CLOSED C:\windows\system32\tprdpw64.exe infected

dechainne · January 31, 2019

My computer (desktop) has been infected for quite some time. After one of Microsoft Wndows 10 updates that turned off all my protection the machine got infected. That was close to 2 years ago. I have been working on getting rid of the many infections manually and with a few killers. I recently ran across EEK and us4ed it and I used FRST as outlined in hopes this will finally get my desktop back in action.

When fully infected I could not run anything. After I did some cleaning I was able to get into safe mode. but the infections would not allow me to change anything, delete or remove any files it presented me with an error box stating that I did not have permission to do that or when I attempted to run various malware and virus killers or start any anti-virus program. It stated it was already running. I am hoping that you can assist me in remedying my situation at hand with my desktop.

I have attached the reports from EEK and FRST as outlined.

I thank you in advance for your assistance.

Addition.txt

FRST.txt

scan_190130-155741.txt

Kevin Zoll · February 1, 2019

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [cpx] => "C:\Users\BizAccnt\AppData\Local\ntuserlitelist\cpx\cpx.exe" -starup <==== ATTENTION
HKLM-x32\...\Run: [svcvmx] => "C:\Users\BizAccnt\AppData\Local\ntuserlitelist\svcvmx\svcvmx.exe" -starup <==== ATTENTION
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoWinKeys] 1
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFileUrl] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoNetHood] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFileMenu] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoSetTaskBar] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [Nosecuritytab] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoUpdateCheck] 0
HKU\S-1-5-21-1351472251-1763887738-756014443-1007\...\Policies\Explorer: [NoWindowsUpdate] 0
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKU\S-1-5-21-1351472251-1763887738-756014443-1006\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Winsock: Catalog9 13 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 14 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 13 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 14 %windir%\system32\vsocklib.dll => No File
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL =
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> {C70A7EE0-4D43-4A2C-86D5-3C80DB3A8C22} URL =
SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> DefaultScope {7A41E3E5-29C6-4A45-9357-3C292D43EE68} URL =
SearchScopes: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> {DCFD42FA-A29D-4635-9487-9E97943856CC} URL =
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll => No File
Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1006 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1351472251-1763887738-756014443-1007 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\[email protected] => not found
S2 Dataup; C:\Users\BizAccnt\AppData\Local\ntuserlitelist\dataup\dataup.exe [X] <==== ATTENTION
S1 cctarpcq; \??\C:\WINDOWS\system32\drivers\cctarpcq.sys [X]
R5 drmkpro64;  <==== ATTENTION: Locked Service <==== ATTENTION
S1 drxrsqjb; \??\C:\WINDOWS\system32\drivers\drxrsqjb.sys [X]
S1 ikqyktvh; \??\C:\WINDOWS\system32\drivers\ikqyktvh.sys [X]
S1 opbqhbnc; \??\C:\WINDOWS\system32\drivers\opbqhbnc.sys [X]
S1 oszmpycu; \??\C:\WINDOWS\system32\drivers\oszmpycu.sys [X]
S1 snwwpkek; \??\C:\WINDOWS\system32\drivers\snwwpkek.sys [X]
2019-01-30 16:27 - 2019-01-30 16:27 - 000072816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nxwztfjc.sys
2019-01-13 17:37 - 2019-01-30 09:28 - 000000000 ____D C:\Program Files\rempl
2019-01-30 13:11 - 2017-06-19 21:54 - 000000000 ____D C:\Users\BizAccnt\AppData\Local\ntuserlitelist
2015-04-14 08:28 - 2015-04-14 08:28 - 000001171 _____ () C:\Users\BizAccnt\AppData\Roaming\wVhDty4cZ4ikvfz7j2MRh4E0E
C:\WINDOWS\system32\drivers\ndistpr64.sys
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCExtMenu_64.dll -> No File
ContextMenuHandlers1: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File
ContextMenuHandlers3: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [SlimShellExt] -> {5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF} => C:\Program Files (x86)\SlimCleaner\SlimShell64.dll -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
Task: {00496BD5-4FC8-4811-9C8F-5A123EB21633} - no filepath
Task: {00FA9144-2A7D-421B-A10C-DE8F45FF0A9C} - no filepath
Task: {06CDD989-385B-49DA-BF87-73B4CCF77485} - no filepath
Task: {0D845C21-1CB7-48C8-B8F8-8A3258ECAC9D} - no filepath
Task: {0F3807CF-C051-4AD3-B615-42E61A3052AF} - no filepath
Task: {0F95EA6C-1B50-4185-8361-E5F9290F8586} - no filepath
Task: {149F7C26-4956-4D84-89FA-C2BAE34FFF79} - no filepath
Task: {1712E2EF-0078-4A89-BD90-A93513C45D1B} - \SMW_UpdateTask_Time_34343731353930342d454a2a415034412a4a6c575a -> No File <==== ATTENTION
Task: {1825E803-8D2D-423A-870B-8E07E89404C9} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1003 -> No File <==== ATTENTION
Task: {1E3B3107-83EC-484B-9BB4-56B828939B9F} - no filepath
Task: {1FD33E8C-4EF3-43CA-8690-A3CE00F9C869} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {20D44214-602C-497F-875D-660AE153DA75} - \HP AR Program Upload - fca025bd50b749d68da04fb1ff3b4620988a36468944423d8cce8ea4f56c99ab -> No File <==== ATTENTION
Task: {2224B408-7CEA-4DEC-9173-7A77B4281877} - no filepath
Task: {23693835-D5EF-4455-99C6-10819FCAAA16} - \User_Feed_Synchronization-{0C757521-BCAA-4C47-AA2A-1FC97ADE5B98} -> No File <==== ATTENTION
Task: {238FC883-0B2A-4E26-9215-40F67C723E12} - \HP AR Program Upload - abecdd93a51a49afa1468ffa6ec97a090df6cb329ddd4f29bd2ce2906e114287 -> No File <==== ATTENTION
Task: {27395F70-7C0C-40A4-8DA0-64B99F71702F} - no filepath
Task: {2780B42C-50DF-45C6-8A23-D0747CAACECC} - no filepath
Task: {30AB8F31-8A04-447F-B737-6F3FC5297F4C} - \RealDownloader Update Check -> No File <==== ATTENTION
Task: {31614312-62E6-4AC5-B99B-DF9FAA8E1411} - \RealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION
Task: {33B286FA-4BC0-4291-B468-836C70E38A30} - no filepath
Task: {367B3E61-B2C1-40FD-BA8E-2F4B618918C3} - no filepath
Task: {38910B2D-8EAA-444E-857F-2840AFFF93F7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3A31BC0B-2D97-4BD0-BEF2-25DF564A2789} - no filepath
Task: {3C1625FB-9BD6-4969-8A23-B2D29B000346} - no filepath
Task: {3FEF55C6-D994-46D6-BF64-2BEE5B8EEEE8} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION
Task: {426640AF-956A-4458-8792-527E06A441DF} - no filepath
Task: {43948049-284B-4F81-9FF4-4793DB658FB3} - \RealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION
Task: {47B43310-5FF6-4E53-9BAA-A36E04872F97} - no filepath
Task: {48129676-308D-4A1E-AC87-070112EE6C73} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {4871FC7B-817A-4740-B2EF-8C07E84F7272} - no filepath
Task: {49022CA2-1E71-4415-96CA-0E10612D3E90} - \ecab37c9-222c-407c-9032-d52647d01a76-5_user -> No File <==== ATTENTION
Task: {4CEAAB17-2DA4-4704-A453-995789B5BFA2} - no filepath
Task: {5260AA48-AE74-4E00-BFEC-9D2AAAC8DAD4} - \ecab37c9-222c-407c-9032-d52647d01a76-4 -> No File <==== ATTENTION
Task: {53157A82-ECF9-4196-BE97-510C9A39E759} - no filepath
Task: {555CF9A3-EAB4-45C5-8419-00F201A4367C} - \{8A1D12A2-D5F0-486D-9D81-BA6C4B532C9C} -> No File <==== ATTENTION
Task: {5A9F2392-DE9F-4E39-819D-418759F41DAB} - \{6602A39E-3C88-434A-A69C-6876F8CF9E57} -> No File <==== ATTENTION
Task: {5D88B756-74A5-4B3A-8A19-EC0AED9928A6} - \HP AR Program Upload - 312935451d694d8fbaf486308e6e7e83b5c6403402754a32b587f4f0236119d2 -> No File <==== ATTENTION
Task: {5F03307C-2F03-4786-9A55-E4D36AA80341} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {5FBE5D64-3259-4156-9118-099A0DAA78CB} - \MyBrowser -> No File <==== ATTENTION
Task: {61F2FC90-E9DA-4849-A1FD-76B997BE0276} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {62E54295-AC99-434E-9726-93B4079D1A58} - \HP AR Program Upload - 4755144799804597acf44ac57ed3eea40696fa3ecee64241ae0ebdae0fcaa22c -> No File <==== ATTENTION
Task: {63DF04BD-40DD-4B10-94B8-3930A1D7E33A} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION
Task: {6710ED2B-BA7B-4884-B60A-DFC0BC32D22B} - no filepath
Task: {6714E4D5-54BE-4051-B1CC-17F88FC5F022} - no filepath
Task: {6960CB8A-40C3-4EB3-8547-A554047CCA95} - \{E9BB6EEE-CEEC-4B19-886A-93411063CFC7} -> No File <==== ATTENTION
Task: {69C4DD59-89FA-4698-B7C7-6702BF5E8921} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {6DF6DC7B-8781-4E61-9BF3-A8048954FC3B} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION
Task: {6E5D4A92-196C-4F34-8251-0D7B76F3C674} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION
Task: {70A3D6F2-6664-4C8A-B120-B6DB035FD2D1} - \HP AR Program Upload - 31ef0124e0c94edca30de826854e2663949bdf7918004fa99ab0931499a8c8a1 -> No File <==== ATTENTION
Task: {735E5C88-6062-4B50-A5E5-8A5985A0C811} - no filepath
Task: {7AA19AB2-BB90-454E-A3E5-DCE1C83464EB} - no filepath
Task: {7B7C27DC-B0EF-4087-AD2F-B56D70271697} - no filepath
Task: {7B8E0C23-2A72-40F1-A58F-BFB9708C578D} - no filepath
Task: {7D2516F0-5A50-4C00-9B24-CDE81A50A8E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {830CB740-A641-478D-807B-C667D1850024} - no filepath
Task: {8362FCD0-6651-4982-ACA6-50C6E16A9328} - no filepath
Task: {84A8C7BF-5191-4C38-9ADD-18F781A9D537} - \ecab37c9-222c-407c-9032-d52647d01a76-5 -> No File <==== ATTENTION
Task: {899CB99A-3373-4CFE-AF87-03CF7DBB5695} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {8E74EF00-7E76-4042-9441-4B2D71A1364D} - no filepath
Task: {8FBE8015-04D4-47BD-9384-FF9A167C49DD} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1003 -> No File <==== ATTENTION
Task: {905D7455-5CA1-488B-97D8-1F28E82E0984} - no filepath
Task: {914D9F48-1CBC-4BF1-BFEA-6F62C3073A1B} - \One System Care Task -> No File <==== ATTENTION
Task: {9694DE57-70E5-4190-A715-30624194CE64} - \{94F40477-69B2-49C2-B665-D9473AAFB803} -> No File <==== ATTENTION
Task: {98573CC6-D97C-48FD-9775-6C675CED5825} - no filepath
Task: {991A8AE6-2037-4A73-96EE-2F040EC325A7} - no filepath
Task: {9A9637F0-83B4-4B4C-8E33-16CE7CB481F9} - no filepath
Task: {9AF8210F-4474-4724-81CE-27310161969A} - \RealDownloaderRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION
Task: {9D7EBC79-012F-4261-BD06-0EDEF2251C5C} - no filepath
Task: {9F22B976-D33C-4E2B-A15C-662E4064EC42} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {A090690D-37F6-4F54-BAEB-9EF25B1612F7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A3C63F6E-E7B8-4E1C-B0F5-122E842E920E} - \{5BEB811E-E6D3-479B-B283-BF2D2E6BE139} -> No File <==== ATTENTION
Task: {A7E7619A-C790-4407-BE82-D44408574D2A} - no filepath
Task: {A87BFE47-7E81-44D0-85E7-3268CF2C114F} - no filepath
Task: {AD488CB4-F5FC-49C2-B4B3-F08BE04C8C61} - no filepath
Task: {ADCADCAF-2EDC-48CB-9461-5E5DDB2E9D7E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B3971B7B-828C-47ED-AD63-C94DE5128591} - no filepath
Task: {B3F7B1F8-4BE6-443E-B3AE-83118F1C24D5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B4CB5A15-A4BB-4220-92E4-D0BCE464A479} - no filepath
Task: {BE596E98-FB57-4A1D-82D7-6B8C77F091F1} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION
Task: {C084FA60-7325-4DB5-9BAC-97A5FFAC8980} - \User_Feed_Synchronization-{C12A274C-A839-46DD-A526-09B88AB195E1} -> No File <==== ATTENTION
Task: {C4C898D3-E47F-4054-AD35-FC6C25646596} - no filepath
Task: {C790DDA6-7A99-466E-BF7C-9C87C376E72E} - no filepath
Task: {CFE80A2A-DADD-420D-B510-FEE7C753E194} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D124EFC9-FE72-453D-96C9-43D5AF5C5500} - \Express FilesUpdate -> No File <==== ATTENTION
Task: {D13D8333-154B-481D-9768-E00D42A258CF} - \{34E815C4-3AB1-45AC-A5A6-4D16D2CA9A86} -> No File <==== ATTENTION
Task: {D1609895-C9B4-4846-8DF6-FED738F7EB50} - no filepath
Task: {D3453495-E813-4678-8823-26434CA88277} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D34A5D11-1075-4660-A35D-3CF5F480BFFE} - \RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1351472251-1763887738-756014443-1000 -> No File <==== ATTENTION
Task: {D3626A0E-D197-4429-B923-DEF0263A05F0} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: {D7A17E60-44CD-4E69-9C5A-8E8B5A50FE6E} - no filepath
Task: {D8CADC6A-D874-43F4-BB6C-C52120A2C2BF} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {DF038B73-EC37-4B2E-9BB5-75FE0E5638C9} - no filepath
Task: {DFA64BEF-51F4-409B-86B4-7F062EBE42B1} - no filepath
Task: {DFD1486E-F040-4CD3-8614-0787845E6B6C} - \HP AR Program Upload - a549b42f3930480087b876a47f516a00dbe67fb4326d43fda3d4adf4c1c4591a -> No File <==== ATTENTION
Task: {E4CDE1C8-550D-4BE9-9243-293795574DE5} - no filepath
Task: {E91A5D81-A317-4148-89BD-91C5AF428D01} - no filepath
Task: {EDEA2C44-F6D4-464D-9926-E2625CD5E07D} - \4673 -> No File <==== ATTENTION
Task: {EFF17C07-A840-4D3C-9299-549A52A83C85} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F1685CA8-93AC-4FF2-B823-3415210B92A1} - \RealPlayerRealUpgradeLogonTaskS-1-5-21-1351472251-1763887738-756014443-1006 -> No File <==== ATTENTION
Task: {F25CCAB1-EB83-4201-B660-35E43235FE1E} - \IBUpd -> No File <==== ATTENTION
Task: {F3120ED4-342D-4068-A7BA-1B538907F4AF} - no filepath
Task: {F77C5132-E870-4E8E-9633-D63C9DB2AFD4} - \RocketTab Update Task -> No File <==== ATTENTION
Task: {FB58D978-423C-4317-8323-FCE9E9FFA42C} - no filepath
Task: {FB678467-8E8B-44AC-A72B-33008818644F} - no filepath
Task: {FC479928-0556-48A8-9FE8-1572AEC355C1} - \RocketTab -> No File <==== ATTENTION
Task: {FC75B954-314D-4040-A3A5-E114C9C7800F} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered niref.job => C:\ProgramData\{FE5C3B3F-741E-B1F9-F2D8-2FBB689AA475}\tifo.txt <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bssrshar.sys:changelist [448]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\nxwztfjc.sys:changelist [448]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]
MSCONFIG\Services: Dataup =>
FirewallRules: [{9B8878F3-FBA7-4E82-A5BC-94789C960F5A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜硹捯潨摮潲慳捲浯牡晩畳屭祍潸档湯牤獯牡潣慭楲獦浵⹟硥e No File
FirewallRules: [{BE66EF05-B66E-4213-B500-2D260586BBE5}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶䵜硹捯潨摮潲慳捲浯牡晩畳屭祍潸档湯牤獯牡潣慭楲獦浵攮數 No File
FirewallRules: [{8ED1560E-E054-4FE5-BFEA-BB46C8380323}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥⹟硥e No File
FirewallRules: [{ABF18B0F-CC94-4668-BA5B-9028FBF21262}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥⹟硥e No File
FirewallRules: [{9BBD62DA-0260-459E-A363-23D71B59A6D8}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲敲瑳楷潮瑰楦瑬牥攮數 No File
FirewallRules: [{C3532063-99DD-4B9B-875D-3D8C79A1439A}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩灯晴汩整屲楷潮瑰楦瑬牥攮數 No File
FirewallRules: [{1C8E07C3-E6ED-4C32-9973-B62603E2FE08}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File
FirewallRules: [{ED212BD6-6D65-4E71-B32D-9E55BE785204}] => (Allow) C:\Program Files (x86)\pandasecuritytb\cleanupie.exe No File
FirewallRules: [{06361F75-50B3-4E36-975C-702BF4BF6E6E}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File
FirewallRules: [{6BD27039-4739-428E-A63F-6B037736C427}] => (Allow) C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe No File
FirewallRules: [{71182C25-1268-4476-9563-597529E598D0}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe No File
FirewallRules: [{D72ADEF9-C968-46CB-8651-8F89A1B7CB77}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe No File
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe No File
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe No File
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe No File
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe No File
FirewallRules: [WMS-Dashboard] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsDashboard.exe No File
FirewallRules: [WMS-Session-Agent] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe No File
FirewallRules: [WMS-Service] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe No File
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe No File
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe No File
FirewallRules: [WMS-Manager] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsManager.exe No File
C:\WINDOWS\System32\Drivers\ndistpr64.sys

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

NOTE: If the tool warns you about an outdated version please download and run the updated version.

Kevin Zoll · February 6, 2019

Thread Closed

Reason: Lack of Response

PM either Kevin, Elise, or Arthur to have this thread reopened.

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on a system, other than the one they were written for, could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE if you don't we are just going to send you back to this thread

Sign In

CLOSED C:\windows\system32\tprdpw64.exe infected

Recommended Posts

dechainne 0

Share this post

Link to post

Share on other sites

Kevin Zoll 307

Share this post

Link to post

Share on other sites

Kevin Zoll 307

Share this post

Link to post

Share on other sites

Recently Browsing 0 members

Products & Services

Ransomware/Malware Removal

Partners

Resources

Company

Browse

Activity