lHad PC MightyMax 2012, rem0ved it, Ma1warebytes was then insta11ed and f0und Win32.Delf.uv with other less seri0us infecti0ns. Have a11 10g fi1es. A1s0 as y0u may have n0ticed, typing is extreme1y difficu1t. Wind0ws 0n1y runs in Safe M0de, wi11 b00t n0rma11y but never fu11y 10ad. Here is my current DDS 10g:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16446

Run by Mesha Lynn at 17:04:42 on 2013-02-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1594 [GMT -8:00]


AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}


============== Running Processes ===============



C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted





"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe"

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe




============== Pseudo HJT Report ===============


uStart Page = hxxp://www.facebook.com/

uProxyOverride = <local>;*.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\\ips\ipsbho.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\coieplg.dll

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED

mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll


INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.



INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.


DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/f5tunsrv.cab#version=7000,2011,1213,303

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\MESHAL~1\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1

DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/vdeskctrl.cab#version=7000,2012,0712,0449

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/urxshost.cab#version=7000,2012,215,1913

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://vcuhsra.mcvh-vcu.edu/vdesk/terminal/urxhost.cab#version=7000,2012,613,1512

TCP: NameServer =

TCP: Interfaces\{7194561C-36BB-401C-8C24-2C5908F5BF65} : DHCPNameServer =

TCP: Interfaces\{BBC53485-D51D-4DB0-9FB1-40BF7B824669} : DHCPNameServer =

TCP: Interfaces\{BBC53485-D51D-4DB0-9FB1-40BF7B824669}\2456C6B696E6F5E4F575962756C6563737F5546454341464 : DHCPNameServer =

TCP: Interfaces\{BBC53485-D51D-4DB0-9FB1-40BF7B824669}\84F4D454D283736483 : DHCPNameServer =

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [smartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe

x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll


INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.


x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: www.spywareinfo.com


============= SERVICES / DRIVERS ===============


R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-12-7 75904]

R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-12-7 38016]

R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1207020.003\symds64.sys [2012-6-11 450680]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1207020.003\symefa64.sys [2012-6-11 912504]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]

R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-12-7 9216]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]

R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-2-24 36680]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-7 1109096]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-11-30 1157240]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120120.002\IDSviA64.sys [2012-1-21 488568]

S1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1207020.003\ironx64.sys [2012-6-11 171128]

S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1207020.003\symnets.sys [2012-6-11 386168]

S2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-12-7 203776]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE [2012-2-13 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-21 398184]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-21 682344]

S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\\ccsvchst.exe [2012-6-11 130008]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-25 132056]

S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\\ccSvcHst.exe [2011-12-7 126392]

S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE [2012-2-13 240408]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-25 138912]

S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-2-21 24176]

S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-7 38096]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-7 243712]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-12-7 51576]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]


=============== Created Last 30 ================


2013-02-24 21:01:29 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys

2013-02-24 12:26:18 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD9DFA34-6349-4C10-A065-C1CE2A388C68}\offreg.dll

2013-02-24 12:23:56 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD9DFA34-6349-4C10-A065-C1CE2A388C68}\mpengine.dll

2013-02-24 04:08:00 -------- d-sh--w- C:\$RECYCLE.BIN

2013-02-24 01:49:00 98816 ----a-w- C:\windows\sed.exe

2013-02-24 01:49:00 256000 ----a-w- C:\windows\PEV.exe

2013-02-24 01:49:00 208896 ----a-w- C:\windows\MBR.exe

2013-02-22 09:27:49 -------- d-----w- C:\Program Files (x86)\Safer Networking

2013-02-22 02:11:44 -------- d-----w- C:\Users\Mesha Lynn\AppData\Roaming\Malwarebytes

2013-02-22 02:11:34 -------- d-----w- C:\ProgramData\Malwarebytes

2013-02-22 02:11:33 24176 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-02-22 02:11:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-22 02:08:36 -------- d-----w- C:\Program Files\CCleaner

2013-02-21 23:57:59 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2013-02-21 05:08:07 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-02-13 16:53:36 -------- d-----w- C:\Users\Mesha Lynn\AppData\Local\Symantec


==================== Find3M ====================



============= FINISH: 17:05:26.35 ===============

And the attached 10g fi1e:





DDS (Ver_2012-11-20.01)


Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/25/2011 8:32:38 AM

System Uptime: 2/23/2013 8:06:51 PM (21 hours ago)


Motherboard: TOSHIBA | | Portable PC

Processor: AMD C-50 Processor | Socket FT1 | 997/100mhz


==== Disk Partitions =========================


C: is FIXED (NTFS) - 285 GiB total, 195.687 GiB free.



==== Disabled Device Manager Items =============


Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver



Name: Security Processor Loader Driver


Service: spldr


==== System Restore Points ===================


RP80: 12/8/2012 3:29:03 AM - Scheduled Checkpoint

RP81: 12/11/2012 1:57:04 PM - Installed The Sims 3

RP82: 12/26/2012 8:26:21 PM - Scheduled Checkpoint

RP83: 1/6/2013 2:29:40 PM - Scheduled Checkpoint

RP84: 1/17/2013 10:43:21 AM - Scheduled Checkpoint

RP85: 1/30/2013 6:44:50 AM - Scheduled Checkpoint

RP86: 2/6/2013 12:17:30 PM - Scheduled Checkpoint


==== Installed Programs ======================


Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 ActiveX 64-bit

Amazon Links

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

ATI Catalyst Install Manager

BIG-IP Edge Client Components (All Users)


Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All



CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish


Conexant HD Audio


Diner Dash 2

ETDWare PS/2-X64

Facebook Messenger 2.1.4651.0

Facebook Video Calling

Google Chrome

Google Update Helper


Java Auto Updater

Junk Mail filter update

Label@Once 1.0

Malwarebytes Anti-Malware version

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime



Norton Internet Security

Norton PC Checkup



PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Realtek USB 2.0 Card Reader

Realtek WLAN Driver


Revo Uninstaller 1.94

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype Launcher

Skype™ 6.0

The Sims 2

The Sims 2 Nightlife

The Sims 2 Open For Business

The Sims 2 Pets

The Sims 2 University

The Sims™ 2 Apartment Life

The Sims™ 2 Bon Voyage

The Sims™ 2 Mansion and Garden Stuff

The Sims™ 3

Toshiba App Place

TOSHIBA Application Installer


Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA Face Recognition

TOSHIBA Hardware Setup


Toshiba Laptop Checkup

TOSHIBA Media Controller

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator


TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application


Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WModem Driver Installer

WMV9/VC-1 Video Playback

Yahoo! Messenger

Yahoo! Software Update


==== Event Viewer Messages From Past Week ========


2/24/2013 5:03:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/24/2013 4:11:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/24/2013 1:02:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 9:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}

2/23/2013 9:09:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

2/23/2013 8:08:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/23/2013 8:08:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/23/2013 8:08:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/23/2013 8:07:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/23/2013 8:07:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6

2/23/2013 8:07:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8002013b50, 0xfffff80000b9c510). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 022313-23556-01.

2/23/2013 8:05:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.

2/23/2013 8:04:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

2/23/2013 8:04:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.

2/23/2013 8:01:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.

2/23/2013 8:00:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

2/23/2013 7:54:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.

2/23/2013 7:53:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

2/23/2013 7:52:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.

2/23/2013 7:51:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

2/23/2013 7:50:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

2/23/2013 7:33:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

2/23/2013 7:26:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

2/23/2013 7:25:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/23/2013 7:25:24 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/23/2013 7:25:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/23/2013 7:12:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

2/23/2013 7:11:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

2/23/2013 7:11:22 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/23/2013 6:57:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

2/23/2013 6:57:57 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/23/2013 6:55:04 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.

2/23/2013 6:53:33 PM, Error: Service Control Manager [7022] - The Remote Access Connection Manager service hung on starting.

2/23/2013 6:50:29 PM, Error: Service Control Manager [7022] - The IP Helper service hung on starting.

2/23/2013 6:46:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Yahoo! Updater service to connect.

2/23/2013 6:46:58 PM, Error: Service Control Manager [7000] - The Yahoo! Updater service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/23/2013 6:04:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2/23/2013 5:49:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

2/23/2013 5:23:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

2/23/2013 12:46:55 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 12:46:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/23/2013 12:46:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/23/2013 12:46:24 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

2/23/2013 12:46:22 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 12:46:22 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2013 12:46:22 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 12:46:22 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 12:46:22 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 12:46:22 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 12:46:22 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/23/2013 12:46:21 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2013 12:46:21 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2013 12:46:21 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2013 12:46:21 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/23/2013 12:44:19 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

2/22/2013 5:23:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

2/22/2013 5:23:30 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/22/2013 4:42:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

2/22/2013 4:42:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device service.

2/22/2013 4:38:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

2/22/2013 4:38:37 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/22/2013 4:38:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

2/22/2013 4:19:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

2/22/2013 4:18:22 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

2/22/2013 3:41:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

2/22/2013 3:39:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

2/22/2013 3:39:44 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/22/2013 3:28:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.

2/22/2013 3:28:24 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/22/2013 3:17:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.

2/22/2013 11:09:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

2/22/2013 11:03:42 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.

2/22/2013 11:01:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

2/22/2013 10:58:42 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

2/22/2013 10:53:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa8002013040, 0xfffff8000419d510). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 022213-36285-01.

2/22/2013 10:40:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

2/22/2013 10:40:23 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/22/2013 10:21:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.

2/22/2013 10:20:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.

2/22/2013 10:19:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.

2/21/2013 6:57:42 PM, Error: Service Control Manager [7031] - The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

2/21/2013 6:00:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}

2/21/2013 3:53:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

2/20/2013 8:39:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

2/20/2013 8:23:59 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2/20/2013 8:23:59 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

2/20/2013 6:56:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf

2/20/2013 11:18:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.

2/20/2013 11:14:00 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

2/20/2013 11:11:22 PM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.


==== End Of File ===========================</orphaned></orphaned></orphaned></orphaned></orphaned></local>

Hello Xander87 and welcome to the forum.

I hope you get better grip on the keyboard, as your only description at the top is -very- difficult -to understand- !!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 2

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

I'm posting from a different pc so its easier on both of us. Here are the results:

(Also, no matter what I tried, Rkill never had the option for Run As Administrator, [but RogueKiller did, and ran accordingly])

Rkill 2.4.7 by Lawrence Abrams (Grinler)


Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:


Program started at: 02/25/2013 04:05:57 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.

Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.

Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.

* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found: www.007guard.com 007guard.com 008i.com www.008k.com 008k.com www.00hq.com 00hq.com 010402.com www.032439.com 032439.com www.0scan.com 0scan.com www.1000gratisproben.com 1000gratisproben.com 1001namen.com www.1001namen.com 100888290cs.com www.100888290cs.com www.100sexlinks.com 100sexlinks.com

20 out of 15330 HOSTS entries shown.

Please review HOSTS file for further entries.

Program finished at: 02/25/2013 04:06:20 PM

Execution time: 0 hours(s), 0 minute(s), and 23 seconds(s)

-End Rkill-

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Mesha Lynn [Admin rights]

Mode : Scan -- Date : 02/25/2013 16:13:54

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][ROGUE ST] HKLM\[...]\Wow6432Node\RunOnce : 1 (C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts www.007guard.com 007guard.com 008i.com www.008k.com 008k.com www.00hq.com 00hq.com 010402.com www.032439.com 032439.com www.0scan.com 0scan.com www.1000gratisproben.com 1000gratisproben.com 1001namen.com www.1001namen.com 100888290cs.com www.100888290cs.com www.100sexlinks.com 100sexlinks.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3275GSX SATA Disk Device +++++

--- User ---

[MBR] ccf60736590eef2cfd6a7aa695256f66

[bSP] 66145dbfca0f0410ab0749a594446f83 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 292137 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 601370624 | Size: 11607 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_02252013_02d1613.txt >>


-End RogueKiller-

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder


and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

<p> </p>

19:20:33.0919 1588 TDSS rootkit removing tool Feb 11 2013 18:50:42

19:20:34.0450 1588 ============================================================

19:20:34.0465 1588 Current date / time: 2013/02/26 19:20:34.0450

19:20:34.0465 1588 SystemInfo:

19:20:34.0465 1588

19:20:34.0465 1588 OS Version: 6.1.7601 ServicePack: 1.0

19:20:34.0465 1588 Product type: Workstation

19:20:34.0465 1588 ComputerName: MESHALYNN-PC

19:20:34.0465 1588 UserName: Mesha Lynn

19:20:34.0465 1588 Windows directory: C:\windows

19:20:34.0465 1588 System windows directory: C:\windows

19:20:34.0465 1588 Running under WOW64

19:20:34.0465 1588 Processor architecture: Intel x64

19:20:34.0465 1588 Number of processors: 2

19:20:34.0465 1588 Page size: 0x1000

19:20:34.0465 1588 Boot type: Safe boot with network

19:20:34.0465 1588 ============================================================

19:20:36.0135 1588 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:20:36.0135 1588 ============================================================

19:20:36.0135 1588 \Device\Harddisk0\DR0:

19:20:36.0135 1588 MBR partitions:

19:20:36.0135 1588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800

19:20:36.0135 1588 ============================================================

19:20:36.0181 1588 C: <-> \Device\Harddisk0\DR0\Partition1

19:20:36.0181 1588 ============================================================

19:20:36.0181 1588 Initialize success

19:20:36.0181 1588 ============================================================

19:21:49.0221 1904 ============================================================

19:21:49.0221 1904 Scan started

19:21:49.0221 1904 Mode: Manual;

19:21:49.0221 1904 ============================================================

19:21:49.0813 1904 ================ Scan system memory ========================

19:21:49.0813 1904 System memory - ok

19:21:49.0813 1904 ================ Scan services =============================

19:21:50.0032 1904 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

19:21:50.0032 1904 1394ohci - ok

19:21:50.0125 1904 [ F146E2BA475893DD77B2370DC1211FC6 ] 82424991 C:\windows\system32\drivers\46718093.sys

19:21:50.0141 1904 82424991 - ok

19:21:50.0172 1904 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

19:21:50.0188 1904 ACPI - ok

19:21:50.0219 1904 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

19:21:50.0235 1904 AcpiPmi - ok

19:21:50.0422 1904 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:21:50.0422 1904 AdobeFlashPlayerUpdateSvc - ok

19:21:50.0484 1904 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

19:21:50.0500 1904 adp94xx - ok

19:21:50.0562 1904 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

19:21:50.0562 1904 adpahci - ok

19:21:50.0578 1904 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

19:21:50.0593 1904 adpu320 - ok

19:21:50.0640 1904 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

19:21:50.0656 1904 AeLookupSvc - ok

19:21:50.0734 1904 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

19:21:50.0734 1904 AFD - ok

19:21:50.0781 1904 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

19:21:50.0781 1904 agp440 - ok

19:21:50.0859 1904 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

19:21:50.0859 1904 ALG - ok

19:21:50.0890 1904 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

19:21:50.0890 1904 aliide - ok

19:21:50.0937 1904 [ A8B81D750556FB9A9266EC65BFAB63AF ] AMD External Events Utility C:\windows\system32\atiesrxx.exe

19:21:50.0937 1904 AMD External Events Utility - ok

19:21:50.0968 1904 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

19:21:50.0968 1904 amdide - ok

19:21:51.0015 1904 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

19:21:51.0015 1904 AmdK8 - ok

19:21:51.0264 1904 [ 7A1AC757F3A2A3126A806B7319CAB21B ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys

19:21:51.0498 1904 amdkmdag - ok

19:21:51.0529 1904 [ EEF6F806EEDFD1C746071F1FD684870E ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys

19:21:51.0545 1904 amdkmdap - ok

19:21:51.0592 1904 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

19:21:51.0592 1904 AmdPPM - ok

19:21:51.0639 1904 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

19:21:51.0639 1904 amdsata - ok

19:21:51.0685 1904 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

19:21:51.0685 1904 amdsbs - ok

19:21:51.0717 1904 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

19:21:51.0717 1904 amdxata - ok

19:21:51.0763 1904 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys

19:21:51.0763 1904 amd_sata - ok

19:21:51.0795 1904 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys

19:21:51.0810 1904 amd_xata - ok

19:21:51.0904 1904 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

19:21:51.0904 1904 AppID - ok

19:21:51.0935 1904 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

19:21:51.0935 1904 AppIDSvc - ok

19:21:51.0951 1904 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

19:21:51.0966 1904 Appinfo - ok

19:21:52.0107 1904 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:21:52.0107 1904 Apple Mobile Device - ok

19:21:52.0169 1904 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

19:21:52.0169 1904 arc - ok

19:21:52.0185 1904 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

19:21:52.0185 1904 arcsas - ok

19:21:52.0200 1904 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

19:21:52.0216 1904 AsyncMac - ok

19:21:52.0216 1904 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

19:21:52.0216 1904 atapi - ok

19:21:52.0341 1904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

19:21:52.0356 1904 AudioEndpointBuilder - ok

19:21:52.0387 1904 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

19:21:52.0387 1904 AudioSrv - ok

19:21:52.0450 1904 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

19:21:52.0450 1904 AxInstSV - ok

19:21:52.0512 1904 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

19:21:52.0528 1904 b06bdrv - ok

19:21:52.0575 1904 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

19:21:52.0575 1904 b57nd60a - ok

19:21:52.0731 1904 [ 47480F4260DAE9AA589BCAF924B3767A ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe

19:21:52.0731 1904 BBSvc - ok

19:21:52.0777 1904 [ 6BF743CBF3BCD09DAB79245E60E1AE62 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe

19:21:52.0793 1904 BBUpdate - ok

19:21:52.0824 1904 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

19:21:52.0840 1904 BDESVC - ok

19:21:52.0902 1904 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

19:21:52.0902 1904 Beep - ok

19:21:52.0965 1904 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

19:21:52.0980 1904 BFE - ok

19:21:53.0167 1904 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys

19:21:53.0183 1904 BHDrvx64 - ok

19:21:53.0230 1904 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll

19:21:53.0401 1904 BITS - ok

19:21:53.0464 1904 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

19:21:53.0464 1904 blbdrive - ok

19:21:53.0557 1904 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

19:21:53.0573 1904 Bonjour Service - ok

19:21:53.0620 1904 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

19:21:53.0620 1904 bowser - ok

19:21:53.0667 1904 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

19:21:53.0667 1904 BrFiltLo - ok

19:21:53.0698 1904 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

19:21:53.0698 1904 BrFiltUp - ok

19:21:53.0745 1904 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

19:21:53.0745 1904 BridgeMP - ok

19:21:53.0791 1904 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll

19:21:53.0807 1904 Browser - ok

19:21:53.0823 1904 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

19:21:53.0838 1904 Brserid - ok

19:21:53.0854 1904 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

19:21:53.0854 1904 BrSerWdm - ok

19:21:53.0901 1904 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

19:21:53.0901 1904 BrUsbMdm - ok

19:21:53.0916 1904 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

19:21:53.0916 1904 BrUsbSer - ok

19:21:53.0932 1904 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

19:21:53.0932 1904 BTHMODEM - ok

19:21:54.0010 1904 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

19:21:54.0025 1904 bthserv - ok

19:21:54.0072 1904 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

19:21:54.0072 1904 cdfs - ok

19:21:54.0135 1904 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

19:21:54.0135 1904 cdrom - ok

19:21:54.0181 1904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

19:21:54.0181 1904 CertPropSvc - ok

19:21:54.0244 1904 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

19:21:54.0244 1904 circlass - ok

19:21:54.0275 1904 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

19:21:54.0275 1904 CLFS - ok

19:21:54.0369 1904 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:21:54.0369 1904 clr_optimization_v2.0.50727_32 - ok

19:21:54.0447 1904 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:21:54.0447 1904 clr_optimization_v2.0.50727_64 - ok

19:21:54.0525 1904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:21:54.0525 1904 clr_optimization_v4.0.30319_32 - ok

19:21:54.0587 1904 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:21:54.0603 1904 clr_optimization_v4.0.30319_64 - ok

19:21:54.0665 1904 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

19:21:54.0665 1904 CmBatt - ok

19:21:54.0696 1904 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

19:21:54.0696 1904 cmdide - ok

19:21:54.0759 1904 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys

19:21:54.0759 1904 CNG - ok

19:21:54.0852 1904 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

19:21:54.0883 1904 CnxtHdAudService - ok

19:21:54.0946 1904 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

19:21:54.0946 1904 Compbatt - ok

19:21:55.0008 1904 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

19:21:55.0008 1904 CompositeBus - ok

19:21:55.0039 1904 COMSysApp - ok

19:21:55.0071 1904 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

19:21:55.0071 1904 crcdisk - ok

19:21:55.0117 1904 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll

19:21:55.0133 1904 CryptSvc - ok

19:21:55.0180 1904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

19:21:55.0195 1904 DcomLaunch - ok

19:21:55.0273 1904 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

19:21:55.0273 1904 defragsvc - ok

19:21:55.0336 1904 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

19:21:55.0336 1904 DfsC - ok

19:21:55.0383 1904 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

19:21:55.0398 1904 Dhcp - ok

19:21:55.0461 1904 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

19:21:55.0461 1904 discache - ok

19:21:55.0507 1904 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

19:21:55.0507 1904 Disk - ok

19:21:55.0539 1904 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

19:21:55.0554 1904 Dnscache - ok

19:21:55.0585 1904 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

19:21:55.0601 1904 dot3svc - ok

19:21:55.0632 1904 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

19:21:55.0632 1904 DPS - ok

19:21:55.0695 1904 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

19:21:55.0695 1904 drmkaud - ok

19:21:55.0741 1904 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

19:21:55.0757 1904 DXGKrnl - ok

19:21:55.0819 1904 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

19:21:55.0819 1904 EapHost - ok

19:21:55.0960 1904 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

19:21:56.0069 1904 ebdrv - ok

19:21:56.0147 1904 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

19:21:56.0163 1904 eeCtrl - ok

19:21:56.0194 1904 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

19:21:56.0194 1904 EFS - ok

19:21:56.0256 1904 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

19:21:56.0272 1904 ehRecvr - ok

19:21:56.0303 1904 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

19:21:56.0303 1904 ehSched - ok

19:21:56.0397 1904 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

19:21:56.0412 1904 elxstor - ok

19:21:56.0475 1904 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

19:21:56.0475 1904 EraserUtilRebootDrv - ok

19:21:56.0490 1904 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

19:21:56.0490 1904 ErrDev - ok

19:21:56.0584 1904 [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD C:\windows\system32\DRIVERS\ETD.sys

19:21:56.0584 1904 ETD - ok

19:21:56.0646 1904 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

19:21:56.0646 1904 EventSystem - ok

19:21:56.0693 1904 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

19:21:56.0693 1904 exfat - ok

19:21:56.0724 1904 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

19:21:56.0740 1904 fastfat - ok

19:21:56.0787 1904 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

19:21:56.0802 1904 Fax - ok

19:21:56.0833 1904 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

19:21:56.0849 1904 fdc - ok

19:21:56.0896 1904 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

19:21:56.0896 1904 fdPHost - ok

19:21:56.0943 1904 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

19:21:56.0943 1904 FDResPub - ok

19:21:56.0989 1904 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

19:21:56.0989 1904 FileInfo - ok

19:21:57.0005 1904 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

19:21:57.0005 1904 Filetrace - ok

19:21:57.0067 1904 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

19:21:57.0067 1904 flpydisk - ok

19:21:57.0099 1904 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

19:21:57.0099 1904 FltMgr - ok

19:21:57.0161 1904 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

19:21:57.0192 1904 FontCache - ok

19:21:57.0239 1904 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:21:57.0239 1904 FontCache3.0.0.0 - ok

19:21:57.0286 1904 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

19:21:57.0286 1904 FsDepends - ok

19:21:57.0317 1904 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

19:21:57.0317 1904 Fs_Rec - ok

19:21:57.0379 1904 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

19:21:57.0379 1904 fvevol - ok

19:21:57.0457 1904 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys

19:21:57.0457 1904 FwLnk - ok

19:21:57.0551 1904 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

19:21:57.0551 1904 gagp30kx - ok

19:21:57.0598 1904 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

19:21:57.0598 1904 GEARAspiWDM - ok

19:21:57.0645 1904 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

19:21:57.0660 1904 gpsvc - ok

19:21:57.0738 1904 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:21:57.0754 1904 gupdate - ok

19:21:57.0785 1904 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:21:57.0785 1904 gupdatem - ok

19:21:57.0832 1904 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

19:21:57.0832 1904 hcw85cir - ok

19:21:57.0879 1904 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

19:21:57.0894 1904 HdAudAddService - ok

19:21:57.0925 1904 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

19:21:57.0925 1904 HDAudBus - ok

19:21:57.0941 1904 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

19:21:57.0941 1904 HidBatt - ok

19:21:57.0957 1904 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

19:21:57.0957 1904 HidBth - ok

19:21:57.0972 1904 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

19:21:57.0972 1904 HidIr - ok

19:21:58.0035 1904 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

19:21:58.0035 1904 hidserv - ok

19:21:58.0097 1904 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys

19:21:58.0097 1904 HidUsb - ok

19:21:58.0144 1904 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

19:21:58.0144 1904 hkmsvc - ok

19:21:58.0175 1904 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

19:21:58.0175 1904 HomeGroupListener - ok

19:21:58.0222 1904 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

19:21:58.0222 1904 HomeGroupProvider - ok

19:21:58.0253 1904 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

19:21:58.0269 1904 HpSAMD - ok

19:21:58.0331 1904 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

19:21:58.0331 1904 HTTP - ok

19:21:58.0362 1904 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

19:21:58.0362 1904 hwpolicy - ok

19:21:58.0378 1904 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

19:21:58.0378 1904 i8042prt - ok

19:21:58.0440 1904 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

19:21:58.0456 1904 iaStorV - ok

19:21:58.0518 1904 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:21:58.0534 1904 idsvc - ok

19:21:58.0612 1904 [ 0B97F1A640AD3D159A7B5D2164C42E50 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120120.002\IDSvia64.sys

19:21:58.0627 1904 IDSVia64 - ok

19:21:58.0690 1904 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

19:21:58.0690 1904 iirsp - ok

19:21:58.0752 1904 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

19:21:58.0768 1904 IKEEXT - ok

19:21:58.0783 1904 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

19:21:58.0783 1904 intelide - ok

19:21:58.0815 1904 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys

19:21:58.0830 1904 intelppm - ok

19:21:58.0861 1904 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

19:21:58.0877 1904 IPBusEnum - ok

19:21:58.0893 1904 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

19:21:58.0893 1904 IpFilterDriver - ok

19:21:58.0955 1904 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

19:21:58.0971 1904 iphlpsvc - ok

19:21:58.0971 1904 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

19:21:58.0986 1904 IPMIDRV - ok

19:21:59.0017 1904 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

19:21:59.0017 1904 IPNAT - ok

19:21:59.0064 1904 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

19:21:59.0080 1904 iPod Service - ok

19:21:59.0127 1904 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

19:21:59.0127 1904 IRENUM - ok

19:21:59.0142 1904 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

19:21:59.0142 1904 isapnp - ok

19:21:59.0189 1904 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

19:21:59.0205 1904 iScsiPrt - ok

19:21:59.0236 1904 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

19:21:59.0236 1904 kbdclass - ok

19:21:59.0267 1904 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys

19:21:59.0267 1904 kbdhid - ok

19:21:59.0298 1904 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

19:21:59.0298 1904 KeyIso - ok

19:21:59.0329 1904 [ DA1E991A61CFDD755A589E206B97644B ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

19:21:59.0329 1904 KSecDD - ok

19:21:59.0345 1904 [ 7E33198D956943A4F11A5474C1E9106F ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

19:21:59.0361 1904 KSecPkg - ok

19:21:59.0407 1904 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

19:21:59.0407 1904 ksthunk - ok

19:21:59.0501 1904 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

19:21:59.0517 1904 KtmRm - ok

19:21:59.0563 1904 [ 0E154DA6CA9105354A07D0C576804037 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys

19:21:59.0563 1904 L1C - ok

19:21:59.0626 1904 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

19:21:59.0641 1904 LanmanServer - ok

19:21:59.0673 1904 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

19:21:59.0688 1904 LanmanWorkstation - ok

19:21:59.0751 1904 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

19:21:59.0751 1904 lltdio - ok

19:21:59.0797 1904 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

19:21:59.0813 1904 lltdsvc - ok

19:21:59.0829 1904 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

19:21:59.0829 1904 lmhosts - ok

19:21:59.0891 1904 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

19:21:59.0891 1904 LSI_FC - ok

19:21:59.0922 1904 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

19:21:59.0922 1904 LSI_SAS - ok

19:21:59.0938 1904 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

19:21:59.0938 1904 LSI_SAS2 - ok

19:21:59.0969 1904 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

19:21:59.0969 1904 LSI_SCSI - ok

19:22:00.0031 1904 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

19:22:00.0047 1904 luafv - ok

19:22:00.0078 1904 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys

19:22:00.0094 1904 MBAMProtector - ok

19:22:00.0156 1904 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:22:00.0172 1904 MBAMScheduler - ok

19:22:00.0250 1904 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:22:00.0265 1904 MBAMService - ok

19:22:00.0297 1904 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

19:22:00.0297 1904 Mcx2Svc - ok

19:22:00.0328 1904 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

19:22:00.0328 1904 megasas - ok

19:22:00.0390 1904 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

19:22:00.0406 1904 MegaSR - ok

19:22:00.0453 1904 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

19:22:00.0453 1904 MMCSS - ok

19:22:00.0468 1904 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

19:22:00.0468 1904 Modem - ok

19:22:00.0515 1904 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

19:22:00.0531 1904 monitor - ok

19:22:00.0562 1904 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

19:22:00.0562 1904 mouclass - ok

19:22:00.0593 1904 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys

19:22:00.0593 1904 mouhid - ok

19:22:00.0624 1904 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

19:22:00.0624 1904 mountmgr - ok

19:22:00.0640 1904 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

19:22:00.0640 1904 mpio - ok

19:22:00.0655 1904 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

19:22:00.0671 1904 mpsdrv - ok

19:22:00.0718 1904 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

19:22:00.0749 1904 MpsSvc - ok

19:22:00.0765 1904 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

19:22:00.0765 1904 MRxDAV - ok

19:22:00.0811 1904 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

19:22:00.0811 1904 mrxsmb - ok

19:22:00.0843 1904 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

19:22:00.0858 1904 mrxsmb10 - ok

19:22:00.0889 1904 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

19:22:00.0889 1904 mrxsmb20 - ok

19:22:00.0936 1904 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys

19:22:00.0936 1904 msahci - ok

19:22:00.0967 1904 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

19:22:00.0967 1904 msdsm - ok

19:22:00.0999 1904 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

19:22:00.0999 1904 MSDTC - ok

19:22:01.0045 1904 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

19:22:01.0061 1904 Msfs - ok

19:22:01.0077 1904 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

19:22:01.0077 1904 mshidkmdf - ok

19:22:01.0123 1904 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

19:22:01.0123 1904 msisadrv - ok

19:22:01.0170 1904 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

19:22:01.0170 1904 MSiSCSI - ok

19:22:01.0186 1904 msiserver - ok

19:22:01.0217 1904 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

19:22:01.0217 1904 MSKSSRV - ok

19:22:01.0264 1904 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

19:22:01.0264 1904 MSPCLOCK - ok

19:22:01.0264 1904 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

19:22:01.0279 1904 MSPQM - ok

19:22:01.0311 1904 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

19:22:01.0311 1904 MsRPC - ok

19:22:01.0342 1904 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

19:22:01.0342 1904 mssmbios - ok

19:22:01.0373 1904 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

19:22:01.0389 1904 MSTEE - ok

19:22:01.0389 1904 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

19:22:01.0404 1904 MTConfig - ok

19:22:01.0435 1904 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

19:22:01.0435 1904 Mup - ok

19:22:01.0482 1904 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

19:22:01.0498 1904 napagent - ok

19:22:01.0560 1904 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

19:22:01.0560 1904 NativeWifiP - ok

19:22:01.0623 1904 [ 2DBE90210DE76BE6E1653BB20EC70EC2 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120122.004\ENG64.SYS

19:22:01.0623 1904 NAVENG - ok

19:22:01.0701 1904 [ 346DA70E203B8E2C850277713DE8F71B ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120122.004\EX64.SYS

19:22:01.0732 1904 NAVEX15 - ok

19:22:01.0810 1904 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys

19:22:01.0825 1904 NDIS - ok

19:22:01.0857 1904 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

19:22:01.0872 1904 NdisCap - ok

19:22:01.0888 1904 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

19:22:01.0888 1904 NdisTapi - ok

19:22:01.0919 1904 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

19:22:01.0919 1904 Ndisuio - ok

19:22:01.0950 1904 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

19:22:01.0950 1904 NdisWan - ok

19:22:01.0981 1904 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

19:22:01.0981 1904 NDProxy - ok

19:22:02.0013 1904 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

19:22:02.0013 1904 NetBIOS - ok

19:22:02.0044 1904 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

19:22:02.0044 1904 NetBT - ok

19:22:02.0075 1904 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

19:22:02.0075 1904 Netlogon - ok

19:22:02.0137 1904 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

19:22:02.0137 1904 Netman - ok

19:22:02.0169 1904 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

19:22:02.0169 1904 netprofm - ok

19:22:02.0200 1904 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:22:02.0215 1904 NetTcpPortSharing - ok

19:22:02.0262 1904 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

19:22:02.0278 1904 nfrd960 - ok

19:22:02.0371 1904 [ E78A365CC3E0FBFC018A33DCE01909F8 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe

19:22:02.0371 1904 NIS - ok

19:22:02.0418 1904 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll

19:22:02.0434 1904 NlaSvc - ok

19:22:02.0527 1904 Norton PC Checkup Application Launcher - ok

19:22:02.0574 1904 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

19:22:02.0574 1904 Npfs - ok

19:22:02.0605 1904 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

19:22:02.0605 1904 nsi - ok

19:22:02.0652 1904 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

19:22:02.0652 1904 nsiproxy - ok

19:22:02.0746 1904 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

19:22:02.0777 1904 Ntfs - ok

19:22:02.0808 1904 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

19:22:02.0808 1904 Null - ok

19:22:02.0871 1904 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

19:22:02.0871 1904 nvraid - ok

19:22:02.0902 1904 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

19:22:02.0902 1904 nvstor - ok

19:22:02.0964 1904 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

19:22:02.0964 1904 nv_agp - ok

19:22:02.0980 1904 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

19:22:02.0980 1904 ohci1394 - ok

19:22:03.0027 1904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

19:22:03.0042 1904 p2pimsvc - ok

19:22:03.0073 1904 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

19:22:03.0089 1904 p2psvc - ok

19:22:03.0120 1904 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

19:22:03.0120 1904 Parport - ok

19:22:03.0167 1904 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

19:22:03.0167 1904 partmgr - ok

19:22:03.0198 1904 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

19:22:03.0214 1904 PcaSvc - ok

19:22:03.0276 1904 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\\ccSvcHst.exe

19:22:03.0276 1904 PCCUJobMgr - ok

19:22:03.0323 1904 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

19:22:03.0323 1904 pci - ok

19:22:03.0354 1904 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys

19:22:03.0354 1904 pciide - ok

19:22:03.0385 1904 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

19:22:03.0401 1904 pcmcia - ok

19:22:03.0448 1904 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

19:22:03.0463 1904 pcw - ok

19:22:03.0495 1904 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

19:22:03.0510 1904 PEAUTH - ok

19:22:03.0619 1904 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

19:22:03.0619 1904 PerfHost - ok

19:22:03.0697 1904 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys

19:22:03.0697 1904 PGEffect - ok

19:22:03.0775 1904 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

19:22:03.0791 1904 pla - ok

19:22:03.0853 1904 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

19:22:03.0869 1904 PlugPlay - ok

19:22:03.0885 1904 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

19:22:03.0900 1904 PNRPAutoReg - ok

19:22:03.0916 1904 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

19:22:03.0931 1904 PNRPsvc - ok

19:22:03.0978 1904 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

19:22:03.0978 1904 PolicyAgent - ok

19:22:04.0009 1904 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

19:22:04.0025 1904 Power - ok

19:22:04.0072 1904 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

19:22:04.0072 1904 PptpMiniport - ok

19:22:04.0103 1904 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

19:22:04.0103 1904 Processor - ok

19:22:04.0150 1904 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

19:22:04.0150 1904 ProfSvc - ok

19:22:04.0197 1904 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

19:22:04.0197 1904 ProtectedStorage - ok

19:22:04.0259 1904 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

19:22:04.0259 1904 Psched - ok

19:22:04.0368 1904 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

19:22:04.0399 1904 ql2300 - ok

19:22:04.0415 1904 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

19:22:04.0415 1904 ql40xx - ok

19:22:04.0462 1904 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

19:22:04.0477 1904 QWAVE - ok

19:22:04.0509 1904 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

19:22:04.0509 1904 QWAVEdrv - ok

19:22:04.0540 1904 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

19:22:04.0540 1904 RasAcd - ok

19:22:04.0571 1904 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

19:22:04.0571 1904 RasAgileVpn - ok

19:22:04.0587 1904 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

19:22:04.0602 1904 RasAuto - ok

19:22:04.0633 1904 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

19:22:04.0633 1904 Rasl2tp - ok

19:22:04.0680 1904 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

19:22:04.0696 1904 RasMan - ok

19:22:04.0711 1904 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

19:22:04.0711 1904 RasPppoe - ok

19:22:04.0758 1904 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

19:22:04.0758 1904 RasSstp - ok

19:22:04.0789 1904 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

19:22:04.0789 1904 rdbss - ok

19:22:04.0821 1904 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys

19:22:04.0821 1904 rdpbus - ok

19:22:04.0852 1904 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

19:22:04.0852 1904 RDPCDD - ok

19:22:04.0899 1904 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

19:22:04.0899 1904 RDPENCDD - ok

19:22:04.0945 1904 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

19:22:04.0945 1904 RDPREFMP - ok

19:22:04.0992 1904 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

19:22:04.0992 1904 RDPWD - ok

19:22:05.0039 1904 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

19:22:05.0055 1904 rdyboost - ok

19:22:05.0086 1904 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

19:22:05.0086 1904 RemoteAccess - ok

19:22:05.0133 1904 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

19:22:05.0148 1904 RemoteRegistry - ok

19:22:05.0164 1904 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

19:22:05.0164 1904 RpcEptMapper - ok

19:22:05.0211 1904 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

19:22:05.0211 1904 RpcLocator - ok

19:22:05.0273 1904 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

19:22:05.0273 1904 RpcSs - ok

19:22:05.0320 1904 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

19:22:05.0320 1904 rspndr - ok

19:22:05.0398 1904 [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys

19:22:05.0398 1904 RSUSBSTOR - ok

19:22:05.0491 1904 [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys

19:22:05.0507 1904 RTL8192Ce - ok

19:22:05.0523 1904 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

19:22:05.0538 1904 SamSs - ok

19:22:05.0569 1904 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

19:22:05.0569 1904 sbp2port - ok

19:22:05.0616 1904 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

19:22:05.0616 1904 SCardSvr - ok

19:22:05.0647 1904 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

19:22:05.0647 1904 scfilter - ok

19:22:05.0710 1904 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

19:22:05.0741 1904 Schedule - ok

19:22:05.0772 1904 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

19:22:05.0772 1904 SCPolicySvc - ok

19:22:05.0803 1904 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

19:22:05.0803 1904 SDRSVC - ok

19:22:05.0850 1904 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

19:22:05.0850 1904 secdrv - ok

19:22:05.0881 1904 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

19:22:05.0881 1904 seclogon - ok

19:22:05.0913 1904 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll

19:22:05.0913 1904 SENS - ok

19:22:05.0959 1904 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

19:22:05.0959 1904 SensrSvc - ok

19:22:06.0006 1904 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

19:22:06.0006 1904 Serenum - ok

19:22:06.0037 1904 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

19:22:06.0037 1904 Serial - ok

19:22:06.0053 1904 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

19:22:06.0053 1904 sermouse - ok

19:22:06.0100 1904 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

19:22:06.0115 1904 SessionEnv - ok

19:22:06.0131 1904 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

19:22:06.0131 1904 sffdisk - ok

19:22:06.0131 1904 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

19:22:06.0147 1904 sffp_mmc - ok

19:22:06.0147 1904 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

19:22:06.0162 1904 sffp_sd - ok

19:22:06.0178 1904 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

19:22:06.0178 1904 sfloppy - ok

19:22:06.0271 1904 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

19:22:06.0287 1904 SharedAccess - ok

19:22:06.0349 1904 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

19:22:06.0349 1904 ShellHWDetection - ok

19:22:06.0412 1904 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

19:22:06.0412 1904 SiSRaid2 - ok

19:22:06.0427 1904 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

19:22:06.0427 1904 SiSRaid4 - ok

19:22:06.0630 1904 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

19:22:06.0677 1904 Skype C2C Service - ok

19:22:06.0771 1904 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

19:22:06.0771 1904 SkypeUpdate - ok

19:22:06.0802 1904 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

19:22:06.0817 1904 Smb - ok

19:22:06.0864 1904 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

19:22:06.0880 1904 SNMPTRAP - ok

19:22:06.0895 1904 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

19:22:06.0895 1904 spldr - ok

19:22:06.0942 1904 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe

19:22:06.0958 1904 Spooler - ok

19:22:07.0067 1904 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

19:22:07.0129 1904 sppsvc - ok

19:22:07.0161 1904 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

19:22:07.0176 1904 sppuinotify - ok

19:22:07.0254 1904 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS

19:22:07.0270 1904 SRTSP - ok

19:22:07.0317 1904 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS

19:22:07.0317 1904 SRTSPX - ok

19:22:07.0363 1904 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

19:22:07.0363 1904 srv - ok

19:22:07.0395 1904 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

19:22:07.0410 1904 srv2 - ok

19:22:07.0441 1904 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

19:22:07.0441 1904 srvnet - ok

19:22:07.0504 1904 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

19:22:07.0504 1904 SSDPSRV - ok

19:22:07.0519 1904 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

19:22:07.0535 1904 SstpSvc - ok

19:22:07.0566 1904 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

19:22:07.0566 1904 stexstor - ok

19:22:07.0613 1904 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

19:22:07.0629 1904 stisvc - ok

19:22:07.0660 1904 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

19:22:07.0660 1904 swenum - ok

19:22:07.0707 1904 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

19:22:07.0722 1904 swprv - ok

19:22:07.0785 1904 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS

19:22:07.0785 1904 SymDS - ok

19:22:07.0831 1904 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS

19:22:07.0847 1904 SymEFA - ok

19:22:07.0894 1904 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS

19:22:07.0909 1904 SymEvent - ok

19:22:07.0941 1904 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS

19:22:07.0941 1904 SymIRON - ok

19:22:08.0003 1904 [ A6ADB3D83023F8DAA0F7B6FDA785D83B ] SymNetS C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS

19:22:08.0019 1904 SymNetS - ok

19:22:08.0081 1904 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

19:22:08.0112 1904 SysMain - ok

19:22:08.0143 1904 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

19:22:08.0143 1904 TabletInputService - ok

19:22:08.0190 1904 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

19:22:08.0190 1904 TapiSrv - ok

19:22:08.0221 1904 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

19:22:08.0237 1904 TBS - ok

19:22:08.0331 1904 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\windows\system32\drivers\tcpip.sys

19:22:08.0362 1904 Tcpip - ok

19:22:08.0409 1904 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

19:22:08.0440 1904 TCPIP6 - ok

19:22:08.0487 1904 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

19:22:08.0487 1904 tcpipreg - ok

19:22:08.0518 1904 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys

19:22:08.0533 1904 tdcmdpst - ok

19:22:08.0565 1904 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

19:22:08.0565 1904 TDPIPE - ok

19:22:08.0596 1904 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

19:22:08.0596 1904 TDTCP - ok

19:22:08.0658 1904 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

19:22:08.0658 1904 tdx - ok

19:22:08.0689 1904 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

19:22:08.0689 1904 TermDD - ok

19:22:08.0736 1904 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

19:22:08.0752 1904 TermService - ok

19:22:08.0767 1904 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

19:22:08.0783 1904 Themes - ok

19:22:08.0814 1904 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

19:22:08.0830 1904 THREADORDER - ok

19:22:08.0877 1904 [ DFE9BA871B9F3DBB591BD113611CBCC0 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

19:22:08.0877 1904 TMachInfo - ok

19:22:08.0923 1904 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe

19:22:08.0923 1904 TODDSrv - ok

19:22:09.0001 1904 [ DB9719688C08F42705FEB3F6A0C98B91 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

19:22:09.0001 1904 TosCoSrv - ok

19:22:09.0095 1904 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

19:22:09.0095 1904 TOSHIBA HDD SSD Alert Service - ok

19:22:09.0142 1904 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

19:22:09.0142 1904 TrkWks - ok

19:22:09.0204 1904 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

19:22:09.0204 1904 TrustedInstaller - ok

19:22:09.0251 1904 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

19:22:09.0267 1904 tssecsrv - ok

19:22:09.0282 1904 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

19:22:09.0298 1904 TsUsbFlt - ok

19:22:09.0313 1904 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

19:22:09.0313 1904 TsUsbGD - ok

19:22:09.0345 1904 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

19:22:09.0345 1904 tunnel - ok

19:22:09.0407 1904 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS

19:22:09.0407 1904 TVALZ - ok

19:22:09.0423 1904 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

19:22:09.0423 1904 uagp35 - ok

19:22:09.0469 1904 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

19:22:09.0485 1904 udfs - ok

19:22:09.0516 1904 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

19:22:09.0532 1904 UI0Detect - ok

19:22:09.0579 1904 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

19:22:09.0579 1904 uliagpkx - ok

19:22:09.0625 1904 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

19:22:09.0625 1904 umbus - ok

19:22:09.0641 1904 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

19:22:09.0641 1904 UmPass - ok

19:22:09.0672 1904 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

19:22:09.0672 1904 upnphost - ok

19:22:09.0719 1904 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

19:22:09.0719 1904 USBAAPL64 - ok

19:22:09.0750 1904 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

19:22:09.0750 1904 usbccgp - ok

19:22:09.0813 1904 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

19:22:09.0813 1904 usbcir - ok

19:22:09.0859 1904 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys

19:22:09.0859 1904 usbehci - ok

19:22:09.0891 1904 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

19:22:09.0906 1904 usbhub - ok

19:22:09.0953 1904 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys

19:22:09.0953 1904 usbohci - ok

19:22:09.0984 1904 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

19:22:09.0984 1904 usbprint - ok

19:22:10.0015 1904 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

19:22:10.0015 1904 USBSTOR - ok

19:22:10.0062 1904 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

19:22:10.0062 1904 usbuhci - ok

19:22:10.0078 1904 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

19:22:10.0093 1904 usbvideo - ok

19:22:10.0125 1904 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

19:22:10.0140 1904 UxSms - ok

19:22:10.0171 1904 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

19:22:10.0171 1904 VaultSvc - ok

19:22:10.0187 1904 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

19:22:10.0203 1904 vdrvroot - ok

19:22:10.0234 1904 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

19:22:10.0234 1904 vds - ok

19:22:10.0281 1904 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

19:22:10.0296 1904 vga - ok

19:22:10.0312 1904 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

19:22:10.0312 1904 VgaSave - ok

19:22:10.0374 1904 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

19:22:10.0374 1904 vhdmp - ok

19:22:10.0390 1904 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

19:22:10.0390 1904 viaide - ok

19:22:10.0437 1904 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

19:22:10.0437 1904 volmgr - ok

19:22:10.0468 1904 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

19:22:10.0483 1904 volmgrx - ok

19:22:10.0499 1904 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys

19:22:10.0499 1904 volsnap - ok

19:22:10.0577 1904 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

19:22:10.0577 1904 vsmraid - ok

19:22:10.0671 1904 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

19:22:10.0702 1904 VSS - ok

19:22:10.0717 1904 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

19:22:10.0717 1904 vwifibus - ok

19:22:10.0764 1904 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys

19:22:10.0764 1904 vwififlt - ok

19:22:10.0842 1904 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

19:22:10.0842 1904 vwifimp - ok

19:22:10.0889 1904 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

19:22:10.0905 1904 W32Time - ok

19:22:10.0951 1904 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

19:22:10.0951 1904 WacomPen - ok

19:22:10.0983 1904 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

19:22:10.0998 1904 WANARP - ok

19:22:10.0998 1904 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

19:22:10.0998 1904 Wanarpv6 - ok

19:22:11.0076 1904 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

19:22:11.0107 1904 WatAdminSvc - ok

19:22:11.0170 1904 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

19:22:11.0201 1904 wbengine - ok

19:22:11.0232 1904 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

19:22:11.0248 1904 WbioSrvc - ok

19:22:11.0279 1904 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

19:22:11.0279 1904 wcncsvc - ok

19:22:11.0310 1904 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

19:22:11.0326 1904 WcsPlugInService - ok

19:22:11.0388 1904 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

19:22:11.0388 1904 Wd - ok

19:22:11.0451 1904 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

19:22:11.0466 1904 Wdf01000 - ok

19:22:11.0497 1904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

19:22:11.0497 1904 WdiServiceHost - ok

19:22:11.0513 1904 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

19:22:11.0513 1904 WdiSystemHost - ok

19:22:11.0575 1904 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

19:22:11.0575 1904 WebClient - ok

19:22:11.0622 1904 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll

19:22:11.0622 1904 Wecsvc - ok

19:22:11.0638 1904 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

19:22:11.0653 1904 wercplsupport - ok

19:22:11.0685 1904 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

19:22:11.0685 1904 WerSvc - ok

19:22:11.0716 1904 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

19:22:11.0716 1904 WfpLwf - ok

19:22:11.0747 1904 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

19:22:11.0747 1904 WIMMount - ok

19:22:11.0778 1904 WinDefend - ok

19:22:11.0794 1904 WinHttpAutoProxySvc - ok

19:22:11.0872 1904 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

19:22:11.0872 1904 Winmgmt - ok

19:22:11.0965 1904 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll

19:22:11.0997 1904 WinRM - ok

19:22:12.0059 1904 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

19:22:12.0059 1904 WinUsb - ok

19:22:12.0106 1904 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

19:22:12.0137 1904 Wlansvc - ok

19:22:12.0215 1904 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

19:22:12.0215 1904 wlcrasvc - ok

19:22:12.0309 1904 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:22:12.0340 1904 wlidsvc - ok

19:22:12.0371 1904 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys

19:22:12.0371 1904 WmiAcpi - ok

19:22:12.0418 1904 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

19:22:12.0433 1904 wmiApSrv - ok

19:22:12.0480 1904 WMPNetworkSvc - ok

19:22:12.0511 1904 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

19:22:12.0527 1904 WPCSvc - ok

19:22:12.0543 1904 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

19:22:12.0558 1904 WPDBusEnum - ok

19:22:12.0589 1904 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

19:22:12.0589 1904 ws2ifsl - ok

19:22:12.0636 1904 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

19:22:12.0652 1904 wscsvc - ok

19:22:12.0667 1904 WSearch - ok

19:22:12.0777 1904 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

19:22:12.0823 1904 wuauserv - ok

19:22:12.0855 1904 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys

19:22:12.0855 1904 WudfPf - ok

19:22:12.0901 1904 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

19:22:12.0917 1904 WUDFRd - ok

19:22:12.0933 1904 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll

19:22:12.0948 1904 wudfsvc - ok

19:22:12.0979 1904 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll

19:22:12.0995 1904 WwanSvc - ok

19:22:13.0089 1904 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

19:22:13.0104 1904 YahooAUService - ok

19:22:13.0135 1904 ================ Scan global ===============================

19:22:13.0182 1904 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

19:22:13.0213 1904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

19:22:13.0229 1904 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

19:22:13.0276 1904 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

19:22:13.0307 1904 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

19:22:13.0323 1904 [Global] - ok

19:22:13.0323 1904 ================ Scan MBR ==================================

19:22:13.0354 1904 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

19:22:13.0681 1904 \Device\Harddisk0\DR0 - ok

19:22:13.0681 1904 ================ Scan VBR ==================================

19:22:13.0697 1904 [ 80FF801DBE2BBB8D72C04DF77D231689 ] \Device\Harddisk0\DR0\Partition1

19:22:13.0697 1904 \Device\Harddisk0\DR0\Partition1 - ok

19:22:13.0713 1904 ============================================================

19:22:13.0713 1904 Scan finished

19:22:13.0713 1904 ============================================================

19:22:13.0744 1408 Detected object count: 0

19:22:13.0744 1408 Actual detected object count: 0

That detected nothing while the system was in Safe Mode with Networking. I would request that you try to Restart the system and get Windows back into Normal mode, and then again run TDSSKILLER. And copy/paste the new log.

As much as possible, I want to see & have you stay in normal mode of Windows. That will allow the tools to better find active malware.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

I managed to run TDSSKiller by some miracle ( changed {"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon" /o} to {"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm" /o} and let it load the driver and quickly ran TDSS from within the Chameleon folder. However, even in normal mode TDSS found nothing. Here's the report:

14:38:29.0566 1436 TDSS rootkit removing tool Feb 11 2013 18:50:42

14:38:29.0800 1436 ============================================================

14:38:29.0800 1436 Current date / time: 2013/02/28 14:38:29.0800

14:38:29.0800 1436 SystemInfo:

14:38:29.0800 1436

14:38:29.0800 1436 OS Version: 6.1.7601 ServicePack: 1.0

14:38:29.0800 1436 Product type: Workstation

14:38:29.0800 1436 ComputerName: MESHALYNN-PC

14:38:29.0800 1436 UserName: Mesha Lynn

14:38:29.0800 1436 Windows directory: C:\windows

14:38:29.0800 1436 System windows directory: C:\windows

14:38:29.0800 1436 Running under WOW64

14:38:29.0800 1436 Processor architecture: Intel x64

14:38:29.0800 1436 Number of processors: 2

14:38:29.0800 1436 Page size: 0x1000

14:38:29.0800 1436 Boot type: Normal boot

14:38:29.0800 1436 ============================================================

14:38:33.0170 1436 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:38:33.0185 1436 ============================================================

14:38:33.0185 1436 \Device\Harddisk0\DR0:

14:38:33.0185 1436 MBR partitions:

14:38:33.0185 1436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800

14:38:33.0185 1436 ============================================================

14:38:33.0217 1436 C: <-> \Device\Harddisk0\DR0\Partition1

14:38:33.0217 1436 ============================================================

14:38:33.0217 1436 Initialize success

14:38:33.0217 1436 ============================================================

14:38:50.0954 1652 ============================================================

14:38:50.0954 1652 Scan started

14:38:50.0954 1652 Mode: Manual;

14:38:50.0954 1652 ============================================================

14:38:51.0968 1652 ================ Scan system memory ========================

14:38:51.0968 1652 System memory - ok

14:38:51.0983 1652 ================ Scan services =============================

14:38:52.0171 1652 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

14:38:52.0186 1652 1394ohci - ok

14:38:52.0233 1652 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

14:38:52.0249 1652 ACPI - ok

14:38:52.0280 1652 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

14:38:52.0295 1652 AcpiPmi - ok

14:38:52.0483 1652 [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:38:52.0498 1652 AdobeFlashPlayerUpdateSvc - ok

14:38:52.0545 1652 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

14:38:52.0561 1652 adp94xx - ok

14:38:52.0607 1652 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

14:38:52.0607 1652 adpahci - ok

14:38:52.0623 1652 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

14:38:52.0639 1652 adpu320 - ok

14:38:52.0685 1652 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

14:38:52.0685 1652 AeLookupSvc - ok

14:38:52.0795 1652 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

14:38:52.0810 1652 AFD - ok

14:38:52.0857 1652 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

14:38:52.0857 1652 agp440 - ok

14:38:52.0919 1652 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

14:38:52.0919 1652 ALG - ok

14:38:52.0935 1652 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

14:38:52.0935 1652 aliide - ok

14:38:52.0997 1652 [ A8B81D750556FB9A9266EC65BFAB63AF ] AMD External Events Utility C:\windows\system32\atiesrxx.exe

14:38:53.0013 1652 AMD External Events Utility - ok

14:38:53.0029 1652 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

14:38:53.0029 1652 amdide - ok

14:38:53.0060 1652 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

14:38:53.0060 1652 AmdK8 - ok

14:38:53.0356 1652 [ 7A1AC757F3A2A3126A806B7319CAB21B ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys

14:38:53.0590 1652 amdkmdag - ok

14:38:53.0684 1652 [ EEF6F806EEDFD1C746071F1FD684870E ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys

14:38:53.0699 1652 amdkmdap - ok

14:38:53.0715 1652 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys

14:38:53.0731 1652 AmdPPM - ok

14:38:53.0746 1652 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

14:38:53.0762 1652 amdsata - ok

14:38:53.0793 1652 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

14:38:53.0809 1652 amdsbs - ok

14:38:53.0824 1652 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

14:38:53.0824 1652 amdxata - ok

14:38:53.0855 1652 [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata C:\windows\system32\DRIVERS\amd_sata.sys

14:38:53.0855 1652 amd_sata - ok

14:38:53.0933 1652 [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata C:\windows\system32\DRIVERS\amd_xata.sys

14:38:53.0933 1652 amd_xata - ok

14:38:53.0980 1652 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

14:38:53.0980 1652 AppID - ok

14:38:54.0027 1652 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

14:38:54.0027 1652 AppIDSvc - ok

14:38:54.0058 1652 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll

14:38:54.0058 1652 Appinfo - ok

14:38:54.0199 1652 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:38:54.0214 1652 Apple Mobile Device - ok

14:38:54.0277 1652 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

14:38:54.0277 1652 arc - ok

14:38:54.0292 1652 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

14:38:54.0308 1652 arcsas - ok

14:38:54.0323 1652 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

14:38:54.0323 1652 AsyncMac - ok

14:38:54.0339 1652 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

14:38:54.0355 1652 atapi - ok

14:38:54.0417 1652 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

14:38:54.0433 1652 AudioEndpointBuilder - ok

14:38:54.0448 1652 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

14:38:54.0464 1652 AudioSrv - ok

14:38:54.0495 1652 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

14:38:54.0495 1652 AxInstSV - ok

14:38:54.0542 1652 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

14:38:54.0557 1652 b06bdrv - ok

14:38:54.0604 1652 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

14:38:54.0604 1652 b57nd60a - ok

14:38:54.0760 1652 [ 47480F4260DAE9AA589BCAF924B3767A ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe

14:38:54.0776 1652 BBSvc - ok

14:38:54.0791 1652 [ 6BF743CBF3BCD09DAB79245E60E1AE62 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe

14:38:54.0807 1652 BBUpdate - ok

14:38:54.0823 1652 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

14:38:54.0838 1652 BDESVC - ok

14:38:54.0901 1652 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

14:38:54.0901 1652 Beep - ok

14:38:54.0947 1652 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

14:38:54.0963 1652 BFE - ok

14:38:55.0181 1652 [ 1D757A7E020C577C4259A755F21B7152 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys

14:38:55.0213 1652 BHDrvx64 - ok

14:38:55.0275 1652 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll

14:38:55.0306 1652 BITS - ok

14:38:55.0384 1652 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

14:38:55.0400 1652 blbdrive - ok

14:38:55.0462 1652 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

14:38:55.0478 1652 Bonjour Service - ok

14:38:55.0556 1652 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

14:38:55.0556 1652 bowser - ok

14:38:55.0587 1652 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

14:38:55.0587 1652 BrFiltLo - ok

14:38:55.0618 1652 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

14:38:55.0618 1652 BrFiltUp - ok

14:38:55.0649 1652 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

14:38:55.0665 1652 BridgeMP - ok

14:38:55.0696 1652 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll

14:38:55.0696 1652 Browser - ok

14:38:55.0743 1652 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

14:38:55.0759 1652 Brserid - ok

14:38:55.0774 1652 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

14:38:55.0774 1652 BrSerWdm - ok

14:38:55.0790 1652 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

14:38:55.0790 1652 BrUsbMdm - ok

14:38:55.0805 1652 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

14:38:55.0805 1652 BrUsbSer - ok

14:38:55.0821 1652 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

14:38:55.0821 1652 BTHMODEM - ok

14:38:55.0852 1652 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

14:38:55.0868 1652 bthserv - ok

14:38:55.0930 1652 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

14:38:55.0930 1652 cdfs - ok

14:38:55.0946 1652 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

14:38:55.0961 1652 cdrom - ok

14:38:55.0993 1652 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

14:38:55.0993 1652 CertPropSvc - ok

14:38:56.0024 1652 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

14:38:56.0024 1652 circlass - ok

14:38:56.0086 1652 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

14:38:56.0086 1652 CLFS - ok

14:38:56.0164 1652 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:38:56.0180 1652 clr_optimization_v2.0.50727_32 - ok

14:38:56.0258 1652 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:38:56.0258 1652 clr_optimization_v2.0.50727_64 - ok

14:38:56.0320 1652 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:38:56.0523 1652 clr_optimization_v4.0.30319_32 - ok

14:38:56.0710 1652 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:38:56.0741 1652 clr_optimization_v4.0.30319_64 - ok

14:38:56.0851 1652 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

14:38:56.0851 1652 CmBatt - ok

14:38:56.0897 1652 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

14:38:56.0897 1652 cmdide - ok

14:38:56.0975 1652 [ C4943B6C962E4B82197542447AD599F4 ] CNG C:\windows\system32\Drivers\cng.sys

14:38:56.0991 1652 CNG - ok

14:38:57.0241 1652 [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys

14:38:57.0256 1652 CnxtHdAudService - ok

14:38:57.0365 1652 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys

14:38:57.0365 1652 Compbatt - ok

14:38:57.0397 1652 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

14:38:57.0412 1652 CompositeBus - ok

14:38:57.0412 1652 COMSysApp - ok

14:38:57.0443 1652 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

14:38:57.0459 1652 crcdisk - ok

14:38:57.0521 1652 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll

14:38:57.0521 1652 CryptSvc - ok

14:38:57.0615 1652 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

14:38:57.0631 1652 DcomLaunch - ok

14:38:57.0693 1652 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

14:38:57.0709 1652 defragsvc - ok

14:38:57.0771 1652 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

14:38:57.0787 1652 DfsC - ok

14:38:57.0880 1652 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

14:38:57.0896 1652 Dhcp - ok

14:38:58.0005 1652 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

14:38:58.0005 1652 discache - ok

14:38:58.0036 1652 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

14:38:58.0036 1652 Disk - ok

14:38:58.0114 1652 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

14:38:58.0114 1652 Dnscache - ok

14:38:58.0208 1652 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

14:38:58.0223 1652 dot3svc - ok

14:38:58.0270 1652 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

14:38:58.0270 1652 DPS - ok

14:38:58.0348 1652 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

14:38:58.0348 1652 drmkaud - ok

14:38:58.0411 1652 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

14:38:58.0426 1652 DXGKrnl - ok

14:38:58.0535 1652 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

14:38:58.0535 1652 EapHost - ok

14:38:59.0003 1652 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

14:38:59.0128 1652 ebdrv - ok

14:38:59.0269 1652 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

14:38:59.0284 1652 eeCtrl - ok

14:38:59.0347 1652 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

14:38:59.0347 1652 EFS - ok

14:38:59.0534 1652 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

14:38:59.0581 1652 ehRecvr - ok

14:38:59.0643 1652 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

14:38:59.0643 1652 ehSched - ok

14:38:59.0846 1652 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

14:38:59.0861 1652 elxstor - ok

14:38:59.0939 1652 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

14:38:59.0955 1652 EraserUtilRebootDrv - ok

14:38:59.0986 1652 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

14:39:00.0002 1652 ErrDev - ok

14:39:00.0080 1652 [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD C:\windows\system32\DRIVERS\ETD.sys

14:39:00.0080 1652 ETD - ok

14:39:00.0251 1652 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

14:39:00.0267 1652 EventSystem - ok

14:39:00.0376 1652 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

14:39:00.0392 1652 exfat - ok

14:39:00.0470 1652 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

14:39:00.0485 1652 fastfat - ok

14:39:00.0657 1652 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

14:39:00.0719 1652 Fax - ok

14:39:00.0751 1652 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

14:39:00.0751 1652 fdc - ok

14:39:00.0797 1652 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

14:39:00.0813 1652 fdPHost - ok

14:39:00.0860 1652 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

14:39:00.0860 1652 FDResPub - ok

14:39:00.0953 1652 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

14:39:00.0953 1652 FileInfo - ok

14:39:00.0985 1652 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

14:39:00.0985 1652 Filetrace - ok

14:39:04.0916 1652 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

14:39:04.0916 1652 flpydisk - ok

14:39:32.0918 1652 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

14:39:37.0052 1652 FltMgr - ok

14:43:31.0848 1652 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

14:43:31.0910 1652 FontCache - ok

14:45:32.0717 1652 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:46:21.0093 1652 FontCache3.0.0.0 - ok

14:47:09.0624 1652 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

14:47:09.0640 1652 FsDepends - ok

14:47:58.0359 1652 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

14:47:58.0374 1652 Fs_Rec - ok

14:48:46.0859 1652 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

14:49:11.0008 1652 fvevol - ok

14:50:47.0962 1652 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys

14:50:47.0962 1652 FwLnk - ok

14:51:36.0432 1652 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

14:52:00.0643 1652 gagp30kx - ok

14:54:25.0941 1652 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

14:54:25.0941 1652 GEARAspiWDM - ok

14:57:15.0186 1652 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

14:57:39.0366 1652 gpsvc - ok

15:02:02.0492 1652 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

-End TDSS log-

Then I saw your post and ran FRST64. Here's the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013

Ran by SYSTEM at 28-02-2013 18:42:19

Running from F:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

Tcpip\Parameters: [DhcpNameServer]

==================== Services (Whitelisted) ===================

4 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)

4 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)

2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)

4 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe /s [132056 2012-11-15] (Symantec Corporation)

2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\\diMaster.dll" /prefetch:1 [132984 2011-02-03] (Symantec Corporation)

2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]

2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]

2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]

==================== Drivers (Whitelisted) =====================

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)

1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-15] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-15] (Symantec Corporation)

1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120120.002\IDSvia64.sys [488568 2011-12-23] (Symantec Corporation)

3 mbamchameleon; C:\Windows\System32\Drivers\mbamchameleon.sys [36680 2013-02-28] ()

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120122.004\ENG64.SYS [117880 2012-01-12] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120122.004\EX64.SYS [2048632 2012-01-12] (Symantec Corporation)

3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)

3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-25] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)

1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2013-02-28 18:42 - 2013-02-28 18:42 - 00000000 ____D C:\FRST

2013-02-28 16:03 - 2013-02-28 16:03 - 00019523 ____A C:\Users\Mesha Lynn\Documents\TDSS2.txt

2013-02-28 16:02 - 2013-02-28 16:02 - 00019523 ____A C:\Users\Mesha Lynn\Desktop\TDSSnrmal.txt

2013-02-28 03:30 - 2013-02-28 03:30 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-02-27 19:37 - 2013-02-27 19:37 - 334597421 ____A C:\Windows\MEMORY.DMP

2013-02-27 19:37 - 2013-02-27 19:37 - 00544544 ____A C:\Windows\Minidump\022713-36426-01.dmp

2013-02-27 11:19 - 2013-02-27 11:19 - 00958368 ____A (Bleeping Computer, LLC) C:\Users\Mesha Lynn\Downloads\rkill (1)64.com

2013-02-26 19:24 - 2013-02-26 19:24 - 00066449 ____A C:\Users\Mesha Lynn\Desktop\TDDS report.txt

2013-02-26 18:13 - 2013-02-26 18:13 - 00007605 ____A C:\Users\Mesha Lynn\AppData\Local\Resmon.ResmonCfg

2013-02-26 15:25 - 2013-02-26 15:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\46718093.sys

2013-02-26 14:07 - 2013-02-28 03:17 - 00000560 ____A C:\Windows\setupact.log

2013-02-26 14:07 - 2013-02-26 14:07 - 00000000 ____A C:\Windows\setuperr.log

2013-02-25 16:13 - 2013-02-25 16:14 - 00002681 ____A C:\Users\Mesha Lynn\Desktop\RKreport[1]_S_02252013_02d1613.txt

2013-02-25 16:08 - 2013-02-25 16:13 - 00000000 ____D C:\Users\Mesha Lynn\Desktop\RK_Quarantine

2013-02-25 16:07 - 2013-02-25 16:07 - 00816640 ____A C:\Users\Mesha Lynn\Downloads\RogueKiller.exe

2013-02-25 16:05 - 2013-02-28 16:07 - 00000948 ____A C:\Users\Mesha Lynn\Desktop\Rkill.txt

2013-02-25 16:05 - 2013-02-25 16:05 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Mesha Lynn\Downloads\rkill (1).com

2013-02-24 17:04 - 2013-02-24 17:04 - 00688992 ____R (Swearware) C:\Users\Mesha Lynn\Downloads\dds.com

2013-02-23 21:17 - 2013-02-27 04:29 - 00007687 ____A C:\Windows\WindowsUpdate.log

2013-02-23 17:49 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2013-02-23 17:49 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2013-02-23 17:49 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2013-02-23 17:49 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2013-02-23 17:49 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2013-02-23 17:49 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2013-02-23 17:49 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2013-02-23 17:49 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2013-02-23 14:16 - 2013-02-23 14:16 - 00000000 ____D C:\Users\Mesha Lynn\Documents\ProcAlyzer Dumps

2013-02-23 13:36 - 2013-02-23 18:10 - 00000000 ____D C:\Qoobox

2013-02-23 13:34 - 2013-02-23 13:35 - 05034320 ____R (Swearware) C:\Users\Mesha Lynn\Downloads\ComboFix.exe

2013-02-23 08:31 - 2013-02-23 08:31 - 00000000 ____D C:\Users\Mesha Lynn\Downloads\mbar-

2013-02-23 08:29 - 2013-02-23 08:31 - 13711621 ____A C:\Users\Mesha Lynn\Downloads\mbar-

2013-02-22 01:47 - 2013-02-22 01:48 - 00479869 ____A (Trend Micro Inc.) C:\Users\Mesha Lynn\Downloads\HousecallLauncher (1).exe

2013-02-22 01:27 - 2013-02-22 01:28 - 00000000 ____D C:\Program Files (x86)\Safer Networking

2013-02-21 19:32 - 2013-02-21 19:33 - 07966432 ____A (Safer Networking Limited ) C:\Users\Mesha Lynn\Downloads\runalyz-

2013-02-21 19:32 - 2013-02-21 19:32 - 01339719 ____A C:\Users\Mesha Lynn\Downloads\rootalyz-

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ____D C:\Users\Mesha Lynn\Downloads\rootalyz-

2013-02-21 19:31 - 2013-02-21 19:31 - 01752632 ____A (Safer-Networking Ltd. ) C:\Users\Mesha Lynn\Downloads\regalyz-

2013-02-21 18:11 - 2013-02-28 16:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-21 18:11 - 2013-02-21 18:11 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-21 18:11 - 2013-02-21 18:11 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Roaming\Malwarebytes

2013-02-21 18:11 - 2013-02-21 18:11 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-21 18:11 - 2012-12-14 16:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2013-02-21 18:08 - 2013-02-21 18:08 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-02-21 18:08 - 2013-02-21 18:08 - 00000000 ____D C:\Program Files\CCleaner

2013-02-21 18:03 - 2013-02-21 16:19 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Mesha Lynn\Desktop\mbam-setup-

2013-02-21 18:03 - 2013-02-21 16:18 - 04189792 ____A (Piriform Ltd) C:\Users\Mesha Lynn\Desktop\ccsetup327.exe

2013-02-21 15:58 - 2013-02-21 15:58 - 00001235 ____A C:\Users\Mesha Lynn\Desktop\Revo Uninstaller.lnk

2013-02-21 15:57 - 2013-02-21 15:57 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-02-21 01:20 - 2013-02-23 13:35 - 00000000 ____D C:\Windows\erdnt

2013-02-21 01:19 - 2013-02-21 01:05 - 04732416 ____A (AVAST Software) C:\Users\Mesha Lynn\Desktop\aswMBR.exe

2013-02-21 01:19 - 2013-02-21 01:02 - 00881935 ____A C:\Users\Mesha Lynn\Desktop\SecurityCheck.exe

2013-02-20 23:02 - 2013-02-20 23:02 - 00000164 ____A C:\Windows\wininit.ini

2013-02-20 21:18 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\System32\Drivers\etc\hosts.20130220-211821.backup

2013-02-20 21:08 - 2013-02-23 14:16 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-02-20 21:00 - 2013-02-20 21:03 - 55454464 ____A (Safer-Networking Ltd. ) C:\Users\Mesha Lynn\Downloads\SpybotSD2.exe

2013-02-20 20:16 - 2013-02-21 20:53 - 00000446 ____A C:\Windows\Tasks\PC Checkup 3 Weekly Scan.job

2013-02-13 08:53 - 2013-02-13 08:53 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Local\Symantec

2013-02-08 21:32 - 2013-02-08 21:32 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url

==================== One Month Modified Files and Folders =======

2013-02-28 16:07 - 2013-02-25 16:05 - 00000948 ____A C:\Users\Mesha Lynn\Desktop\Rkill.txt

2013-02-28 16:07 - 2013-02-21 18:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-02-28 16:03 - 2013-02-28 16:03 - 00019523 ____A C:\Users\Mesha Lynn\Documents\TDSS2.txt

2013-02-28 16:02 - 2013-02-28 16:02 - 00019523 ____A C:\Users\Mesha Lynn\Desktop\TDSSnrmal.txt

2013-02-28 15:53 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-02-28 15:52 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-02-28 13:38 - 2012-02-25 14:59 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Local\Tific

2013-02-28 13:38 - 2011-12-25 09:01 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Roaming\Tific

2013-02-28 03:30 - 2013-02-28 03:30 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2013-02-28 03:17 - 2013-02-26 14:07 - 00000560 ____A C:\Windows\setupact.log

2013-02-28 03:17 - 2011-12-07 12:44 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-02-28 03:17 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-02-28 03:13 - 2011-12-07 12:44 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-02-27 21:01 - 2012-11-15 00:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-02-27 19:37 - 2013-02-27 19:37 - 334597421 ____A C:\Windows\MEMORY.DMP

2013-02-27 19:37 - 2013-02-27 19:37 - 00544544 ____A C:\Windows\Minidump\022713-36426-01.dmp

2013-02-27 19:37 - 2012-07-30 20:52 - 00000000 ____D C:\Windows\Minidump

2013-02-27 11:19 - 2013-02-27 11:19 - 00958368 ____A (Bleeping Computer, LLC) C:\Users\Mesha Lynn\Downloads\rkill (1)64.com

2013-02-27 04:29 - 2013-02-23 21:17 - 00007687 ____A C:\Windows\WindowsUpdate.log

2013-02-26 19:26 - 2009-07-13 21:13 - 00005152 ____A C:\Windows\System32\PerfStringBackup.INI

2013-02-26 19:24 - 2013-02-26 19:24 - 00066449 ____A C:\Users\Mesha Lynn\Desktop\TDDS report.txt

2013-02-26 18:13 - 2013-02-26 18:13 - 00007605 ____A C:\Users\Mesha Lynn\AppData\Local\Resmon.ResmonCfg

2013-02-26 15:25 - 2013-02-26 15:25 - 00208216 ____A (Kaspersky Lab, GERT) C:\Windows\System32\Drivers\46718093.sys

2013-02-26 14:07 - 2013-02-26 14:07 - 00000000 ____A C:\Windows\setuperr.log

2013-02-25 16:14 - 2013-02-25 16:13 - 00002681 ____A C:\Users\Mesha Lynn\Desktop\RKreport[1]_S_02252013_02d1613.txt

2013-02-25 16:13 - 2013-02-25 16:08 - 00000000 ____D C:\Users\Mesha Lynn\Desktop\RK_Quarantine

2013-02-25 16:07 - 2013-02-25 16:07 - 00816640 ____A C:\Users\Mesha Lynn\Downloads\RogueKiller.exe

2013-02-25 16:05 - 2013-02-25 16:05 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Mesha Lynn\Downloads\rkill (1).com

2013-02-24 17:04 - 2013-02-24 17:04 - 00688992 ____R (Swearware) C:\Users\Mesha Lynn\Downloads\dds.com

2013-02-23 18:10 - 2013-02-23 13:36 - 00000000 ____D C:\Qoobox

2013-02-23 18:04 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2013-02-23 14:16 - 2013-02-23 14:16 - 00000000 ____D C:\Users\Mesha Lynn\Documents\ProcAlyzer Dumps

2013-02-23 14:16 - 2013-02-20 21:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-02-23 13:35 - 2013-02-23 13:34 - 05034320 ____R (Swearware) C:\Users\Mesha Lynn\Downloads\ComboFix.exe

2013-02-23 13:35 - 2013-02-21 01:20 - 00000000 ____D C:\Windows\erdnt

2013-02-23 08:31 - 2013-02-23 08:31 - 00000000 ____D C:\Users\Mesha Lynn\Downloads\mbar-

2013-02-23 08:31 - 2013-02-23 08:29 - 13711621 ____A C:\Users\Mesha Lynn\Downloads\mbar-

2013-02-22 01:48 - 2013-02-22 01:47 - 00479869 ____A (Trend Micro Inc.) C:\Users\Mesha Lynn\Downloads\HousecallLauncher (1).exe

2013-02-22 01:28 - 2013-02-22 01:27 - 00000000 ____D C:\Program Files (x86)\Safer Networking

2013-02-21 20:53 - 2013-02-20 20:16 - 00000446 ____A C:\Windows\Tasks\PC Checkup 3 Weekly Scan.job

2013-02-21 19:33 - 2013-02-21 19:32 - 07966432 ____A (Safer Networking Limited ) C:\Users\Mesha Lynn\Downloads\runalyz-

2013-02-21 19:32 - 2013-02-21 19:32 - 01339719 ____A C:\Users\Mesha Lynn\Downloads\rootalyz-

2013-02-21 19:32 - 2013-02-21 19:32 - 00000000 ____D C:\Users\Mesha Lynn\Downloads\rootalyz-

2013-02-21 19:31 - 2013-02-21 19:31 - 01752632 ____A (Safer-Networking Ltd. ) C:\Users\Mesha Lynn\Downloads\regalyz-

2013-02-21 19:08 - 2011-12-25 08:32 - 00000000 ____D C:\users\Mesha Lynn

2013-02-21 18:22 - 2011-12-07 12:43 - 00000000 ____D C:\Program Files\Google

2013-02-21 18:22 - 2011-12-07 12:43 - 00000000 ____D C:\Program Files (x86)\Google

2013-02-21 18:11 - 2013-02-21 18:11 - 00001080 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-02-21 18:11 - 2013-02-21 18:11 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Roaming\Malwarebytes

2013-02-21 18:11 - 2013-02-21 18:11 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-02-21 18:09 - 2011-12-26 16:53 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Roaming\Skype

2013-02-21 18:08 - 2013-02-21 18:08 - 00000833 ____A C:\Users\Public\Desktop\CCleaner.lnk

2013-02-21 18:08 - 2013-02-21 18:08 - 00000000 ____D C:\Program Files\CCleaner

2013-02-21 18:02 - 2012-11-15 00:51 - 00000000 ____D C:\Program Files (x86)\Yahoo!

2013-02-21 17:51 - 2011-12-25 08:44 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Local\Google

2013-02-21 17:49 - 2012-08-31 13:14 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Local\Unity

2013-02-21 17:44 - 2012-12-11 17:21 - 00000000 ____D C:\ProgramData\ParetoLogic

2013-02-21 17:30 - 2011-03-29 18:48 - 00000000 ____D C:\Program Files (x86)\Java

2013-02-21 16:19 - 2013-02-21 18:03 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Mesha Lynn\Desktop\mbam-setup-

2013-02-21 16:18 - 2013-02-21 18:03 - 04189792 ____A (Piriform Ltd) C:\Users\Mesha Lynn\Desktop\ccsetup327.exe

2013-02-21 15:58 - 2013-02-21 15:58 - 00001235 ____A C:\Users\Mesha Lynn\Desktop\Revo Uninstaller.lnk

2013-02-21 15:57 - 2013-02-21 15:57 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2013-02-21 01:50 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default

2013-02-21 01:12 - 2009-07-13 18:34 - 00445760 ___RA C:\Windows\System32\Drivers\etc\hosts.20130223-165830.backup

2013-02-21 01:05 - 2013-02-21 01:19 - 04732416 ____A (AVAST Software) C:\Users\Mesha Lynn\Desktop\aswMBR.exe

2013-02-21 01:02 - 2013-02-21 01:19 - 00881935 ____A C:\Users\Mesha Lynn\Desktop\SecurityCheck.exe

2013-02-20 23:02 - 2013-02-20 23:02 - 00000164 ____A C:\Windows\wininit.ini

2013-02-20 21:18 - 2009-07-13 18:34 - 00445760 ___RA C:\Windows\System32\Drivers\etc\hosts.20130221-011207.backup

2013-02-20 21:03 - 2013-02-20 21:00 - 55454464 ____A (Safer-Networking Ltd. ) C:\Users\Mesha Lynn\Downloads\SpybotSD2.exe

2013-02-20 20:21 - 2012-02-07 05:10 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Roaming\MusicNet

2013-02-20 20:21 - 2011-12-28 22:04 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Local\CrashDumps

2013-02-20 20:21 - 2011-03-29 19:11 - 00000000 ____D C:\Windows\Panther

2013-02-20 19:15 - 2012-12-11 17:20 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Local\PC MightyMax 2012

2013-02-17 21:08 - 2012-11-25 04:28 - 00000000 ____D C:\Program Files (x86)\PC Checkup

2013-02-17 21:08 - 2012-03-02 19:28 - 00000000 ____D C:\users\Guest

2013-02-17 21:08 - 2011-12-26 16:53 - 00000000 ____D C:\ProgramData\Skype

2013-02-17 21:08 - 2011-12-07 12:33 - 00000000 ____D C:\ProgramData\Norton

2013-02-17 21:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration

2013-02-13 08:53 - 2013-02-13 08:53 - 00000000 ____D C:\Users\Mesha Lynn\AppData\Local\Symantec

2013-02-08 21:32 - 2013-02-08 21:32 - 00000231 ____A C:\Users\Public\Desktop\More Great Games.url

2013-02-08 21:26 - 2012-01-10 22:53 - 00000000 ____D C:\ProgramData\Big Fish Games

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-08 03:30:02

Restore point made on: 2012-12-11 13:57:32

Restore point made on: 2012-12-26 20:27:23

Restore point made on: 2013-01-06 14:30:38

Restore point made on: 2013-01-17 10:44:37

Restore point made on: 2013-01-30 06:46:26

Restore point made on: 2013-02-06 12:18:35

==================== Memory info ===========================

Percentage of memory in use: 18%

Total physical RAM: 2662.87 MB

Available physical RAM: 2170.86 MB

Total Pagefile: 2661.07 MB

Available Pagefile: 2154.89 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (TI106147W0C) (Fixed) (Total:285.29 GB) (Free:195.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]

2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive f: (SAINTS-S3CE) (Removable) (Total:1.79 GB) (Free:0.91 GB) FAT32

5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 1840 MB 0 B

Partitions of Disk 0:


Disk ID: 2B538AD9

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 1500 MB 1024 KB

Partition 2 Primary 285 GB 1501 MB

Partition 3 Primary 11 GB 286 GB


Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden


Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C TI106147W0C NTFS Partition 285 GB Healthy


Disk: 0

Partition 3

Type : 17 (Suspicious Type)

Hidden: Yes

Active: No

There is no volume associated with this partition.


Partitions of Disk 1:


Disk ID: 00000001

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 1840 MB 0 B


Disk: 1

There is no partition selected.

There is no partition selected.

Please select a partition and try again.


Last Boot: 2013-02-06 12:18

==================== End Of Log =============================

You appear to have gotten and ran Combofix on your own on the 23rd Feb. Why? icon_twisted.gif

Set the system back (restart) to Safe Mode with Networking .....IF and only if normal mode is not use-able.

However, I would ask that you have re-doubled infinite patience as the system loads.

Copy and Paste all contents of C:\Combofix.txt

Copy and Paste all contents of C:\Qoobox\ComboFix-quarantined-files.txt

Use separate replies as needed.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the otlDesktopIcon.png icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add Reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.


On the following screen:


uncheck trace disk IO calls at the bottom left :excl:

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

