 System windows directory: C:\Windows
19:03:00.0760 2356 Processor architecture: Intel x86
19:03:00.0760 2356 Number of processors: 1
19:03:00.0760 2356 Page size: 0x1000
19:03:00.0760 2356 Boot type: Normal boot
19:03:00.0760 2356 ============================================================
19:03:02.0742 2356 BG loaded
19:03:03.0958 2356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:03:03.0958 2356 ============================================================
19:03:03.0958 2356 \Device\Harddisk0\DR0:
19:03:03.0974 2356 MBR partitions:
19:03:03.0974 2356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:03:03.0974 2356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
19:03:03.0974 2356 ============================================================
19:03:04.0504 2356 C: <-> \Device\Harddisk0\DR0\Partition2
19:03:04.0504 2356 ============================================================
19:03:04.0504 2356 Initialize success
19:03:04.0504 2356 ============================================================
19:03:15.0790 3336 ============================================================
19:03:15.0790 3336 Scan started
19:03:15.0790 3336 Mode: Manual; SigCheck; TDLFS;
19:03:15.0790 3336 ============================================================
19:03:17.0053 3336 ================ Scan system memory ========================
19:03:17.0053 3336 System memory - ok
19:03:17.0053 3336 ================ Scan services =============================
19:03:17.0303 3336 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:03:17.0396 3336 1394ohci - ok
19:03:17.0428 3336 19525566 - ok
19:03:17.0443 3336 28378293 - ok
19:03:17.0474 3336 45020668 - ok
19:03:17.0521 3336 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:03:17.0537 3336 ACPI - ok
19:03:17.0599 3336 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:03:17.0677 3336 AcpiPmi - ok
19:03:17.0771 3336 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:03:17.0786 3336 AdobeARMservice - ok
19:03:17.0833 3336 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:03:17.0849 3336 adp94xx - ok
19:03:17.0927 3336 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:03:17.0942 3336 adpahci - ok
19:03:17.0958 3336 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:03:17.0974 3336 adpu320 - ok
19:03:18.0020 3336 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:03:18.0161 3336 AeLookupSvc - ok
19:03:18.0208 3336 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:03:18.0286 3336 AFD - ok
19:03:18.0317 3336 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:03:18.0332 3336 agp440 - ok
19:03:18.0364 3336 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:03:18.0379 3336 aic78xx - ok
19:03:18.0426 3336 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:03:18.0488 3336 ALG - ok
19:03:18.0520 3336 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:03:18.0535 3336 aliide - ok
19:03:18.0582 3336 [ 1C775E8EE2CE07E765C3A403E8573782 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:03:18.0629 3336 AMD External Events Utility - ok
19:03:18.0660 3336 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:03:18.0676 3336 amdagp - ok
19:03:18.0707 3336 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:03:18.0707 3336 amdide - ok
19:03:18.0738 3336 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:03:18.0769 3336 AmdK8 - ok
19:03:18.0956 3336 [ F76623CE6B541717728F8A9797E23C7E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:19.0050 3336 amdkmdag - ok
19:03:19.0097 3336 [ 8679F2006DE04882C07A43DDC74A1D0B ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:03:19.0144 3336 amdkmdap - ok
19:03:19.0190 3336 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:03:19.0206 3336 AmdPPM - ok
19:03:19.0268 3336 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:03:19.0284 3336 amdsata - ok
19:03:19.0331 3336 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:03:19.0331 3336 amdsbs - ok
19:03:19.0362 3336 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:03:19.0362 3336 amdxata - ok
19:03:19.0409 3336 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:03:19.0456 3336 AppID - ok
19:03:19.0487 3336 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:03:19.0534 3336 AppIDSvc - ok
19:03:19.0596 3336 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
19:03:19.0658 3336 Appinfo - ok
19:03:19.0721 3336 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
19:03:19.0736 3336 arc - ok
19:03:19.0752 3336 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:03:19.0768 3336 arcsas - ok
19:03:19.0799 3336 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:03:19.0924 3336 AsyncMac - ok
19:03:19.0970 3336 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:03:19.0970 3336 atapi - ok
19:03:20.0064 3336 [ CFE432E8EEACBCEA3DBF53EA76978A65 ] athr C:\Windows\system32\DRIVERS\athr.sys
19:03:20.0142 3336 athr - ok
19:03:20.0298 3336 [ F76623CE6B541717728F8A9797E23C7E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:03:20.0376 3336 atikmdag - ok
19:03:20.0438 3336 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:03:20.0485 3336 AudioEndpointBuilder - ok
19:03:20.0516 3336 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:03:20.0548 3336 Audiosrv - ok
19:03:20.0579 3336 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:03:20.0626 3336 AxInstSV - ok
19:03:20.0688 3336 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
19:03:20.0750 3336 b06bdrv - ok
19:03:20.0797 3336 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:03:20.0844 3336 b57nd60x - ok
19:03:20.0922 3336 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:03:20.0984 3336 BDESVC - ok
19:03:21.0016 3336 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:03:21.0062 3336 Beep - ok
19:03:21.0125 3336 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:03:21.0187 3336 BFE - ok
19:03:21.0234 3336 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:03:21.0265 3336 BITS - ok
19:03:21.0281 3336 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:03:21.0312 3336 blbdrive - ok
19:03:21.0343 3336 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:03:21.0390 3336 bowser - ok
19:03:21.0421 3336 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:03:21.0452 3336 BrFiltLo - ok
19:03:21.0484 3336 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:03:21.0515 3336 BrFiltUp - ok
19:03:21.0562 3336 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:03:21.0608 3336 BridgeMP - ok
19:03:21.0655 3336 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:03:21.0718 3336 Browser - ok
19:03:21.0749 3336 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:03:21.0827 3336 Brserid - ok
19:03:21.0842 3336 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:03:21.0874 3336 BrSerWdm - ok
19:03:21.0905 3336 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:03:21.0936 3336 BrUsbMdm - ok
19:03:21.0936 3336 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:03:21.0967 3336 BrUsbSer - ok
19:03:21.0998 3336 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:03:22.0030 3336 BTHMODEM - ok
19:03:22.0076 3336 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:03:22.0123 3336 bthserv - ok
19:03:22.0232 3336 catchme - ok
19:03:22.0248 3336 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:03:22.0295 3336 cdfs - ok
19:03:22.0357 3336 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:03:22.0404 3336 cdrom - ok
19:03:22.0466 3336 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:03:22.0498 3336 CertPropSvc - ok
19:03:22.0529 3336 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
19:03:22.0560 3336 circlass - ok
19:03:22.0591 3336 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:03:22.0607 3336 CLFS - ok
19:03:22.0685 3336 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:03:22.0700 3336 clr_optimization_v2.0.50727_32 - ok
19:03:22.0810 3336 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:03:22.0856 3336 clr_optimization_v4.0.30319_32 - ok
19:03:22.0888 3336 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:03:22.0919 3336 CmBatt - ok
19:03:22.0966 3336 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:03:22.0966 3336 cmdide - ok
19:03:23.0059 3336 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
19:03:23.0090 3336 CNG - ok
19:03:23.0122 3336 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:03:23.0137 3336 Compbatt - ok
19:03:23.0168 3336 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:03:23.0231 3336 CompositeBus - ok
19:03:23.0262 3336 COMSysApp - ok
19:03:23.0278 3336 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:03:23.0293 3336 crcdisk - ok
19:03:23.0356 3336 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:03:23.0402 3336 CryptSvc - ok
19:03:23.0465 3336 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:03:23.0512 3336 DcomLaunch - ok
19:03:23.0558 3336 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:03:23.0605 3336 defragsvc - ok
19:03:23.0652 3336 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:03:23.0714 3336 DfsC - ok
19:03:23.0761 3336 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:03:23.0824 3336 Dhcp - ok
19:03:23.0839 3336 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:03:23.0886 3336 discache - ok
19:03:23.0933 3336 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
19:03:23.0933 3336 Disk - ok
19:03:23.0980 3336 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:03:24.0042 3336 Dnscache - ok
19:03:24.0058 3336 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:03:24.0120 3336 dot3svc - ok
19:03:24.0151 3336 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:03:24.0198 3336 DPS - ok
19:03:24.0245 3336 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:03:24.0276 3336 drmkaud - ok
19:03:24.0338 3336 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:03:24.0354 3336 DXGKrnl - ok
19:03:24.0385 3336 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:03:24.0448 3336 EapHost - ok
19:03:24.0557 3336 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
19:03:24.0666 3336 ebdrv - ok
19:03:24.0697 3336 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:03:24.0760 3336 EFS - ok
19:03:24.0838 3336 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:03:24.0900 3336 ehRecvr - ok
19:03:24.0931 3336 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:03:24.0962 3336 ehSched - ok
19:03:25.0025 3336 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:03:25.0040 3336 elxstor - ok
19:03:25.0056 3336 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:03:25.0103 3336 ErrDev - ok
19:03:25.0165 3336 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:03:25.0212 3336 EventSystem - ok
19:03:25.0243 3336 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:03:25.0274 3336 exfat - ok
19:03:25.0306 3336 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:03:26.0273 3336 fastfat - ok
19:03:26.0335 3336 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:03:26.0476 3336 Fax - ok
19:03:26.0507 3336 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
19:03:26.0522 3336 fdc - ok
19:03:26.0538 3336 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:03:26.0585 3336 fdPHost - ok
19:03:26.0616 3336 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:03:26.0647 3336 FDResPub - ok
19:03:26.0663 3336 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:03:26.0678 3336 FileInfo - ok
19:03:26.0694 3336 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:03:26.0819 3336 Filetrace - ok
19:03:26.0850 3336 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:03:26.0881 3336 flpydisk - ok
19:03:26.0912 3336 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:03:26.0928 3336 FltMgr - ok
19:03:26.0990 3336 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
19:03:27.0053 3336 FontCache - ok
19:03:27.0115 3336 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:03:27.0131 3336 FontCache3.0.0.0 - ok
19:03:27.0146 3336 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:03:27.0162 3336 FsDepends - ok
19:03:27.0193 3336 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:03:27.0209 3336 Fs_Rec - ok
19:03:27.0256 3336 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:03:27.0271 3336 fvevol - ok
19:03:27.0302 3336 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:03:27.0318 3336 gagp30kx - ok
19:03:27.0365 3336 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:03:27.0412 3336 gpsvc - ok
19:03:27.0443 3336 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:03:27.0458 3336 hcw85cir - ok
19:03:27.0521 3336 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:03:27.0552 3336 HdAudAddService - ok
19:03:27.0599 3336 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:03:27.0630 3336 HDAudBus - ok
19:03:27.0661 3336 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:03:27.0692 3336 HidBatt - ok
19:03:27.0724 3336 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:03:27.0755 3336 HidBth - ok
19:03:27.0786 3336 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:03:27.0817 3336 HidIr - ok
19:03:27.0864 3336 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:03:27.0911 3336 hidserv - ok
19:03:27.0942 3336 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:03:27.0973 3336 HidUsb - ok
19:03:28.0020 3336 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:03:28.0036 3336 hkmsvc - ok
19:03:28.0067 3336 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:03:28.0114 3336 HomeGroupListener - ok
19:03:28.0145 3336 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:03:28.0176 3336 HomeGroupProvider - ok
19:03:28.0207 3336 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:03:28.0223 3336 HpSAMD - ok
19:03:28.0254 3336 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:03:28.0285 3336 HTTP - ok
19:03:28.0301 3336 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:03:28.0316 3336 hwpolicy - ok
19:03:28.0363 3336 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:03:28.0394 3336 i8042prt - ok
19:03:28.0457 3336 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:03:28.0472 3336 iaStorV - ok
19:03:28.0519 3336 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:03:28.0566 3336 idsvc - ok
19:03:28.0582 3336 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:03:28.0597 3336 iirsp - ok
19:03:28.0644 3336 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:03:28.0691 3336 IKEEXT - ok
19:03:28.0722 3336 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:03:28.0738 3336 intelide - ok
19:03:28.0784 3336 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:03:28.0816 3336 intelppm - ok
19:03:28.0862 3336 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:03:28.0894 3336 IPBusEnum - ok
19:03:28.0940 3336 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:03:28.0987 3336 IpFilterDriver - ok
19:03:29.0050 3336 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:03:29.0096 3336 iphlpsvc - ok
19:03:29.0128 3336 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:03:29.0143 3336 IPMIDRV - ok
19:03:29.0174 3336 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:03:29.0221 3336 IPNAT - ok
19:03:29.0252 3336 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:03:29.0284 3336 IRENUM - ok
19:03:29.0315 3336 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:03:29.0330 3336 isapnp - ok
19:03:29.0346 3336 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:03:29.0362 3336 iScsiPrt - ok
19:03:29.0408 3336 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:03:29.0408 3336 kbdclass - ok
19:03:29.0455 3336 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:03:29.0486 3336 kbdhid - ok
19:03:29.0518 3336 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:03:29.0518 3336 KeyIso - ok
19:03:29.0564 3336 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:03:29.0564 3336 KSecDD - ok
19:03:29.0611 3336 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:03:29.0627 3336 KSecPkg - ok
19:03:29.0658 3336 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:03:29.0705 3336 KtmRm - ok
19:03:29.0767 3336 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:03:29.0798 3336 LanmanServer - ok
19:03:29.0845 3336 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:03:29.0861 3336 LanmanWorkstation - ok
19:03:29.0908 3336 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:03:29.0954 3336 lltdio - ok
19:03:29.0986 3336 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:03:30.0017 3336 lltdsvc - ok
19:03:30.0032 3336 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:03:30.0079 3336 lmhosts - ok
19:03:30.0126 3336 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:03:30.0126 3336 LSI_FC - ok
19:03:30.0173 3336 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:03:30.0173 3336 LSI_SAS - ok
19:03:30.0204 3336 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:03:30.0220 3336 LSI_SAS2 - ok
19:03:30.0235 3336 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:03:30.0251 3336 LSI_SCSI - ok
19:03:30.0266 3336 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:03:30.0313 3336 luafv - ok
19:03:30.0360 3336 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:03:30.0376 3336 Mcx2Svc - ok
19:03:30.0391 3336 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
19:03:30.0407 3336 megasas - ok
19:03:30.0438 3336 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:03:30.0454 3336 MegaSR - ok
19:03:30.0485 3336 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:03:30.0516 3336 MMCSS - ok
19:03:30.0563 3336 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:03:30.0594 3336 Modem - ok
19:03:30.0641 3336 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:03:30.0672 3336 monitor - ok
19:03:30.0703 3336 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:03:30.0703 3336 mouclass - ok
19:03:30.0734 3336 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:03:30.0766 3336 mouhid - ok
19:03:30.0797 3336 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:03:30.0797 3336 mountmgr - ok
19:03:30.0828 3336 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:03:30.0844 3336 mpio - ok
19:03:30.0859 3336 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:03:30.0906 3336 mpsdrv - ok
19:03:30.0953 3336 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:03:31.0015 3336 MpsSvc - ok
19:03:31.0031 3336 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:03:31.0046 3336 MRxDAV - ok
19:03:31.0093 3336 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:03:31.0124 3336 mrxsmb - ok
19:03:31.0140 3336 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:03:31.0156 3336 mrxsmb10 - ok
19:03:31.0171 3336 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:03:31.0202 3336 mrxsmb20 - ok
19:03:31.0249 3336 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:03:31.0265 3336 msahci - ok
19:03:31.0280 3336 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:03:31.0296 3336 msdsm - ok
19:03:31.0327 3336 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:03:31.0358 3336 MSDTC - ok
19:03:31.0421 3336 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:03:31.0436 3336 Msfs - ok
19:03:31.0468 3336 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:03:31.0499 3336 mshidkmdf - ok
19:03:31.0514 3336 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:03:31.0530 3336 msisadrv - ok
19:03:31.0577 3336 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:03:31.0624 3336 MSiSCSI - ok
19:03:31.0639 3336 msiserver - ok
19:03:31.0686 3336 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:03:31.0702 3336 MSKSSRV - ok
19:03:31.0748 3336 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:03:31.0795 3336 MSPCLOCK - ok
19:03:31.0811 3336 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:03:31.0842 3336 MSPQM - ok
19:03:31.0889 3336 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:03:31.0904 3336 MsRPC - ok
19:03:31.0920 3336 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:03:31.0936 3336 mssmbios - ok
19:03:31.0982 3336 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:03:32.0014 3336 MSTEE - ok
19:03:32.0014 3336 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:03:32.0045 3336 MTConfig - ok
19:03:32.0076 3336 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:03:32.0092 3336 Mup - ok
19:03:32.0123 3336 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:03:32.0170 3336 napagent - ok
19:03:32.0232 3336 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:03:32.0248 3336 NativeWifiP - ok
19:03:32.0279 3336 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:03:32.0310 3336 NDIS - ok
19:03:32.0341 3336 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:03:32.0404 3336 NdisCap - ok
19:03:32.0450 3336 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:03:32.0497 3336 NdisTapi - ok
19:03:32.0544 3336 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:03:32.0575 3336 Ndisuio - ok
19:03:32.0606 3336 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:03:32.0653 3336 NdisWan - ok
19:03:32.0700 3336 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:03:32.0716 3336 NDProxy - ok
19:03:32.0778 3336 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:03:32.0809 3336 NetBIOS - ok
19:03:32.0856 3336 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:03:32.0872 3336 NetBT - ok
19:03:32.0887 3336 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:03:32.0903 3336 Netlogon - ok
19:03:32.0934 3336 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:03:32.0965 3336 Netman - ok
19:03:32.0981 3336 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:03:33.0028 3336 netprofm - ok
19:03:33.0074 3336 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:03:33.0074 3336 NetTcpPortSharing - ok
19:03:33.0121 3336 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:03:33.0121 3336 nfrd960 - ok
19:03:33.0168 3336 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:03:33.0199 3336 NlaSvc - ok
19:03:33.0215 3336 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:03:33.0262 3336 Npfs - ok
19:03:33.0277 3336 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:03:33.0464 3336 nsi - ok
19:03:33.0496 3336 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:03:33.0542 3336 nsiproxy - ok
19:03:33.0620 3336 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:03:33.0667 3336 Ntfs - ok
19:03:33.0698 3336 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:03:33.0776 3336 Null - ok
19:03:33.0792 3336 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:03:33.0823 3336 nvraid - ok
19:03:33.0901 3336 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:03:33.0917 3336 nvstor - ok
19:03:33.0948 3336 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:03:33.0964 3336 nv_agp - ok
19:03:33.0979 3336 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:03:34.0010 3336 ohci1394 - ok
19:03:34.0057 3336 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:03:34.0104 3336 p2pimsvc - ok
19:03:34.0135 3336 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:03:34.0151 3336 p2psvc - ok
19:03:34.0166 3336 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
19:03:34.0182 3336 Parport - ok
19:03:34.0213 3336 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:03:34.0229 3336 partmgr - ok
19:03:34.0244 3336 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:03:34.0291 3336 Parvdm - ok
19:03:34.0322 3336 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:03:34.0338 3336 PcaSvc - ok
19:03:34.0354 3336 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:03:34.0369 3336 pci - ok
19:03:34.0400 3336 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:03:34.0400 3336 pciide - ok
19:03:34.0432 3336 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:03:34.0447 3336 pcmcia - ok
19:03:34.0463 3336 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:03:34.0463 3336 pcw - ok
19:03:34.0494 3336 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:03:34.0556 3336 PEAUTH - ok
19:03:34.0900 3336 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:03:34.0993 3336 pla - ok
19:03:35.0102 3336 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:03:35.0180 3336 PlugPlay - ok
19:03:35.0227 3336 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:03:35.0274 3336 PNRPAutoReg - ok
19:03:35.0352 3336 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:03:35.0352 3336 PNRPsvc - ok
19:03:35.0461 3336 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:03:35.0508 3336 PolicyAgent - ok
19:03:35.0555 3336 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:03:35.0570 3336 Power - ok
19:03:35.0680 3336 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:03:35.0726 3336 PptpMiniport - ok
19:03:35.0758 3336 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
19:03:35.0789 3336 Processor - ok
19:03:35.0898 3336 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:03:35.0960 3336 ProfSvc - ok
19:03:35.0992 3336 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:03:36.0007 3336 ProtectedStorage - ok
19:03:36.0085 3336 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:03:36.0132 3336 Psched - ok
19:03:36.0428 3336 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:03:36.0460 3336 ql2300 - ok
19:03:36.0491 3336 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:03:36.0506 3336 ql40xx - ok
19:03:36.0569 3336 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:03:36.0616 3336 QWAVE - ok
19:03:36.0631 3336 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:03:36.0647 3336 QWAVEdrv - ok
19:03:36.0709 3336 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:03:36.0787 3336 RasAcd - ok
19:03:36.0850 3336 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:03:36.0896 3336 RasAgileVpn - ok
19:03:36.0959 3336 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:03:37.0037 3336 RasAuto - ok
19:03:37.0068 3336 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:03:37.0162 3336 Rasl2tp - ok
19:03:37.0208 3336 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:03:37.0536 3336 RasMan - ok
19:03:37.0583 3336 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:03:37.0614 3336 RasPppoe - ok
19:03:37.0661 3336 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:03:37.0723 3336 RasSstp - ok
19:03:37.0801 3336 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:03:37.0848 3336 rdbss - ok
19:03:37.0895 3336 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:03:37.0910 3336 rdpbus - ok
19:03:37.0942 3336 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:03:37.0988 3336 RDPCDD - ok
19:03:38.0098 3336 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:03:38.0160 3336 RDPENCDD - ok
19:03:38.0207 3336 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:03:38.0254 3336 RDPREFMP - ok
19:03:38.0363 3336 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:03:38.0425 3336 RdpVideoMiniport - ok
19:03:44.0774 3336 [ CE6D27958651F3FC30B1EE4B8E4115DC ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
# AdwCleaner v2.301 - Logfile created 05/19/2013 at 12:47:25
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Paul - PAUL-PC
# Boot Mode : Normal
# Running from : C:\Users\Paul\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\END
Folder Found : C:\Program Files\Conduit
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Paul\AppData\Local\Conduit
Folder Found : C:\Users\Paul\AppData\LocalLow\Conduit
Folder Found : C:\Users\Paul\AppData\LocalLow\PriceGong
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3268935
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\Software\Tarma Installer
Value Found : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3267 octets] - [19/05/2013 12:47:25]
########## EOF - C:\AdwCleaner[R1].txt - [3327 octets] ##########
OTL logfile created on: 5/20/2013 3:27:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.75 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 71.37% Memory free
3.49 Gb Paging File | 2.78 Gb Available in Paging File | 79.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 217.35 Gb Free Space | 93.37% Space Free | Partition Type: NTFS
Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/05/19 01:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/20 02:56:14 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/09/20 02:55:48 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2013/01/16 12:21:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/20 02:55:48 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Paul\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (45020668)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (28378293)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (19525566)
DRV - [2013/05/20 12:37:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 10:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/20 10:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/09/20 03:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/09/20 03:13:18 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/09/20 02:20:44 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D4 C7 A8 6D 05 51 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {8F910C72-9FC6-4BC0-9E6A-A3B8FC80EFF3}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE10SRIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{8F910C72-9FC6-4BC0-9E6A-A3B8FC80EFF3}: "URL" =
http://search.yahoo....rtPage?}&fr=ie8IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE8D3E41-98DC-45B7-BAFA-5907AE84A843}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2013/05/20 12:37:32 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/19 17:13:15 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/05/19 15:00:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/19 13:36:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/19 13:35:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/19 13:05:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/05/19 13:05:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/05/19 13:05:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/05/19 13:05:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/05/19 13:04:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/05/19 13:03:49 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/19 12:46:10 | 005,067,577 | R--- | C] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2013/05/19 12:43:43 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Paul\Desktop\JRT.exe
[2013/05/19 01:46:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/05/19 00:28:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\mbar-1.05.0.1001
[2013/05/18 21:23:10 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2013/05/18 20:50:33 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\FixZeroAccess
[2013/05/18 20:40:09 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\RK_Quarantine
[2013/05/14 20:26:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\iexplore.exe
[2013/05/14 19:29:12 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2013/05/14 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/14 19:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/14 19:28:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/05/14 19:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/05/14 19:15:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/05/09 22:02:24 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Programs
========== Files - Modified Within 30 Days ========== [2013/05/20 15:23:56 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 15:23:56 | 000,021,872 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/20 15:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/20 15:16:30 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/20 12:37:32 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/05/20 10:59:41 | 224,360,058 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/20 08:56:44 | 000,377,856 | ---- | M] () -- C:\Users\Paul\Desktop\pxrowdgm.exe
[2013/05/19 16:33:09 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Desktop\MBR.dat
[2013/05/19 12:46:10 | 005,067,577 | R--- | M] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2013/05/19 12:43:43 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Paul\Desktop\JRT.exe
[2013/05/19 12:42:33 | 000,632,031 | ---- | M] () -- C:\Users\Paul\Desktop\adwcleaner.exe
[2013/05/19 01:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2013/05/18 21:24:33 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Paul\Desktop\aswMBR.exe
[2013/05/18 20:39:10 | 000,816,128 | ---- | M] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2013/05/17 19:13:37 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/17 19:13:37 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/17 19:07:34 | 000,294,376 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/05/17 18:11:03 | 000,672,251 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 2b.jpg
[2013/05/17 18:07:53 | 000,543,030 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 2a.jpg
[2013/05/17 18:06:06 | 000,443,201 | ---- | M] () -- C:\Users\Paul\Documents\mcleod job 1.jpg
[2013/05/15 16:55:34 | 000,651,519 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 2b.jpg
[2013/05/15 16:54:48 | 000,558,542 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 2a.jpg
[2013/05/15 16:53:21 | 000,462,441 | ---- | M] () -- C:\Users\Paul\Documents\cambell job 1.jpg
[2013/05/14 20:26:09 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Paul\Desktop\iexplore.exe
[2013/05/14 19:28:10 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/11 17:50:20 | 000,567,015 | ---- | M] () -- C:\Users\Paul\Documents\roller job 2b.jpg
[2013/05/11 17:49:37 | 000,417,994 | ---- | M] () -- C:\Users\Paul\Documents\roller job 1.jpg
[2013/05/11 17:48:52 | 000,489,323 | ---- | M] () -- C:\Users\Paul\Documents\roller job 2a.jpg
[2013/05/08 22:18:56 | 000,000,188 | ---- | M] () -- C:\Users\Paul\Desktop\craigslist tri-cities, TN classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2013/05/01 13:39:22 | 000,534,269 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 2b.jpg
[2013/05/01 13:38:28 | 000,459,623 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 2a.jpg
[2013/05/01 13:37:34 | 000,452,518 | ---- | M] () -- C:\Users\Paul\Documents\cooper job 1.jpg
[2013/04/27 18:22:27 | 000,462,182 | ---- | M] () -- C:\Users\Paul\Documents\roller, barbara tile estimate.jpg
[2013/04/24 17:54:33 | 000,650,784 | ---- | M] () -- C:\Users\Paul\Documents\wood job 2b.jpg
[2013/04/24 17:52:16 | 000,587,097 | ---- | M] () -- C:\Users\Paul\Documents\wood job 2a.jpg
[2013/04/24 17:50:46 | 000,416,678 | ---- | M] () -- C:\Users\Paul\Documents\wood job 1.jpg
[2013/04/22 18:49:42 | 000,000,210 | ---- | M] () -- C:\Users\Paul\Desktop\MapQuest Maps - Driving Directions - Map.url
[2013/04/21 21:25:25 | 000,572,364 | ---- | M] () -- C:\Users\Paul\Documents\fulmar job 2b.jpg
[2013/04/21 21:23:50 | 000,518,360 | ---- | M] () -- C:\Users\Paul\Documents\fulmar job 2a.jpg
[2013/04/21 21:22:00 | 000,426,616 | ---- | M] () -- C:\Users\Paul\Documents\fulmer job 1.jpg
[2013/04/20 21:04:29 | 000,442,414 | ---- | M] () -- C:\Users\Paul\Documents\beyersdorf project list.jpg
[2013/04/20 20:59:33 | 000,468,594 | ---- | M] () -- C:\Users\Paul\Documents\beyersdorf job revised 4-20-2013.jpg
========== Files Created - No Company Name ========== [2013/05/20 08:56:44 | 000,377,856 | ---- | C] () -- C:\Users\Paul\Desktop\pxrowdgm.exe
[2013/05/19 16:33:09 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Desktop\MBR.dat
[2013/05/19 13:05:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/05/19 13:05:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/05/19 13:05:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/05/19 13:05:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/05/19 13:05:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/05/19 12:42:32 | 000,632,031 | ---- | C] () -- C:\Users\Paul\Desktop\adwcleaner.exe
[2013/05/18 20:39:10 | 000,816,128 | ---- | C] () -- C:\Users\Paul\Desktop\RogueKiller.exe
[2013/05/17 18:11:02 | 000,672,251 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 2b.jpg
[2013/05/17 18:07:53 | 000,543,030 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 2a.jpg
[2013/05/17 18:06:06 | 000,443,201 | ---- | C] () -- C:\Users\Paul\Documents\mcleod job 1.jpg
[2013/05/15 16:55:34 | 000,651,519 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 2b.jpg
[2013/05/15 16:54:48 | 000,558,542 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 2a.jpg
[2013/05/15 16:53:21 | 000,462,441 | ---- | C] () -- C:\Users\Paul\Documents\cambell job 1.jpg
[2013/05/14 19:28:10 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/11 17:50:20 | 000,567,015 | ---- | C] () -- C:\Users\Paul\Documents\roller job 2b.jpg
[2013/05/11 17:49:37 | 000,417,994 | ---- | C] () -- C:\Users\Paul\Documents\roller job 1.jpg
[2013/05/11 17:48:52 | 000,489,323 | ---- | C] () -- C:\Users\Paul\Documents\roller job 2a.jpg
[2013/05/08 22:18:56 | 000,000,188 | ---- | C] () -- C:\Users\Paul\Desktop\craigslist tri-cities, TN classifieds for jobs, apartments, personals, for sale, services, community, and events.url
[2013/05/01 13:39:22 | 000,534,269 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 2b.jpg
[2013/05/01 13:38:28 | 000,459,623 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 2a.jpg
[2013/05/01 13:37:34 | 000,452,518 | ---- | C] () -- C:\Users\Paul\Documents\cooper job 1.jpg
[2013/04/27 18:22:27 | 000,462,182 | ---- | C] () -- C:\Users\Paul\Documents\roller, barbara tile estimate.jpg
[2013/04/24 17:54:33 | 000,650,784 | ---- | C] () -- C:\Users\Paul\Documents\wood job 2b.jpg
[2013/04/24 17:52:16 | 000,587,097 | ---- | C] () -- C:\Users\Paul\Documents\wood job 2a.jpg
[2013/04/24 17:50:45 | 000,416,678 | ---- | C] () -- C:\Users\Paul\Documents\wood job 1.jpg
[2013/04/21 21:25:25 | 000,572,364 | ---- | C] () -- C:\Users\Paul\Documents\fulmar job 2b.jpg
[2013/04/21 21:23:49 | 000,518,360 | ---- | C] () -- C:\Users\Paul\Documents\fulmar job 2a.jpg
[2013/04/21 21:22:00 | 000,426,616 | ---- | C] () -- C:\Users\Paul\Documents\fulmer job 1.jpg
[2013/04/20 21:04:29 | 000,442,414 | ---- | C] () -- C:\Users\Paul\Documents\beyersdorf project list.jpg
[2013/04/20 18:38:11 | 000,468,594 | ---- | C] () -- C:\Users\Paul\Documents\beyersdorf job revised 4-20-2013.jpg
[2013/01/17 04:49:14 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/01/17 04:49:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/01/17 04:49:14 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
[2013/01/16 12:13:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/15 03:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/06/10 07:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
========== ZeroAccess Check ========== [2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2013/05/18 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FixZeroAccess
[2013/01/16 19:02:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OpenOffice.org
========== Purity Check ========== < End of report >
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-05-19 16:08:35
-----------------------------
16:08:35.207 OS Version: Windows 6.1.7601 Service Pack 1
16:08:35.207 Number of processors: 1 586 0x603
16:08:35.207 ComputerName: PAUL-PC UserName: Paul
16:08:36.112 Initialize success
16:10:21.287 AVAST engine defs: 13051900
16:11:08.446 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:11:08.446 Disk 0 Vendor: WDC_WD2500BEVT-60A23T0 02.01A02 Size: 238475MB BusType: 11
16:11:08.586 Disk 0 MBR read successfully
16:11:08.586 Disk 0 MBR scan
16:11:08.602 Disk 0 Windows 7 default MBR code
16:11:08.618 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:11:08.633 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238373 MB offset 206848
16:11:08.633 Disk 0 scanning sectors +488394752
16:11:08.820 Disk 0 scanning C:\Windows\system32\drivers
16:11:59.068 Service scanning
16:13:45.382 Service RDPWD C:\Windows\System32\Drivers\RDPWD.sys **LOCKED** 32
16:13:58.517 Modules scanning
16:14:19.655 Disk 0 trace - called modules:
16:14:20.186 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
16:14:20.201 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85490030]
16:14:20.217 3 CLASSPNP.SYS[8819d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85005908]
16:14:21.169 AVAST engine scan C:\Windows
16:14:24.382 AVAST engine scan C:\Windows\system32
16:16:35.360 AVAST engine scan C:\Windows\system32\drivers
16:17:28.712 AVAST engine scan C:\Users\Paul
16:31:57.540 AVAST engine scan C:\ProgramData
16:32:16.681 Scan finished successfully
16:33:09.222 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
16:33:09.238 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"
I am not able to do TotalVirus.. I also tried from safe mode but it did not work either, it ended with fatal exception.
thanks Phel.