LandzDown Forum

Yesterday wanted to get updated Adobe Flash Player, but MSE window flashed warning of a Rootkit.Sirefef.spy trojan that it was unable to prevent.
1. I (mistake!) download and ran Panda Online Scanner.  It found nothing...but did install a bunch of Win32/Bundled.Toolbar.Google and variants of the Google toolbar despite my checking for unwanted goodies.
2.  I downloaded and ran Eset Online Scanner with every option and removed the unwanted toolbars courtesy of Panda.
3.  Ran MSE's Full Scan and it found and deleted a Rogue: JS/FakeCall.D trojan.
4.  Downloaded and ran Malewarebytes.  It found nothing.
5. Shutdown and Restart.  Reran MSE, Eset, MSE Full Scan.  All showed clean.

None of the scanners said anything about finding let alone deleting the original Rootkit.Sirefef.spy trojan, so I came here.

--------------------------------------
Checkup

Results of screen317's Security Check version 1.013 --- 11/28/15 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Microsoft Security Essentials   
Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
Adobe Flash Player 19.0.0.245 
Mozilla Firefox (42.0)
Mozilla Thunderbird (38.2.0)
````````Process Check: objlist.exe by Laurent````````[/u] 
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

--------------------------------------------------------------

FRS.text

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-12-2015
Ran by Kathleen (administrator) on HOME-DESKTOP (04-12-2015 12:03:57)
Running from C:\Users\Kyer\Downloads
Loaded Profiles: Kathleen & Kyer (Available Profiles: Kathleen & Kyer)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP ENVY 110 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Hewlett-Packard Co.) C:\Program Files\hp\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe
(WordWeb Software) C:\Users\Kyer\AppData\Roaming\WordWeb\wweb32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe [363752 2012-09-19] (BillP Studios)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [363752 2012-09-19] (BillP Studios)
HKLM\...\RunOnce: [MSPCLOCK] => rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\RunOnce: [MSPQM] => rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\RunOnce: [MSKSSRV] => rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\RunOnce: [MSTEE.CxTransform] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [MSTEE.Splitter] => rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interf (the data entry has 11 more characters).
HKLM\...\RunOnce: [WDM_DRMKAUD] => rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD. (the data entry has 17 more characters).
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\Run: [HP ENVY 110 series (NET)] => C:\Program Files\hp\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Kyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 110 series (Network).lnk [2015-12-04]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 110 series (Network).lnk -> C:\Program Files\hp\HP ENVY 110 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{78490266-4C20-422C-8947-66E2248928E5}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{F06E1F44-C8C6-4CEF-99AF-1AFEE3DFCFCB}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.weather.com/weather/tenday/Phoenix+AZ+USAZ0166:1:US
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {FCBCD63C-6AAF-4027-A6E5-849D6BDFDB58} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {FCBCD63C-6AAF-4027-A6E5-849D6BDFDB58} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> {FCBCD63C-6AAF-4027-A6E5-849D6BDFDB58} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Kathleen\AppData\Roaming\Mozilla\Firefox\Profiles\rqsxz0mz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3304200418-2677000351-4278508572-1000: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: No Name - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2012-10-21] [not signed]
FF HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Users\Kyer\AppData\Roaming\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Users\Kyer\AppData\Roaming\WordWeb\WCaptureMoz [2011-12-12] [not signed]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-18] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-06-18] (Microsoft) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1847680 2012-08-17] (Hauppauge Computer Works, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 12:03 - 2015-12-04 12:04 - 00015923 _____ C:\Users\Kyer\Downloads\FRST.txt
2015-12-04 12:03 - 2015-12-04 12:03 - 02350080 _____ (Farbar) C:\Users\Kyer\Downloads\FRST64.exe
2015-12-04 11:42 - 2015-12-04 11:42 - 00852771 _____ C:\Users\Kyer\Desktop\SecurityCheck.exe
2015-12-04 11:39 - 2015-12-04 12:03 - 00000000 ____D C:\FRST
2015-12-03 09:02 - 2015-12-03 09:02 - 02870984 _____ (ESET) C:\Users\Kyer\Downloads\esetsmartinstaller_enu.exe
2015-12-03 08:40 - 2015-12-03 09:05 - 00000000 ____D C:\Users\Kyer\AppData\Roaming\Panda Security
2015-12-03 08:39 - 2015-12-03 09:06 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-03 08:38 - 2015-12-03 09:05 - 00000000 ____D C:\ProgramData\Panda Security
2015-12-03 08:20 - 2015-12-03 08:20 - 22908888 _____ (Malwarebytes ) C:\Users\Kyer\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-13 04:32 - 2015-11-03 10:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-10 15:20 - 2015-11-14 12:16 - 00000000 ____D C:\Users\Kyer\Desktop\Movies to Save
2015-11-10 14:05 - 2015-11-03 15:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 14:05 - 2015-11-03 14:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-10 14:05 - 2015-10-30 16:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 14:05 - 2015-10-30 16:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 14:05 - 2015-10-30 16:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-10 14:05 - 2015-10-30 16:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 14:05 - 2015-10-30 16:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 14:05 - 2015-10-30 16:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 14:05 - 2015-10-30 16:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-10 14:05 - 2015-10-30 16:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 14:05 - 2015-10-30 16:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-10 14:05 - 2015-10-30 16:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 14:05 - 2015-10-30 16:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 14:05 - 2015-10-30 16:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 14:05 - 2015-10-30 16:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-10 14:05 - 2015-10-30 16:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-10 14:05 - 2015-10-30 16:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 14:05 - 2015-10-30 16:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 14:05 - 2015-10-30 16:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-10 14:05 - 2015-10-30 16:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-10 14:05 - 2015-10-30 16:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 14:05 - 2015-10-30 15:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 14:05 - 2015-10-30 15:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 14:05 - 2015-10-30 15:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 14:05 - 2015-10-30 15:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 14:05 - 2015-10-30 15:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 14:05 - 2015-10-30 15:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 14:05 - 2015-10-30 15:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 14:05 - 2015-10-30 15:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-10 14:05 - 2015-10-30 15:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 14:05 - 2015-10-30 15:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-10 14:05 - 2015-10-30 15:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-10 14:05 - 2015-10-30 15:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-10 14:05 - 2015-10-30 15:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 14:05 - 2015-10-30 15:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 14:05 - 2015-10-30 15:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-10 14:05 - 2015-10-30 15:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 14:05 - 2015-10-30 15:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 14:05 - 2015-10-30 15:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-10 14:05 - 2015-10-30 15:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-10 14:05 - 2015-10-30 15:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-10 14:05 - 2015-10-30 15:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 14:05 - 2015-10-30 15:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 14:05 - 2015-10-30 15:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 14:05 - 2015-10-30 15:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-10 14:05 - 2015-10-30 15:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 14:05 - 2015-10-30 15:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-10 14:05 - 2015-10-30 15:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 14:05 - 2015-10-30 15:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-10 14:05 - 2015-10-30 15:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 14:05 - 2015-10-30 15:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 14:05 - 2015-10-30 15:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 14:05 - 2015-10-30 15:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-10 14:05 - 2015-10-30 15:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 14:05 - 2015-10-30 15:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-10 14:05 - 2015-10-30 15:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 14:05 - 2015-10-30 15:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 14:05 - 2015-10-30 15:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 14:05 - 2015-10-30 15:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-10 14:05 - 2015-10-30 15:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 14:05 - 2015-10-30 14:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-10 14:05 - 2015-10-30 14:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 14:05 - 2015-10-30 14:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 14:05 - 2015-10-30 14:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-10 14:05 - 2015-10-20 11:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 14:05 - 2015-10-20 11:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 14:05 - 2015-10-20 11:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 14:05 - 2015-10-20 11:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 14:05 - 2015-10-20 11:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 14:05 - 2015-10-20 11:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 14:05 - 2015-10-20 11:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 14:05 - 2015-10-20 11:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 14:05 - 2015-10-20 11:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 14:05 - 2015-10-20 11:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 14:05 - 2015-10-20 11:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 14:05 - 2015-10-20 10:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 14:05 - 2015-10-20 10:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 14:05 - 2015-10-20 10:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 14:05 - 2015-10-20 10:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-10 14:05 - 2015-10-20 10:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 14:05 - 2015-10-19 18:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 14:05 - 2015-10-19 18:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 14:05 - 2015-10-19 18:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 14:05 - 2015-10-19 18:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 14:05 - 2015-10-19 18:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-10 14:05 - 2015-10-19 18:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 14:05 - 2015-10-19 18:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 14:05 - 2015-10-19 18:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 14:05 - 2015-10-19 17:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-10 14:05 - 2015-10-19 17:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-10 14:05 - 2015-10-19 17:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-10 14:05 - 2015-10-19 17:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 14:05 - 2015-10-19 17:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 14:05 - 2015-10-19 17:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 14:05 - 2015-09-23 06:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 14:05 - 2015-09-23 06:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 14:05 - 2015-09-23 06:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-10 14:04 - 2015-10-29 10:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-10 14:04 - 2015-10-29 10:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-10 14:04 - 2015-10-29 10:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-10 14:04 - 2015-10-29 10:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-10 14:04 - 2015-10-29 10:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-10 14:04 - 2015-10-29 10:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-10 14:04 - 2015-10-29 10:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-10 14:04 - 2015-10-19 18:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 14:04 - 2015-10-19 18:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-10 14:04 - 2015-10-19 18:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-10 14:04 - 2015-10-19 18:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-10 14:04 - 2015-10-19 18:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 14:04 - 2015-10-19 18:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 14:04 - 2015-10-19 18:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 14:04 - 2015-10-19 18:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-10 14:04 - 2015-10-19 18:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-10 14:04 - 2015-10-19 18:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 14:04 - 2015-10-19 18:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 14:04 - 2015-10-19 18:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 14:04 - 2015-10-19 17:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-10 14:04 - 2015-10-19 17:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-10 14:04 - 2015-10-19 17:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-10 14:04 - 2015-10-19 17:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-10 14:04 - 2015-10-19 17:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-10 14:04 - 2015-10-19 17:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-10 14:04 - 2015-10-19 17:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-10 14:04 - 2015-10-19 17:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-10 14:04 - 2015-10-19 17:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-10 14:04 - 2015-10-19 17:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-10 14:04 - 2015-10-19 17:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 17:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 16:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 14:04 - 2015-10-19 16:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 14:04 - 2015-10-19 16:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 14:04 - 2015-10-19 16:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-10 14:04 - 2015-10-19 16:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-10 14:04 - 2015-10-19 16:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 16:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 16:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 14:04 - 2015-10-19 16:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 14:04 - 2015-10-13 09:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 14:04 - 2015-10-13 09:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 14:04 - 2015-10-12 21:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 14:04 - 2015-10-01 11:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 14:04 - 2015-10-01 11:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 14:04 - 2015-10-01 10:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-04 11:07 - 2015-11-06 03:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-04 11:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2015-12-04 11:46 - 2009-07-13 21:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-04 11:46 - 2009-07-13 21:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-04 11:33 - 2012-06-20 03:35 - 00000000 ____D C:\Users\Kyer\AppData\Local\CrashDumps
2015-12-04 11:31 - 2011-07-20 15:22 - 00000000 ____D C:\ProgramData\PDFC
2015-12-04 11:30 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-04 03:21 - 2014-11-10 19:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-04 01:51 - 2011-10-21 13:31 - 00000000 ____D C:\Users\Kathleen
2015-12-03 13:58 - 2012-01-21 09:33 - 00003176 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKyer
2015-12-03 13:58 - 2012-01-21 09:33 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForKyer.job
2015-12-03 09:11 - 2009-07-13 22:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-03 09:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2015-12-03 09:06 - 2011-10-23 12:45 - 00065368 _____ C:\Users\Kyer\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-03 09:06 - 2009-07-13 21:45 - 00301368 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-03 08:22 - 2011-12-04 07:37 - 00000000 ____D C:\Users\Kathleen\AppData\Roaming\Malwarebytes
2015-12-03 08:22 - 2011-12-04 07:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-14 12:16 - 2015-10-15 18:02 - 00000000 ____D C:\Users\Kyer\Desktop\Saved videos
2015-11-14 12:14 - 2014-06-16 13:39 - 00000000 ____D C:\Users\Kyer\Desktop\Journal
2015-11-13 15:23 - 2015-03-19 19:08 - 00000000 ____D C:\Users\Kyer\Desktop\DAD Info
2015-11-11 16:26 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-11-10 18:01 - 2013-07-14 08:33 - 00000000 ____D C:\Windows\system32\MRT
2015-11-10 17:58 - 2011-12-07 18:24 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-10 17:54 - 2011-02-11 10:15 - 00774592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-10 17:53 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-10 15:21 - 2014-11-10 19:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 15:21 - 2014-05-02 09:52 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 15:21 - 2014-05-02 09:52 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-06 03:25 - 2012-05-24 03:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2012-10-21 17:36 - 2012-10-21 17:36 - 0007605 _____ () C:\Users\Kathleen\AppData\Local\Resmon.ResmonCfg
2012-11-25 16:09 - 2012-11-25 16:09 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
------------------------------------------------------------------------
Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Kathleen (2015-12-04 12:04:11)
Running from C:\Users\Kyer\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-10-21 20:31:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3304200418-2677000351-4278508572-500 - Administrator - Disabled)
Guest (S-1-5-21-3304200418-2677000351-4278508572-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3304200418-2677000351-4278508572-1003 - Limited - Enabled)
Kathleen (S-1-5-21-3304200418-2677000351-4278508572-1000 - Administrator - Enabled) => C:\Users\Kathleen
Kyer (S-1-5-21-3304200418-2677000351-4278508572-1001 - Limited - Enabled) => C:\Users\Kyer

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ATI Catalyst Install Manager (HKLM\...\{33F535ED-1574-3437-C74B-F7C3D6EC74F2}) (Version: 3.0.808.0 - ATI Technologies, Inc.)
ATI Stream SDK v2 Developer (HKLM\...\{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}) (Version: 2.2.0.0 - ATI Technologies Inc.)
ccc-core-static (x32 Version: 2010.1208.2156.39317 - ATI) Hidden
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.0.1 - Ellora Assets Corporation)
HP ENVY 110 series Basic Device Software (HKLM\...\{737E9620-F941-40CC-8335-A711BB859B82}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Keyboard (HKLM-x32\...\{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}) (Version: 1.5.0.4 - Hewlett-Packard)
HP LinkUp (HKLM-x32\...\{C1AD9241-3ADD-483F-914D-071F3E50855A}) (Version: 2.01.026 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{BB760C1D-98F4-4E38-8CC4-3B67329AA981}) (Version: 1.0.6.0 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.14.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version: 10.1.1000 - Hewlett-Packard)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.5.0.0 - Hewlett-Packard)
HPAsset component for HP Active Support Library (x32 Version: 3.0.0.6 - Hewlett-Packard) Hidden
Hulu Desktop (HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\HuluDesktop) (Version: 0.9.13 - Hulu LLC)
HydraVision (x32 Version: 4.2.184.0 - ATI Technologies Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6325.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 en-US)) (Version: 38.2.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.35 - PDF Complete, Inc)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4817 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4817 - CyberLink Corp.) Hidden
Recovery Manager (x32 Version: 5.5.3621 - CyberLink Corp.) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
U.S. Robotics V.92 USB Modem (HKLM\...\U.S. Robotics V.92 USB Modem) (Version:  - )
VueMinder Lite (HKLM-x32\...\{0E7C7ECF-81E8-419D-B3FD-47D724DD8EED}) (Version: 9.0.0010 - VueSoft)
Windows Driver Package - U.S. Robotics Corporation (usbser) Modem  (03/12/2010 3.1.0.39) (HKLM\...\A8A6DA209BDF7401AF8A9DFDEC2F4126440929C4) (Version: 03/12/2010 3.1.0.39 - U.S. Robotics Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 25.6.2012.1 - BillP Studios)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-04-22 17:28 - 00000021 _RASH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29C2EE91-25BF-427C-B2FA-BAABFA97EF47} - System32\Tasks\hpUtility.exe_{3EBB64B5-5394-4827-AB29-E17DEB89858B} => C:\Program Files\HP\HP ENVY 110 series\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {62669B9F-FEE9-4F20-84B2-7F85AFB7C347} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2012-01-18] (Microsoft)
Task: {90A34F7D-EA54-4DBC-AA21-B737203D673F} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2010-12-21] (CyberLink)
Task: {A15A8775-D24E-4B1A-B628-9EDB6CF49148} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {A24FC67F-BBD0-4F00-A69E-6548460A0BE4} - System32\Tasks\HPCeeScheduleForKyer => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {C4B8CB4C-56E3-47EA-AD5D-FDE03A625628} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] ()
Task: {C9127944-3B68-440E-8F8B-F9A329AE9DBD} - System32\Tasks\SetupManager => C:\Program Files (x86)\Hewlett-Packard\Setup Manager\toaster.exe [2011-03-03] (Microsoft)
Task: {CBAF3D5B-AB2B-436D-9668-71C00F948D12} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {DC228A37-25EC-4098-BA39-3B9C12C0BFCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
Task: {FA3EFE9A-B37D-4466-9D41-4DA37BD280D7} - System32\Tasks\HPOSIAPP64 => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe [2009-02-27] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKyer.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Kathleen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=onlinesvs&s=quickenfc&pf=cndt&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2011_us <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2010-04-12 15:59 - 2010-04-12 15:59 - 00098304 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-12-22 09:54 - 2010-12-22 09:54 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResource

Note:  I'm seeing several lines listing "Freemake" in them.  This was a program I tried years ago and thought I'd uninstalled back then.  It seems to have kept parts of itself in my computer?

Also had my computer uninstall Panda...and it also seems to have kept parts of itself?  grrrr!

Rest of Addition

2011-07-20 15:15 - 2009-02-19 17:22 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.DLL
2011-12-12 14:01 - 2011-10-30 21:51 - 02212096 ____N () C:\Users\Kyer\APPDATA\ROAMING\WORDWEB\wweb32.dll
2011-12-12 14:01 - 2011-10-10 18:50 - 00022800 ____N () C:\Users\Kyer\APPDATA\ROAMING\WORDWEB\WUCNT.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\...\100sexlinks.com -> 100sexlinks.com

There are 5230 more sites.

IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\...\100sexlinks.com -> 100sexlinks.com

There are 5230 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kathleen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kyer\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3D08CA5E-5082-4C89-9A96-1909A3AE57C7}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{301F208A-8AD2-4498-BB5F-E1879E8DB8CA}] => (Allow) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{D0736BCC-DBDD-4BD4-96F2-E97EF17EBBC6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{6E095AD7-682C-4FDD-99D5-BAFB20EE625E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{11EA4B36-A064-401E-AE84-203A7FF3D30A}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{40BD3B73-0C76-45A2-884C-2CA38E2A3BF6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2935A653-EAB2-4721-9290-524DD226C935}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30431FDE-73C2-4E51-AD91-FCBBF0979F77}] => (Allow) LPort=2869
FirewallRules: [{934AF0A1-0D0D-443D-BDE3-6147935611B6}] => (Allow) LPort=1900
FirewallRules: [{BD892FF0-ABC6-4548-ADB1-369F222E7CEC}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{0D1BC1C8-B65E-49F9-A4F8-B62F1C14AF0C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{7047FE26-DBB7-4115-B108-1A0838F64278}] => (Allow) C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe
FirewallRules: [{92A1ECA4-3123-4464-98E9-536912601D5E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{F8B1854C-35E1-4D3B-9302-6ABB8102614C}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{B0BEFE0E-9186-45B7-AE47-4C19701AF381}] => (Allow) C:\Program Files (x86)\VueSoft\VueMinder\VueMinder.exe
FirewallRules: [{D2C4CF6D-0F28-467E-A0D9-4A0B7095E99E}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{B6348318-070A-4933-9372-BE01732EBE66}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{AB217AAC-EF4F-4983-8F09-C97CF264C450}] => (Allow) C:\Users\Kathleen\AppData\Local\Temp\7zS5022.tmp\SymNRT.exe
FirewallRules: [{3B1D759C-4425-451E-B506-94A600DD8FBE}] => (Allow) C:\Users\Kathleen\AppData\Local\Temp\7zS5022.tmp\SymNRT.exe
FirewallRules: [{02365157-F7CE-4317-B1A6-BDF7EFEB61F3}] => (Allow) C:\Program Files\HP\HP ENVY 110 series\Bin\DeviceSetup.exe
FirewallRules: [{3AFEFE37-CAA8-4C04-8FA7-87CB32E7EB61}] => (Allow) C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{986B72A9-5BE9-418C-AC09-A47C1D45F1C6}] => (Allow) C:\Program Files\HP\HP ENVY 110 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{57620734-E7AD-4CF1-A991-213419F9D39A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E5BF54D0-22EC-4EEB-9EE8-7E667666AAA0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79CFA826-9905-4A5E-A20C-02D559DDB2FA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7A8C19E3-8B8E-42B2-A8A1-8C3B459F3B3E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/04/2015 11:33:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Faulting module name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Exception code: 0xc0000409
Fault offset: 0x00010afa
Faulting process id: 0xee4
Faulting application start time: 0xWinPatrol.exe0
Faulting application path: WinPatrol.exe1
Faulting module path: WinPatrol.exe2
Report Id: WinPatrol.exe3

Error: (12/04/2015 11:32:34 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/04/2015 01:47:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Faulting module name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Exception code: 0xc0000409
Fault offset: 0x00010afa
Faulting process id: 0xd1c
Faulting application start time: 0xWinPatrol.exe0
Faulting application path: WinPatrol.exe1
Faulting module path: WinPatrol.exe2
Report Id: WinPatrol.exe3

Error: (12/04/2015 01:44:11 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/03/2015 05:20:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 05:19:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 05:19:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (12/03/2015 05:08:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Faulting module name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Exception code: 0xc0000409
Fault offset: 0x00010afa
Faulting process id: 0x98c
Faulting application start time: 0xWinPatrol.exe0
Faulting application path: WinPatrol.exe1
Faulting module path: WinPatrol.exe2
Report Id: WinPatrol.exe3

Error: (12/03/2015 05:06:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (12/03/2015 04:32:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Faulting module name: WinPatrol.exe, version: 25.6.2012.1, time stamp: 0x505a953f
Exception code: 0xc0000409
Fault offset: 0x00010afa
Faulting process id: 0x930
Faulting application start time: 0xWinPatrol.exe0
Faulting application path: WinPatrol.exe1
Faulting module path: WinPatrol.exe2
Report Id: WinPatrol.exe3


System errors:
=============
Error: (12/03/2015 06:59:59 PM) (Source: volsnap) (EventID: 14) (User: )
Description: The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Error: (12/03/2015 05:21:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/03/2015 05:21:03 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kathleen\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/03/2015 05:21:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kathleen\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/03/2015 05:21:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/03/2015 05:21:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/03/2015 05:21:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kathleen\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/03/2015 05:20:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (12/03/2015 05:20:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Kathleen\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/03/2015 05:20:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275


CodeIntegrity:
===================================
  Date: 2012-10-23 02:20:06.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-10-23 02:20:06.479
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 10220.31 MB
Available physical RAM: 7917.42 MB
Total Virtual: 20438.83 MB
Available Virtual: 17726.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1385.71 GB) (Free:1271.13 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.46 GB) (Free:1.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:931.51 GB) (Free:670.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 9419D7E4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1385.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Hi, Kyer!  It is good to see you again -- although not the circumstances that brought you here.

1.  Let's start with FRST and then we'll dig deeper to make sure there is no sign of Sirefef on your computer.  I'll include any Freemake and Panda files shown in the logs.  However, I see that Freemake is listed in Installed Programs so first uninstall Freemake Video Downloader .  That should result in FRST not finding the files included in the fix but that's ok. Panda is listed in the one-month created files and folders with 0 bytes but I'll include the items anyway.

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

• Open Notepad (Start =>All Programs => Accessories => Notepad).
  
• Copy/Paste the entire contents of the code box below into Notepad.
  


start
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Freemake
C:\Program Files (x86)\Freemake
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: No Name - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2012-10-21] [not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-18] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-06-18] (Microsoft) [File not signed]
2015-12-03 08:40 - 2015-12-03 09:05 - 00000000 ____D C:\Users\Kyer\AppData\Roaming\Panda Security
2015-12-03 08:39 - 2015-12-03 09:06 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-03 08:38 - 2015-12-03 09:05 - 00000000 ____D C:\ProgramData\Panda Security
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
ShortcutWithArgument: C:\Users\Kathleen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=onlinesvs&s=quickenfc&pf=cndt&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2011_us <==== ATTENTION
EmptyTemp:
end


• Click Format and ensure Wordwrap is unchecked.
  
• Important:  Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  
• Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
  
  
  
  • Press the Fix button once and wait.
    
  • FRST will process fixlist.txt
    
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    
  • Please post the log in your next reply.
    

2.  Please download the TDSSKiller.exe (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) by Kaspersky... save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista - W7 users: Right-click and select "Run As Administrator".
  If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see:  How to change the file extension (http://www.mediacollege.com/microsoft/windows/extension-change.html).
  
• Click the Start Scan button.  Do not use the computer during the scan!
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
  
  
  • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
• A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.

Hi!  Yeah, I pop over to read every now and then, but Life has been keeping me more occupied then I'd like.  yeah...and then this.

Anyway, I tried to Uninstall the Freemake, but it keeps getting an error:  (something about can't find unins000 to do the uninstall.  But then I tried a fourth time and now it keeps saying to wait until the current program is finished uninstalling....which it is not doing?

(Nothing is ever straightforward with computers.  I swear they are living organisms in there.)

Right.  I've got everything set to hit the Fix button, but am holding off in case the Freemake not uninstalling has created yet another snafu and my hitting fix will start WWIII or something.  Just my luck.  :)

No, I don't believe WWIII will start.  :) However, it wouldn't hurt to restart the computer first. The only "processes" for Freemake shown in the log are for the service and FRST will take care of that anyway.

Fix result of Farbar Recovery Scan Tool (x64) Version:01-12-2015
Ran by Kathleen (2015-12-04 14:48:19) Run:1
Running from C:\Users\Kyer\Downloads
Loaded Profiles: Kathleen & Kyer (Available Profiles: Kathleen & Kyer)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\Freemake
C:\Program Files (x86)\Freemake
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox
FF Extension: No Name - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox [2012-10-21] [not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-18] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [8704 2012-06-18] (Microsoft) [File not signed]
2015-12-03 08:40 - 2015-12-03 09:05 - 00000000 ____D C:\Users\Kyer\AppData\Roaming\Panda Security
2015-12-03 08:39 - 2015-12-03 09:06 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-12-03 08:38 - 2015-12-03 09:05 - 00000000 ____D C:\ProgramData\Panda Security
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-3304200418-2677000351-4278508572-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3304200418-2677000351-4278508572-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
ShortcutWithArgument: C:\Users\Kathleen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=pavilion&tp=onlinesvs&s=quickenfc&pf=cndt&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=onlinesvs&pf=cndt&s=hp_softwarestore&c=113&TYPE=4 <==== ATTENTION
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.snapfish.com/hp_desktop_desktopicon_2011_us <==== ATTENTION
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Freemake => moved successfully
C:\Program Files (x86)\Freemake => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmdownloader@gmail.com => value removed successfully
C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox => not found.
Freemake Improver => service removed successfully
FreemakeVideoCapture => service removed successfully
C:\Users\Kyer\AppData\Roaming\Panda Security => moved successfully
C:\Program Files (x86)\Panda Security => moved successfully
C:\ProgramData\Panda Security => moved successfully
catchme => service removed successfully
MBAMSwissArmy => service removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3304200418-2677000351-4278508572-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-3304200418-2677000351-4278508572-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
C:\Users\Kathleen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP Download Store.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk => Shortcut argument removed successfully.
EmptyTemp: => 842.1 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:50:47 ====

Restarted.
TDSSKiller found nothing.  WWIII averted.

However, the Four Horseman appear to be hanging around and eyeing me from a distance--biding their time--because my C: computer search for TDSSKiller_version  came up empty.  Can't find it.  Will try looking around again.

Back, back, you fiends of Chaos!

I found it.

14:56:12.0109 0x0ee8  TDSS rootkit removing tool 3.1.0.7 Nov 29 2015 22:37:04
14:56:20.0876 0x0ee8  ============================================================
14:56:20.0876 0x0ee8  Current date / time: 2015/12/04 14:56:20.0876
14:56:20.0876 0x0ee8  SystemInfo:
14:56:20.0876 0x0ee8 
14:56:20.0876 0x0ee8  OS Version: 6.1.7601 ServicePack: 1.0
14:56:20.0876 0x0ee8  Product type: Workstation
14:56:20.0876 0x0ee8  ComputerName: HOME-DESKTOP
14:56:20.0876 0x0ee8  UserName: Kathleen
14:56:20.0876 0x0ee8  Windows directory: C:\Windows
14:56:20.0876 0x0ee8  System windows directory: C:\Windows
14:56:20.0876 0x0ee8  Running under WOW64
14:56:20.0876 0x0ee8  Processor architecture: Intel x64
14:56:20.0876 0x0ee8  Number of processors: 8
14:56:20.0876 0x0ee8  Page size: 0x1000
14:56:20.0876 0x0ee8  Boot type: Normal boot
14:56:20.0876 0x0ee8  ============================================================
14:56:21.0797 0x0ee8  KLMD registered as C:\Windows\system32\drivers\44881747.sys
14:56:23.0731 0x0ee8  System UUID: {EF5E5674-B9E4-124F-4896-2802CC74000B}
14:56:25.0057 0x0ee8  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:56:25.0057 0x0ee8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB5E00 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:56:25.0073 0x0ee8  ============================================================
14:56:25.0073 0x0ee8  \Device\Harddisk0\DR0:
14:56:25.0073 0x0ee8  MBR partitions:
14:56:25.0073 0x0ee8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:56:25.0073 0x0ee8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xAD36A800
14:56:25.0073 0x0ee8  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xAD39D000, BlocksNum 0x16EA000
14:56:25.0073 0x0ee8  \Device\Harddisk1\DR1:
14:56:25.0073 0x0ee8  MBR partitions:
14:56:25.0073 0x0ee8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747059C1
14:56:25.0073 0x0ee8  ============================================================
14:56:25.0151 0x0ee8  C: <-> \Device\Harddisk0\DR0\Partition2
14:56:25.0385 0x0ee8  D: <-> \Device\Harddisk0\DR0\Partition3
14:56:25.0416 0x0ee8  F: <-> \Device\Harddisk1\DR1\Partition1
14:56:25.0416 0x0ee8  ============================================================
14:56:25.0416 0x0ee8  Initialize success
14:56:25.0416 0x0ee8  ============================================================
14:57:03.0854 0x0e58  ============================================================
14:57:03.0854 0x0e58  Scan started
14:57:03.0854 0x0e58  Mode: Manual;
14:57:03.0854 0x0e58  ============================================================
14:57:03.0854 0x0e58  KSN ping started
14:57:06.0631 0x0e58  KSN ping finished: true
14:57:07.0208 0x0e58  ================ Scan system memory ========================
14:57:07.0208 0x0e58  System memory - ok
14:57:07.0208 0x0e58  ================ Scan services =============================
14:57:07.0333 0x0e58  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
14:57:07.0349 0x0e58  1394ohci - ok
14:57:07.0380 0x0e58  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
14:57:07.0396 0x0e58  ACPI - ok
14:57:07.0427 0x0e58  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
14:57:07.0442 0x0e58  AcpiPmi - ok
14:57:07.0708 0x0e58  [ 280A526E8111AC6A5BCC1A059E1E0340, FB92DDAE29A097D148AB23D8A0BD2B9E662EC1DBF0DA8B716374D6919B4C646F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:57:07.0723 0x0e58  AdobeFlashPlayerUpdateSvc - ok
14:57:07.0786 0x0e58  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
14:57:07.0801 0x0e58  adp94xx - ok
14:57:07.0832 0x0e58  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
14:57:07.0848 0x0e58  adpahci - ok
14:57:07.0864 0x0e58  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
14:57:07.0864 0x0e58  adpu320 - ok
14:57:07.0910 0x0e58  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
14:57:07.0910 0x0e58  AeLookupSvc - ok
14:57:07.0973 0x0e58  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
14:57:07.0988 0x0e58  AESTFilters - ok
14:57:08.0051 0x0e58  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
14:57:08.0082 0x0e58  AFD - ok
14:57:08.0113 0x0e58  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
14:57:08.0113 0x0e58  agp440 - ok
14:57:08.0129 0x0e58  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
14:57:08.0129 0x0e58  ALG - ok
14:57:08.0144 0x0e58  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
14:57:08.0144 0x0e58  aliide - ok
14:57:08.0191 0x0e58  [ C9A5A02CB76B35A78404F6D4101163F9, 184C68FCDAB76862D39FD5D09FA0D53F600A657DE55DBECBE7B1EBA0DCAA496F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:57:08.0191 0x0e58  AMD External Events Utility - ok
14:57:08.0222 0x0e58  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
14:57:08.0222 0x0e58  amdide - ok
14:57:08.0238 0x0e58  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
14:57:08.0238 0x0e58  AmdK8 - ok
14:57:08.0550 0x0e58  [ 5F62E6CFD4FEA8D19110BDEB423BF510, 68286E456A8295F988768C5FC3D9D719895FE191E112438DAD0ABF7377A05303 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
14:57:08.0862 0x0e58  amdkmdag - ok
14:57:08.0924 0x0e58  [ D93655EC3CA48FCBFFD9D4E6DF63737F, C56316AC4C990A0D391F8CFA0C4F0FF036FA37322BE9B13DFAACCAA6077EFE8C ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
14:57:08.0924 0x0e58  amdkmdap - ok
14:57:08.0956 0x0e58  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
14:57:08.0956 0x0e58  AmdPPM - ok
14:57:08.0987 0x0e58  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
14:57:08.0987 0x0e58  amdsata - ok
14:57:09.0002 0x0e58  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
14:57:09.0018 0x0e58  amdsbs - ok
14:57:09.0018 0x0e58  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
14:57:09.0018 0x0e58  amdxata - ok
14:57:09.0080 0x0e58  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
14:57:09.0096 0x0e58  AppID - ok
14:57:09.0112 0x0e58  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
14:57:09.0112 0x0e58  AppIDSvc - ok
14:57:09.0143 0x0e58  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
14:57:09.0143 0x0e58  Appinfo - ok
14:57:09.0174 0x0e58  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
14:57:09.0174 0x0e58  arc - ok
14:57:09.0190 0x0e58  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
14:57:09.0190 0x0e58  arcsas - ok
14:57:09.0268 0x0e58  [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
14:57:09.0314 0x0e58  aspnet_state - ok
14:57:09.0346 0x0e58  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
14:57:09.0346 0x0e58  AsyncMac - ok
14:57:09.0392 0x0e58  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
14:57:09.0392 0x0e58  atapi - ok
14:57:09.0408 0x0e58  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47, 172240231981162F67DD2CF13C6D8C807EFFCE9C24B476F2942BC3E1F41C1A71 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
14:57:09.0408 0x0e58  AtiHDAudioService - ok
14:57:09.0470 0x0e58  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:57:09.0502 0x0e58  AudioEndpointBuilder - ok
14:57:09.0517 0x0e58  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
14:57:09.0533 0x0e58  AudioSrv - ok
14:57:09.0564 0x0e58  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
14:57:09.0580 0x0e58  AxInstSV - ok
14:57:09.0642 0x0e58  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
14:57:09.0658 0x0e58  b06bdrv - ok
14:57:09.0720 0x0e58  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
14:57:09.0736 0x0e58  b57nd60a - ok
14:57:09.0751 0x0e58  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
14:57:09.0751 0x0e58  BDESVC - ok
14:57:09.0751 0x0e58  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
14:57:09.0751 0x0e58  Beep - ok
14:57:09.0782 0x0e58  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
14:57:09.0798 0x0e58  BFE - ok
14:57:09.0860 0x0e58  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
14:57:09.0907 0x0e58  BITS - ok
14:57:09.0907 0x0e58  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
14:57:09.0907 0x0e58  blbdrive - ok
14:57:09.0938 0x0e58  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
14:57:09.0938 0x0e58  bowser - ok
14:57:09.0970 0x0e58  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
14:57:09.0970 0x0e58  BrFiltLo - ok
14:57:09.0985 0x0e58  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
14:57:09.0985 0x0e58  BrFiltUp - ok
14:57:10.0016 0x0e58  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
14:57:10.0032 0x0e58  BridgeMP - ok
14:57:10.0063 0x0e58  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
14:57:10.0079 0x0e58  Browser - ok
14:57:10.0094 0x0e58  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
14:57:10.0110 0x0e58  Brserid - ok
14:57:10.0126 0x0e58  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
14:57:10.0126 0x0e58  BrSerWdm - ok
14:57:10.0126 0x0e58  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
14:57:10.0141 0x0e58  BrUsbMdm - ok
14:57:10.0141 0x0e58  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
14:57:10.0141 0x0e58  BrUsbSer - ok
14:57:10.0157 0x0e58  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
14:57:10.0157 0x0e58  BTHMODEM - ok
14:57:10.0157 0x0e58  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
14:57:10.0172 0x0e58  bthserv - ok
14:57:10.0172 0x0e58  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
14:57:10.0188 0x0e58  cdfs - ok
14:57:10.0188 0x0e58  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
14:57:10.0204 0x0e58  cdrom - ok
14:57:10.0204 0x0e58  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
14:57:10.0219 0x0e58  CertPropSvc - ok
14:57:10.0235 0x0e58  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
14:57:10.0235 0x0e58  circlass - ok
14:57:10.0266 0x0e58  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
14:57:10.0282 0x0e58  CLFS - ok
14:57:10.0344 0x0e58  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:57:10.0360 0x0e58  clr_optimization_v2.0.50727_32 - ok
14:57:10.0391 0x0e58  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:57:10.0406 0x0e58  clr_optimization_v2.0.50727_64 - ok
14:57:10.0453 0x0e58  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:57:10.0562 0x0e58  clr_optimization_v4.0.30319_32 - ok
14:57:10.0578 0x0e58  [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:57:10.0594 0x0e58  clr_optimization_v4.0.30319_64 - ok
14:57:10.0609 0x0e58  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
14:57:10.0609 0x0e58  CmBatt - ok
14:57:10.0640 0x0e58  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
14:57:10.0640 0x0e58  cmdide - ok
14:57:10.0703 0x0e58  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
14:57:10.0718 0x0e58  CNG - ok
14:57:10.0734 0x0e58  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
14:57:10.0734 0x0e58  Compbatt - ok
14:57:10.0765 0x0e58  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
14:57:10.0765 0x0e58  CompositeBus - ok
14:57:10.0765 0x0e58  COMSysApp - ok
14:57:10.0765 0x0e58  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
14:57:10.0765 0x0e58  crcdisk - ok
14:57:10.0812 0x0e58  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
14:57:10.0828 0x0e58  CryptSvc - ok
14:57:10.0859 0x0e58  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
14:57:10.0874 0x0e58  DcomLaunch - ok
14:57:10.0921 0x0e58  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
14:57:10.0937 0x0e58  defragsvc - ok
14:57:10.0952 0x0e58  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
14:57:10.0952 0x0e58  DfsC - ok
14:57:10.0984 0x0e58  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
14:57:10.0984 0x0e58  Dhcp - ok
14:57:11.0108 0x0e58  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
14:57:11.0140 0x0e58  DiagTrack - ok
14:57:11.0155 0x0e58  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
14:57:11.0155 0x0e58  discache - ok
14:57:11.0171 0x0e58  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
14:57:11.0186 0x0e58  Disk - ok
14:57:11.0202 0x0e58  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
14:57:11.0218 0x0e58  Dnscache - ok
14:57:11.0233 0x0e58  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
14:57:11.0249 0x0e58  dot3svc - ok
14:57:11.0249 0x0e58  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
14:57:11.0264 0x0e58  DPS - ok
14:57:11.0280 0x0e58  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
14:57:11.0280 0x0e58  drmkaud - ok
14:57:11.0342 0x0e58  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
14:57:11.0374 0x0e58  DXGKrnl - ok
14:57:11.0389 0x0e58  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
14:57:11.0389 0x0e58  EapHost - ok
14:57:11.0498 0x0e58  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
14:57:11.0623 0x0e58  ebdrv - ok
14:57:11.0654 0x0e58  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
14:57:11.0670 0x0e58  EFS - ok
14:57:11.0732 0x0e58  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
14:57:11.0748 0x0e58  ehRecvr - ok
14:57:11.0779 0x0e58  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
14:57:11.0779 0x0e58  ehSched - ok
14:57:11.0810 0x0e58  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
14:57:11.0826 0x0e58  elxstor - ok
14:57:11.0842 0x0e58  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
14:57:11.0842 0x0e58  ErrDev - ok
14:57:11.0888 0x0e58  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
14:57:11.0888 0x0e58  EventSystem - ok
14:57:11.0920 0x0e58  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
14:57:11.0920 0x0e58  exfat - ok
14:57:11.0951 0x0e58  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
14:57:11.0951 0x0e58  fastfat - ok
14:57:11.0998 0x0e58  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
14:57:12.0013 0x0e58  Fax - ok
14:57:12.0029 0x0e58  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
14:57:12.0029 0x0e58  fdc - ok
14:57:12.0044 0x0e58  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
14:57:12.0044 0x0e58  fdPHost - ok
14:57:12.0060 0x0e58  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
14:57:12.0060 0x0e58  FDResPub - ok
14:57:12.0076 0x0e58  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
14:57:12.0076 0x0e58  FileInfo - ok
14:57:12.0091 0x0e58  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
14:57:12.0091 0x0e58  Filetrace - ok
14:57:12.0107 0x0e58  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
14:57:12.0107 0x0e58  flpydisk - ok
14:57:12.0138 0x0e58  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
14:57:12.0138 0x0e58  FltMgr - ok
14:57:12.0232 0x0e58  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
14:57:12.0310 0x0e58  FontCache - ok
14:57:12.0341 0x0e58  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:57:12.0341 0x0e58  FontCache3.0.0.0 - ok
14:57:12.0356 0x0e58  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
14:57:12.0356 0x0e58  FsDepends - ok
14:57:12.0388 0x0e58  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
14:57:12.0388 0x0e58  Fs_Rec - ok
14:57:12.0419 0x0e58  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
14:57:12.0434 0x0e58  fvevol - ok
14:57:12.0450 0x0e58  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
14:57:12.0450 0x0e58  gagp30kx - ok
14:57:12.0497 0x0e58  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
14:57:12.0528 0x0e58  gpsvc - ok
14:57:12.0637 0x0e58  [ 40ACC82823C3982E62D8C8070AF470DC, 848863FB3C006D10412E1C4EA3814A49F676A897BC2B531D8075D407C6B5E02D ] HCW723x         C:\Windows\system32\DRIVERS\HCW723x.sys
14:57:12.0684 0x0e58  HCW723x - ok
14:57:12.0700 0x0e58  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
14:57:12.0700 0x0e58  hcw85cir - ok
14:57:12.0731 0x0e58  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:57:12.0746 0x0e58  HdAudAddService - ok
14:57:12.0793 0x0e58  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
14:57:12.0793 0x0e58  HDAudBus - ok
14:57:12.0793 0x0e58  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
14:57:12.0793 0x0e58  HidBatt - ok
14:57:12.0809 0x0e58  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
14:57:12.0824 0x0e58  HidBth - ok
14:57:12.0840 0x0e58  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
14:57:12.0840 0x0e58  HidIr - ok
14:57:12.0856 0x0e58  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
14:57:12.0856 0x0e58  hidserv - ok
14:57:12.0871 0x0e58  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
14:57:12.0887 0x0e58  HidUsb - ok
14:57:12.0887 0x0e58  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
14:57:12.0887 0x0e58  hkmsvc - ok
14:57:12.0902 0x0e58  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:57:12.0918 0x0e58  HomeGroupListener - ok
14:57:12.0949 0x0e58  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:57:12.0949 0x0e58  HomeGroupProvider - ok
14:57:13.0058 0x0e58  [ 45A12CACB97B4F15858FCFD59355A1E9, E4D671F1E413D1C45CC797C93FC042FEC9B0AE9F7039C82E516A410AD49100AA ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:57:13.0058 0x0e58  HP Health Check Service - ok
14:57:13.0105 0x0e58  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
14:57:13.0105 0x0e58  HPClientSvc - ok
14:57:13.0121 0x0e58  [ F55442690A70A0278A7EED4FAAEBF576, 9BE7A30A08DB05D38994B14F53C9178552DE5898DB016B171E20E3046046B296 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:57:13.0136 0x0e58  HPDrvMntSvc.exe - ok
14:57:13.0168 0x0e58  [ 640E51DB253265C3EAC075866B3D2B33, 3408C908AADCA784BA7C0C044CC50B3759E2B142013D4B12B05E97A141036E15 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
14:57:13.0277 0x0e58  hpqwmiex - ok
14:57:13.0308 0x0e58  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
14:57:13.0308 0x0e58  HpSAMD - ok
14:57:13.0355 0x0e58  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
14:57:13.0370 0x0e58  HTTP - ok
14:57:13.0370 0x0e58  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
14:57:13.0386 0x0e58  hwpolicy - ok
14:57:13.0402 0x0e58  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
14:57:13.0402 0x0e58  i8042prt - ok
14:57:13.0448 0x0e58  [ C224331A54571C8C9162F7714400BBBD, C2CA4881ACD46071E67435BE5E3DB133D0743B026FD20D6D6E26B2FE7A03FCAA ] iaStor          C:\Windows\system32\drivers\iaStor.sys
14:57:13.0464 0x0e58  iaStor - ok
14:57:13.0511 0x0e58  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
14:57:13.0526 0x0e58  iaStorV - ok
14:57:13.0589 0x0e58  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:57:13.0636 0x0e58  idsvc - ok
14:57:13.0651 0x0e58  IEEtwCollectorService - ok
14:57:13.0823 0x0e58  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
14:57:14.0026 0x0e58  igfx - ok
14:57:14.0041 0x0e58  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
14:57:14.0041 0x0e58  iirsp - ok
14:57:14.0104 0x0e58  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
14:57:14.0119 0x0e58  IKEEXT - ok
14:57:14.0150 0x0e58  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
14:57:14.0150 0x0e58  intelide - ok
14:57:14.0182 0x0e58  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
14:57:14.0182 0x0e58  intelppm - ok
14:57:14.0228 0x0e58  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
14:57:14.0228 0x0e58  IPBusEnum - ok
14:57:14.0228 0x0e58  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:57:14.0244 0x0e58  IpFilterDriver - ok
14:57:14.0291 0x0e58  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
14:57:14.0306 0x0e58  iphlpsvc - ok
14:57:14.0338 0x0e58  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
14:57:14.0338 0x0e58  IPMIDRV - ok
14:57:14.0353 0x0e58  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
14:57:14.0353 0x0e58  IPNAT - ok
14:57:14.0369 0x0e58  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
14:57:14.0369 0x0e58  IRENUM - ok
14:57:14.0400 0x0e58  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
14:57:14.0400 0x0e58  isapnp - ok
14:57:14.0431 0x0e58  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
14:57:14.0447 0x0e58  iScsiPrt - ok
14:57:14.0462 0x0e58  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
14:57:14.0462 0x0e58  kbdclass - ok
14:57:14.0478 0x0e58  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
14:57:14.0478 0x0e58  kbdhid - ok
14:57:14.0494 0x0e58  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
14:57:14.0494 0x0e58  KeyIso - ok
14:57:14.0556 0x0e58  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
14:57:14.0556 0x0e58  KSecDD - ok
14:57:14.0572 0x0e58  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
14:57:14.0572 0x0e58  KSecPkg - ok
14:57:14.0587 0x0e58  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
14:57:14.0587 0x0e58  ksthunk - ok
14:57:14.0603 0x0e58  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
14:57:14.0618 0x0e58  KtmRm - ok
14:57:14.0650 0x0e58  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
14:57:14.0665 0x0e58  LanmanServer - ok
14:57:14.0665 0x0e58  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:57:14.0681 0x0e58  LanmanWorkstation - ok
14:57:14.0712 0x0e58  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
14:57:14.0712 0x0e58  lltdio - ok
14:57:14.0743 0x0e58  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
14:57:14.0743 0x0e58  lltdsvc - ok
14:57:14.0759 0x0e58  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
14:57:14.0759 0x0e58  lmhosts - ok
14:57:14.0806 0x0e58  [ D75C4B4A8FE6D7FD74A7EECDBAEC729F, 9BB0A3BE7CCDF62CF0A67CB67019364965F6567BE29BA6D153B8E36F88058302 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
14:57:14.0806 0x0e58  LMS - ok
14:57:14.0837 0x0e58  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
14:57:14.0837 0x0e58  LSI_FC - ok
14:57:14.0852 0x0e58  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
14:57:14.0852 0x0e58  LSI_SAS - ok
14:57:14.0868 0x0e58  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
14:57:14.0868 0x0e58  LSI_SAS2 - ok
14:57:14.0884 0x0e58  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
14:57:14.0884 0x0e58  LSI_SCSI - ok
14:57:14.0899 0x0e58  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
14:57:14.0899 0x0e58  luafv - ok
14:57:14.0915 0x0e58  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
14:57:14.0915 0x0e58  Mcx2Svc - ok
14:57:14.0930 0x0e58  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
14:57:14.0930 0x0e58  megasas - ok
14:57:14.0946 0x0e58  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
14:57:14.0946 0x0e58  MegaSR - ok
14:57:14.0977 0x0e58  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
14:57:14.0977 0x0e58  MEIx64 - ok
14:57:14.0993 0x0e58  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
14:57:14.0993 0x0e58  MMCSS - ok
14:57:15.0008 0x0e58  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
14:57:15.0008 0x0e58  Modem - ok
14:57:15.0040 0x0e58  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
14:57:15.0040 0x0e58  monitor - ok
14:57:15.0055 0x0e58  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
14:57:15.0055 0x0e58  mouclass - ok
14:57:15.0055 0x0e58  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
14:57:15.0055 0x0e58  mouhid - ok
14:57:15.0102 0x0e58  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
14:57:15.0102 0x0e58  mountmgr - ok
14:57:15.0164 0x0e58  [ 0DE2474F316C515482ABAD3B697F8714, 62862AE7432F5350068E96AD466093359C6CF444EB517AE6D09134FAF78C49F5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:57:15.0164 0x0e58  MozillaMaintenance - ok
14:57:15.0196 0x0e58  [ 73150F67D20270FF95A021A22E64F28A, A8878DEFBE437FB453F8E9243FB5C787D07AC7415A4475388D479C10417C524F ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
14:57:15.0211 0x0e58  MpFilter - ok
14:57:15.0227 0x0e58  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
14:57:15.0242 0x0e58  mpio - ok
14:57:15.0258 0x0e58  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
14:57:15.0258 0x0e58  mpsdrv - ok
14:57:15.0305 0x0e58  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
14:57:15.0320 0x0e58  MpsSvc - ok
14:57:15.0352 0x0e58  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
14:57:15.0352 0x0e58  MRxDAV - ok
14:57:15.0414 0x0e58  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
14:57:15.0414 0x0e58  mrxsmb - ok
14:57:15.0461 0x0e58  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:57:15.0476 0x0e58  mrxsmb10 - ok
14:57:15.0523 0x0e58  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:57:15.0523 0x0e58  mrxsmb20 - ok
14:57:15.0554 0x0e58  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
14:57:15.0554 0x0e58  msahci - ok
14:57:15.0570 0x0e58  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
14:57:15.0586 0x0e58  msdsm - ok
14:57:15.0586 0x0e58  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
14:57:15.0586 0x0e58  MSDTC - ok
14:57:15.0601 0x0e58  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
14:57:15.0601 0x0e58  Msfs - ok
14:57:15.0617 0x0e58  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
14:57:15.0617 0x0e58  mshidkmdf - ok
14:57:15.0632 0x0e58  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
14:57:15.0632 0x0e58  msisadrv - ok
14:57:15.0648 0x0e58  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
14:57:15.0648 0x0e58  MSiSCSI - ok
14:57:15.0648 0x0e58  msiserver - ok
14:57:15.0664 0x0e58  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
14:57:15.0664 0x0e58  MSKSSRV - ok
14:57:15.0710 0x0e58  [ CE996C1821021ADF8E28E80A54E846A8, 99042E895B6C2EA80F3BA65563A12C8EBA882E3AD6A21DD8E799B0112C75DDD2 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
14:57:15.0710 0x0e58  MsMpSvc - ok
14:57:15.0726 0x0e58  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
14:57:15.0726 0x0e58  MSPCLOCK - ok
14:57:15.0726 0x0e58  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
14:57:15.0742 0x0e58  MSPQM - ok
14:57:15.0773 0x0e58  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
14:57:15.0773 0x0e58  MsRPC - ok
14:57:15.0788 0x0e58  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
14:57:15.0788 0x0e58  mssmbios - ok
14:57:15.0804 0x0e58  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
14:57:15.0804 0x0e58  MSTEE - ok
14:57:15.0804 0x0e58  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
14:57:15.0804 0x0e58  MTConfig - ok
14:57:15.0820 0x0e58  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
14:57:15.0820 0x0e58  Mup - ok
14:57:15.0851 0x0e58  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
14:57:15.0866 0x0e58  napagent - ok
14:57:15.0882 0x0e58  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
14:57:15.0898 0x0e58  NativeWifiP - ok
14:57:15.0976 0x0e58  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
14:57:16.0007 0x0e58  NDIS - ok
14:57:16.0022 0x0e58  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
14:57:16.0022 0x0e58  NdisCap - ok
14:57:16.0038 0x0e58  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
14:57:16.0038 0x0e58  NdisTapi - ok
14:57:16.0054 0x0e58  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
14:57:16.0054 0x0e58  Ndisuio - ok
14:57:16.0054 0x0e58  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
14:57:16.0069 0x0e58  NdisWan - ok
14:57:16.0085 0x0e58  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
14:57:16.0085 0x0e58  NDProxy - ok
14:57:16.0100 0x0e58  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
14:57:16.0100 0x0e58  NetBIOS - ok
14:57:16.0116 0x0e58  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
14:57:16.0116 0x0e58  NetBT - ok
14:57:16.0132 0x0e58  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
14:57:16.0132 0x0e58  Netlogon - ok
14:57:16.0163 0x0e58  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
14:57:16.0163 0x0e58  Netman - ok
14:57:16.0225 0x0e58  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:16.0241 0x0e58  NetMsmqActivator - ok
14:57:16.0256 0x0e58  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:16.0256 0x0e58  NetPipeActivator - ok
14:57:16.0288 0x0e58  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
14:57:16.0303 0x0e58  netprofm - ok
14:57:16.0412 0x0e58  [ 2EED549279D7FBD10B846B5397573967, 4F7EBB6C1AC58D1EFFA7A86AC799137FC88F5CCA3AC27E563B4EE2AF1EAE4ECC ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
14:57:16.0444 0x0e58  netr28x - ok
14:57:16.0444 0x0e58  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:16.0444 0x0e58  NetTcpActivator - ok
14:57:16.0459 0x0e58  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
14:57:16.0459 0x0e58  NetTcpPortSharing - ok
14:57:16.0459 0x0e58  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
14:57:16.0475 0x0e58  nfrd960 - ok
14:57:16.0506 0x0e58  [ 4774AD83C650001B337B92E5E5DA337B, 138ECC7F556D8A12AE58B78B68F6515BE4C00F9F062596B48B6CA6C010F13035 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
14:57:16.0506 0x0e58  NisDrv - ok
14:57:16.0553 0x0e58  [ 96B7D15161A778B359E707796CCEA646, 9E4A25D9848FAECC517474EAD548E7975CBE3F41AAA964E5245E78F2A723925E ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
14:57:16.0568 0x0e58  NisSrv - ok
14:57:16.0600 0x0e58  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
14:57:16.0615 0x0e58  NlaSvc - ok
14:57:16.0615 0x0e58  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
14:57:16.0615 0x0e58  Npfs - ok
14:57:16.0631 0x0e58  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
14:57:16.0646 0x0e58  nsi - ok
14:57:16.0646 0x0e58  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
14:57:16.0646 0x0e58  nsiproxy - ok
14:57:16.0740 0x0e58  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
14:57:16.0787 0x0e58  Ntfs - ok
14:57:16.0802 0x0e58  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
14:57:16.0802 0x0e58  Null - ok
14:57:16.0834 0x0e58  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
14:57:16.0849 0x0e58  nvraid - ok
14:57:16.0880 0x0e58  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
14:57:16.0880 0x0e58  nvstor - ok
14:57:16.0896 0x0e58  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
14:57:16.0912 0x0e58  nv_agp - ok
14:57:16.0912 0x0e58  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
14:57:16.0927 0x0e58  ohci1394 - ok
14:57:16.0943 0x0e58  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
14:57:16.0958 0x0e58  p2pimsvc - ok
14:57:16.0974 0x0e58  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
14:57:16.0990 0x0e58  p2psvc - ok
14:57:17.0005 0x0e58  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
14:57:17.0005 0x0e58  Parport - ok
14:57:17.0021 0x0e58  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
14:57:17.0021 0x0e58  partmgr - ok
14:57:17.0036 0x0e58  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
14:57:17.0052 0x0e58  PcaSvc - ok
14:57:17.0083 0x0e58  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
14:57:17.0099 0x0e58  pci - ok
14:57:17.0114 0x0e58  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
14:57:17.0114 0x0e58  pciide - ok
14:57:17.0130 0x0e58  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
14:57:17.0146 0x0e58  pcmcia - ok
14:57:17.0146 0x0e58  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
14:57:17.0146 0x0e58  pcw - ok
14:57:17.0177 0x0e58  pdfcDispatcher - ok
14:57:17.0239 0x0e58  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
14:57:17.0270 0x0e58  PEAUTH - ok
14:57:17.0333 0x0e58  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
14:57:17.0380 0x0e58  PerfHost - ok
14:57:17.0442 0x0e58  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
14:57:17.0489 0x0e58  pla - ok
14:57:17.0520 0x0e58  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
14:57:17.0536 0x0e58  PlugPlay - ok
14:57:17.0551 0x0e58  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
14:57:17.0551 0x0e58  PNRPAutoReg - ok
14:57:17.0567 0x0e58  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         

Yet another case of extra-long logs that get cutoff by the forum software character limits.  The main thing is [/b]TDSSKiller found nothing.[/b], however, just for the sake of completeness, please search for "PNRPsvc" in the log and copy/paste the rest of the log.

Please also let me know if your computer is behaving "normal". 

14:57:17.0567 0x0e58  PNRPsvc - ok
14:57:17.0598 0x0e58  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
14:57:17.0598 0x0e58  PolicyAgent - ok
14:57:17.0629 0x0e58  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
14:57:17.0629 0x0e58  Power - ok
14:57:17.0645 0x0e58  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
14:57:17.0645 0x0e58  PptpMiniport - ok
14:57:17.0660 0x0e58  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
14:57:17.0660 0x0e58  Processor - ok
14:57:17.0692 0x0e58  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
14:57:17.0692 0x0e58  ProfSvc - ok
14:57:17.0707 0x0e58  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:57:17.0707 0x0e58  ProtectedStorage - ok
14:57:17.0723 0x0e58  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
14:57:17.0723 0x0e58  Psched - ok
14:57:17.0801 0x0e58  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
14:57:17.0832 0x0e58  ql2300 - ok
14:57:17.0848 0x0e58  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
14:57:17.0863 0x0e58  ql40xx - ok
14:57:17.0879 0x0e58  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
14:57:17.0879 0x0e58  QWAVE - ok
14:57:17.0894 0x0e58  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
14:57:17.0894 0x0e58  QWAVEdrv - ok
14:57:17.0910 0x0e58  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
14:57:17.0910 0x0e58  RasAcd - ok
14:57:17.0926 0x0e58  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
14:57:17.0926 0x0e58  RasAgileVpn - ok
14:57:17.0926 0x0e58  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
14:57:17.0926 0x0e58  RasAuto - ok
14:57:17.0941 0x0e58  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
14:57:17.0941 0x0e58  Rasl2tp - ok
14:57:17.0988 0x0e58  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
14:57:18.0004 0x0e58  RasMan - ok
14:57:18.0004 0x0e58  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
14:57:18.0004 0x0e58  RasPppoe - ok
14:57:18.0019 0x0e58  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
14:57:18.0019 0x0e58  RasSstp - ok
14:57:18.0035 0x0e58  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
14:57:18.0050 0x0e58  rdbss - ok
14:57:18.0050 0x0e58  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
14:57:18.0066 0x0e58  rdpbus - ok
14:57:18.0066 0x0e58  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
14:57:18.0066 0x0e58  RDPCDD - ok
14:57:18.0082 0x0e58  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
14:57:18.0082 0x0e58  RDPENCDD - ok
14:57:18.0097 0x0e58  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
14:57:18.0097 0x0e58  RDPREFMP - ok
14:57:18.0160 0x0e58  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
14:57:18.0175 0x0e58  RdpVideoMiniport - ok
14:57:18.0238 0x0e58  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
14:57:18.0253 0x0e58  RDPWD - ok
14:57:18.0269 0x0e58  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
14:57:18.0269 0x0e58  rdyboost - ok
14:57:18.0300 0x0e58  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
14:57:18.0316 0x0e58  RemoteAccess - ok
14:57:18.0331 0x0e58  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
14:57:18.0331 0x0e58  RemoteRegistry - ok
14:57:18.0394 0x0e58  [ 085D18C71AB2611A3D61528132B6501E, 2AD2DD88EBD8C498E3043CDAA37E83C69F7FE2FD6B65524F631527555B80C112 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
14:57:18.0409 0x0e58  RoxioNow Service - ok
14:57:18.0440 0x0e58  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
14:57:18.0440 0x0e58  RpcEptMapper - ok
14:57:18.0440 0x0e58  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
14:57:18.0440 0x0e58  RpcLocator - ok
14:57:18.0472 0x0e58  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
14:57:18.0472 0x0e58  RpcSs - ok
14:57:18.0487 0x0e58  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
14:57:18.0503 0x0e58  rspndr - ok
14:57:18.0550 0x0e58  [ E50CFB92986DCAB49DE93788FD695813, EAE103008B967B0F064EDDA551AA553EE7C22D39D14FA0BBFEF41C4D1B6C99E5 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
14:57:18.0565 0x0e58  RTL8167 - ok
14:57:18.0565 0x0e58  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
14:57:18.0565 0x0e58  SamSs - ok
14:57:18.0565 0x0e58  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
14:57:18.0581 0x0e58  sbp2port - ok
14:57:18.0581 0x0e58  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
14:57:18.0596 0x0e58  SCardSvr - ok
14:57:18.0612 0x0e58  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
14:57:18.0612 0x0e58  scfilter - ok
14:57:18.0690 0x0e58  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
14:57:18.0721 0x0e58  Schedule - ok
14:57:18.0752 0x0e58  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
14:57:18.0752 0x0e58  SCPolicySvc - ok
14:57:18.0784 0x0e58  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
14:57:18.0799 0x0e58  SDRSVC - ok
14:57:18.0815 0x0e58  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
14:57:18.0815 0x0e58  secdrv - ok
14:57:18.0830 0x0e58  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
14:57:18.0830 0x0e58  seclogon - ok
14:57:18.0830 0x0e58  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
14:57:18.0846 0x0e58  SENS - ok
14:57:18.0862 0x0e58  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
14:57:18.0862 0x0e58  SensrSvc - ok
14:57:18.0908 0x0e58  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
14:57:18.0908 0x0e58  Serenum - ok
14:57:18.0924 0x0e58  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
14:57:18.0924 0x0e58  Serial - ok
14:57:18.0940 0x0e58  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
14:57:18.0940 0x0e58  sermouse - ok
14:57:18.0955 0x0e58  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
14:57:18.0971 0x0e58  SessionEnv - ok
14:57:18.0971 0x0e58  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
14:57:18.0971 0x0e58  sffdisk - ok
14:57:19.0002 0x0e58  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
14:57:19.0002 0x0e58  sffp_mmc - ok
14:57:19.0002 0x0e58  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
14:57:19.0002 0x0e58  sffp_sd - ok
14:57:19.0033 0x0e58  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
14:57:19.0033 0x0e58  sfloppy - ok
14:57:19.0049 0x0e58  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
14:57:19.0064 0x0e58  SharedAccess - ok
14:57:19.0080 0x0e58  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:57:19.0096 0x0e58  ShellHWDetection - ok
14:57:19.0096 0x0e58  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
14:57:19.0111 0x0e58  SiSRaid2 - ok
14:57:19.0111 0x0e58  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
14:57:19.0111 0x0e58  SiSRaid4 - ok
14:57:19.0127 0x0e58  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
14:57:19.0127 0x0e58  Smb - ok
14:57:19.0158 0x0e58  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
14:57:19.0158 0x0e58  SNMPTRAP - ok
14:57:19.0174 0x0e58  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
14:57:19.0174 0x0e58  spldr - ok
14:57:19.0236 0x0e58  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
14:57:19.0236 0x0e58  Spooler - ok
14:57:19.0361 0x0e58  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
14:57:19.0470 0x0e58  sppsvc - ok
14:57:19.0486 0x0e58  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
14:57:19.0486 0x0e58  sppuinotify - ok
14:57:19.0532 0x0e58  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
14:57:19.0548 0x0e58  srv - ok
14:57:19.0579 0x0e58  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
14:57:19.0579 0x0e58  srv2 - ok
14:57:19.0595 0x0e58  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
14:57:19.0595 0x0e58  srvnet - ok
14:57:19.0610 0x0e58  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
14:57:19.0610 0x0e58  SSDPSRV - ok
14:57:19.0610 0x0e58  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
14:57:19.0610 0x0e58  SstpSvc - ok
14:57:19.0688 0x0e58  [ 605ECCCE95ACF7AF12CBCCDAB55B8DD0, 7B676B58C26D880320434066B93C7B8372421699C0006806D4E8E0E824124281 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
14:57:19.0704 0x0e58  STacSV - ok
14:57:19.0720 0x0e58  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
14:57:19.0720 0x0e58  stexstor - ok
14:57:19.0782 0x0e58  [ 5709F6AEECC9C43AD9D550FB1D882209, CF4681AE1D6B15340F5A0787E0EFB682AA3CFA15D25741364D8455C040A5997B ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
14:57:19.0798 0x0e58  STHDA - ok
14:57:19.0813 0x0e58  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
14:57:19.0813 0x0e58  StillCam - ok
14:57:19.0844 0x0e58  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
14:57:19.0860 0x0e58  stisvc - ok
14:57:19.0876 0x0e58  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
14:57:19.0876 0x0e58  swenum - ok
14:57:19.0907 0x0e58  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
14:57:19.0907 0x0e58  swprv - ok
14:57:20.0000 0x0e58  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
14:57:20.0110 0x0e58  SysMain - ok
14:57:20.0110 0x0e58  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:57:20.0125 0x0e58  TabletInputService - ok
14:57:20.0141 0x0e58  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
14:57:20.0157 0x0e58  TapiSrv - ok
14:57:20.0172 0x0e58  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
14:57:20.0172 0x0e58  TBS - ok
14:57:20.0266 0x0e58  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
14:57:20.0359 0x0e58  Tcpip - ok
14:57:20.0469 0x0e58  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
14:57:20.0484 0x0e58  TCPIP6 - ok
14:57:20.0515 0x0e58  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
14:57:20.0515 0x0e58  tcpipreg - ok
14:57:20.0671 0x0e58  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
14:57:20.0671 0x0e58  TDPIPE - ok
14:57:20.0703 0x0e58  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
14:57:20.0703 0x0e58  TDTCP - ok
14:57:20.0765 0x0e58  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
14:57:20.0781 0x0e58  tdx - ok
14:57:20.0796 0x0e58  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
14:57:20.0796 0x0e58  TermDD - ok
14:57:20.0859 0x0e58  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
14:57:20.0890 0x0e58  TermService - ok
14:57:20.0890 0x0e58  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
14:57:20.0890 0x0e58  Themes - ok
14:57:20.0921 0x0e58  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
14:57:20.0921 0x0e58  THREADORDER - ok
14:57:20.0968 0x0e58  [ 72A25CAE92F5A57D1F3D278A94DC3CEB, B8CE1D1BE10325862960E5F0C48BF222DCB6582C189E7E527FC957365F808F7E ] tihub3          C:\Windows\system32\drivers\tihub3.sys
14:57:20.0968 0x0e58  tihub3 - ok
14:57:21.0015 0x0e58  [ E0F9E190B41F190BCF2E2B865D061FD6, 9E33625C0AC0AEE6CE4BD9CE837F2F39CEA3771B613F6ACC7486526CE606EEF7 ] tixhci          C:\Windows\system32\drivers\tixhci.sys
14:57:21.0015 0x0e58  tixhci - ok
14:57:21.0030 0x0e58  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
14:57:21.0030 0x0e58  TrkWks - ok
14:57:21.0077 0x0e58  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:57:21.0077 0x0e58  TrustedInstaller - ok
14:57:21.0124 0x0e58  [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
14:57:21.0124 0x0e58  tssecsrv - ok
14:57:21.0155 0x0e58  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
14:57:21.0155 0x0e58  TsUsbFlt - ok
14:57:21.0186 0x0e58  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
14:57:21.0186 0x0e58  TsUsbGD - ok
14:57:21.0217 0x0e58  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
14:57:21.0217 0x0e58  tunnel - ok
14:57:21.0249 0x0e58  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
14:57:21.0249 0x0e58  uagp35 - ok
14:57:21.0280 0x0e58  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
14:57:21.0295 0x0e58  udfs - ok
14:57:21.0311 0x0e58  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
14:57:21.0311 0x0e58  UI0Detect - ok
14:57:21.0327 0x0e58  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
14:57:21.0327 0x0e58  uliagpkx - ok
14:57:21.0342 0x0e58  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
14:57:21.0342 0x0e58  umbus - ok
14:57:21.0373 0x0e58  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
14:57:21.0373 0x0e58  UmPass - ok
14:57:21.0498 0x0e58  [ 758C2CE427C343F780A205E28555C98D, E3413BA433CD26DD61D3257B08B8354478A049A972EFAC53C303690BC71DD7E1 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
14:57:21.0561 0x0e58  UNS - ok
14:57:21.0607 0x0e58  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
14:57:21.0623 0x0e58  upnphost - ok
14:57:21.0654 0x0e58  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
14:57:21.0654 0x0e58  usbccgp - ok
14:57:21.0685 0x0e58  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
14:57:21.0685 0x0e58  usbcir - ok
14:57:21.0732 0x0e58  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
14:57:21.0732 0x0e58  usbehci - ok
14:57:21.0748 0x0e58  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
14:57:21.0763 0x0e58  usbhub - ok
14:57:21.0779 0x0e58  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
14:57:21.0795 0x0e58  usbohci - ok
14:57:21.0795 0x0e58  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
14:57:21.0795 0x0e58  usbprint - ok
14:57:21.0826 0x0e58  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
14:57:21.0826 0x0e58  usbscan - ok
14:57:21.0857 0x0e58  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\drivers\usbser.sys
14:57:21.0857 0x0e58  usbser - ok
14:57:21.0888 0x0e58  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:57:21.0888 0x0e58  USBSTOR - ok
14:57:21.0888 0x0e58  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
14:57:21.0888 0x0e58  usbuhci - ok
14:57:21.0904 0x0e58  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
14:57:21.0904 0x0e58  UxSms - ok
14:57:21.0904 0x0e58  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
14:57:21.0904 0x0e58  VaultSvc - ok
14:57:21.0919 0x0e58  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
14:57:21.0919 0x0e58  vdrvroot - ok
14:57:21.0951 0x0e58  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
14:57:21.0966 0x0e58  vds - ok
14:57:21.0982 0x0e58  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
14:57:21.0982 0x0e58  vga - ok
14:57:21.0982 0x0e58  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
14:57:21.0982 0x0e58  VgaSave - ok
14:57:22.0013 0x0e58  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
14:57:22.0013 0x0e58  vhdmp - ok
14:57:22.0044 0x0e58  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
14:57:22.0044 0x0e58  viaide - ok
14:57:22.0075 0x0e58  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
14:57:22.0075 0x0e58  volmgr - ok
14:57:22.0107 0x0e58  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
14:57:22.0107 0x0e58  volmgrx - ok
14:57:22.0138 0x0e58  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
14:57:22.0138 0x0e58  volsnap - ok
14:57:22.0169 0x0e58  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
14:57:22.0169 0x0e58  vsmraid - ok
14:57:22.0231 0x0e58  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
14:57:22.0278 0x0e58  VSS - ok
14:57:22.0278 0x0e58  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
14:57:22.0278 0x0e58  vwifibus - ok
14:57:22.0294 0x0e58  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
14:57:22.0294 0x0e58  vwififlt - ok
14:57:22.0325 0x0e58  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
14:57:22.0325 0x0e58  vwifimp - ok
14:57:22.0356 0x0e58  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
14:57:22.0372 0x0e58  W32Time - ok
14:57:22.0387 0x0e58  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
14:57:22.0387 0x0e58  WacomPen - ok
14:57:22.0403 0x0e58  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
14:57:22.0403 0x0e58  WANARP - ok
14:57:22.0419 0x0e58  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
14:57:22.0419 0x0e58  Wanarpv6 - ok
14:57:22.0497 0x0e58  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
14:57:22.0559 0x0e58  WatAdminSvc - ok
14:57:22.0606 0x0e58  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
14:57:22.0653 0x0e58  wbengine - ok
14:57:22.0668 0x0e58  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
14:57:22.0668 0x0e58  WbioSrvc - ok
14:57:22.0699 0x0e58  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
14:57:22.0699 0x0e58  wcncsvc - ok
14:57:22.0699 0x0e58  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:57:22.0715 0x0e58  WcsPlugInService - ok
14:57:22.0715 0x0e58  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
14:57:22.0715 0x0e58  Wd - ok
14:57:22.0777 0x0e58  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
14:57:22.0793 0x0e58  Wdf01000 - ok
14:57:22.0824 0x0e58  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
14:57:22.0824 0x0e58  WdiServiceHost - ok
14:57:22.0824 0x0e58  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
14:57:22.0824 0x0e58  WdiSystemHost - ok
14:57:22.0871 0x0e58  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
14:57:22.0871 0x0e58  WebClient - ok
14:57:22.0902 0x0e58  [ D5BA7D43FA2EF656BF7E98A188391E40, 56CF132B7C43A0F9C7C4D070730315FE7AFD2E87E94014DFC3D7107BB52B9C64 ] Wecsvc          C:\Windows\system32\wecsvc.dll
14:57:22.0902 0x0e58  Wecsvc - ok
14:57:22.0933 0x0e58  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
14:57:22.0933 0x0e58  wercplsupport - ok
14:57:22.0949 0x0e58  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
14:57:22.0949 0x0e58  WerSvc - ok
14:57:22.0965 0x0e58  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
14:57:22.0965 0x0e58  WfpLwf - ok
14:57:22.0996 0x0e58  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
14:57:22.0996 0x0e58  WIMMount - ok
14:57:23.0027 0x0e58  WinDefend - ok
14:57:23.0027 0x0e58  WinHttpAutoProxySvc - ok
14:57:23.0089 0x0e58  [ 136760C1E9697BAF4ECDEAE5590A0806, 12E80D0923D794F4C520FEA7CB98EF581231B996FB1876EB20995E6E457EFF56 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
14:57:23.0089 0x0e58  Winmgmt - ok
14:57:23.0214 0x0e58  [ 3BB6B401A780BF434C8F58137DE10BF7, 1A377C39B78B92A1A1FED699EE5E5ED0271A6FFAC143F1D29FC1FDF4D726A522 ] WinRM           C:\Windows\system32\WsmSvc.dll
14:57:23.0323 0x0e58  WinRM - ok
14:57:23.0401 0x0e58  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
14:57:23.0401 0x0e58  WinUsb - ok
14:57:23.0448 0x0e58  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
14:57:23.0464 0x0e58  Wlansvc - ok
14:57:23.0511 0x0e58  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:57:23.0511 0x0e58  wlcrasvc - ok
14:57:23.0698 0x0e58  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:57:23.0776 0x0e58  wlidsvc - ok
14:57:23.0807 0x0e58  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
14:57:23.0807 0x0e58  WmiAcpi - ok
14:57:23.0838 0x0e58  [ 4DF841632B62A7CF19A79A05046A8AB1, D80F28FD7FEB95DB83976EAFECB2E9AE1423DA4D34EC5D820FC39A33444B82DA ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
14:57:23.0838 0x0e58  wmiApSrv - ok
14:57:23.0854 0x0e58  WMPNetworkSvc - ok
14:57:23.0854 0x0e58  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
14:57:23.0854 0x0e58  WPCSvc - ok
14:57:23.0885 0x0e58  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
14:57:23.0885 0x0e58  WPDBusEnum - ok
14:57:23.0901 0x0e58  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
14:57:23.0901 0x0e58  ws2ifsl - ok
14:57:23.0916 0x0e58  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
14:57:23.0916 0x0e58  wscsvc - ok
14:57:23.0947 0x0e58  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
14:57:23.0947 0x0e58  WSDPrintDevice - ok
14:57:23.0947 0x0e58  WSearch - ok
14:57:24.0057 0x0e58  [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv        C:\Windows\system32\wuaueng.dll
14:57:24.0150 0x0e58  wuauserv - ok
14:57:24.0197 0x0e58  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
14:57:24.0197 0x0e58  WudfPf - ok
14:57:24.0228 0x0e58  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
14:57:24.0228 0x0e58  WUDFRd - ok
14:57:24.0244 0x0e58  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
14:57:24.0259 0x0e58  wudfsvc - ok
14:57:24.0306 0x0e58  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
14:57:24.0306 0x0e58  WwanSvc - ok
14:57:24.0322 0x0e58  ================ Scan global ===============================
14:57:24.0353 0x0e58  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
14:57:24.0415 0x0e58  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
14:57:24.0447 0x0e58  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
14:57:24.0478 0x0e58  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
14:57:24.0525 0x0e58  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
14:57:24.0540 0x0e58  [ Global ] - ok
14:57:24.0540 0x0e58  ================ Scan MBR ==================================
14:57:24.0556 0x0e58  [ AEE8A7EFBC064B3A978C82BF3E892B48 ] \Device\Harddisk0\DR0
14:57:24.0961 0x0e58  \Device\Harddisk0\DR0 - ok
14:57:24.0961 0x0e58  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
14:57:24.0977 0x0e58  \Device\Harddisk1\DR1 - ok
14:57:24.0977 0x0e58  ================ Scan VBR ==================================
14:57:24.0977 0x0e58  [ 33EC28ED3DB564C2FA6290D90239F601 ] \Device\Harddisk0\DR0\Partition1
14:57:25.0055 0x0e58  \Device\Harddisk0\DR0\Partition1 - ok
14:57:25.0055 0x0e58  [ 0924A70111444C660C2B54B71970D985 ] \Device\Harddisk0\DR0\Partition2
14:57:25.0133 0x0e58  \Device\Harddisk0\DR0\Partition2 - ok
14:57:25.0149 0x0e58  [ F098E72FAF10D3A547FF41ED42923D30 ] \Device\Harddisk0\DR0\Partition3
14:57:25.0149 0x0e58  \Device\Harddisk0\DR0\Partition3 - ok
14:57:25.0149 0x0e58  [ 38B85BE174A03889CE037A1C30FAC82F ] \Device\Harddisk1\DR1\Partition1
14:57:25.0195 0x0e58  \Device\Harddisk1\DR1\Partition1 - ok
14:57:25.0195 0x0e58  ================ Scan generic autorun ======================
14:57:25.0227 0x0e58  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
14:57:25.0242 0x0e58  hpsysdrv - ok
14:57:25.0336 0x0e58  [ 35BA4E6632BA690EA6421C1E03537D0E, 99D6B4DB12ABE3A7F44AB1B2D626978E85231185AE280D9516986027BC8385CB ] c:\Program Files\Microsoft Security Client\msseces.exe
14:57:25.0414 0x0e58  MSC - ok
14:57:25.0476 0x0e58  [ AD6C376374C21EC68DF33884613D0A05, 65E0668A2A24B9EF2BDABDE044D240F110AEC8B1EF838AB28084B7F899D2A75E ] C:\Program Files\IDT\WDM\sttray64.exe
14:57:25.0539 0x0e58  SysTrayApp - ok
14:57:25.0601 0x0e58  [ CF28CEEEFA8253E4704ADD61573B792F, A73356BAB83345EE665F8B48FD586819B2A44B7DCB8B8D11C8F34B0B2F332DC3 ] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
14:57:25.0617 0x0e58  WinPatrol - ok
14:57:25.0617 0x0e58  MSPCLOCK - ok
14:57:25.0617 0x0e58  MSPQM - ok
14:57:25.0617 0x0e58  MSKSSRV - ok
14:57:25.0617 0x0e58  MSTEE.CxTransform - ok
14:57:25.0617 0x0e58  MSTEE.Splitter - ok
14:57:25.0632 0x0e58  WDM_DRMKAUD - ok
14:57:25.0632 0x0e58  *EmptyTemp - ok
14:57:25.0695 0x0e58  [ DD0FD63B10C56A0B4E880FB658200BE8, EE7C033FB69F9824836A68708584F5B6C25559BFB43174EAE1CF6ECB215BC684 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
14:57:25.0726 0x0e58  StartCCC - ok
14:57:25.0773 0x0e58  [ D2EEB58B35C841EDAE333619E0AD5B02, EE42CECD1BC113B1BA511D2FAC4F9EB37D19955209DDCF3C85DF7DAFB7E32055 ] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe
14:57:25.0788 0x0e58  LaunchHPOSIAPP - ok
14:57:25.0866 0x0e58  [ BDA151E0D1EAB08647FD887EB19BBDB8, A678074E2257798D75E7578D37B2D41D26399784582FAC800C58E712604FF1D9 ] C:\Program Files (x86)\PDF Complete\pdfsty.exe
14:57:25.0882 0x0e58  PDF Complete - ok
14:57:25.0929 0x0e58  [ C637FC4638A96165256B28D38DE7B953, CD658543610F151C7860DBDCF36596C9B5417D87E598FA50A435392D4AED1C14 ] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
14:57:25.0929 0x0e58  HP Software Update - ok
14:57:25.0944 0x0e58  [ CF28CEEEFA8253E4704ADD61573B792F, A73356BAB83345EE665F8B48FD586819B2A44B7DCB8B8D11C8F34B0B2F332DC3 ] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe
14:57:25.0960 0x0e58  WinPatrol - ok
14:57:26.0038 0x0e58  [ 9CEE13DDCF207923A1849A8371E714E9, F1265E1065AEC5CC1397617F6EB9D6321A1B6B14447D4BA0FE23AC7532675403 ] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe
14:57:26.0038 0x0e58  Malwarebytes Anti-Malware (cleanup) - ok
14:57:26.0194 0x0e58  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\hp\HP ENVY 110 series\Bin\ScanToPCActivationApp.exe
14:57:26.0272 0x0e58  HP ENVY 110 series (NET) - ok
14:57:26.0272 0x0e58  Waiting for KSN requests completion. In queue: 335
14:57:27.0286 0x0e58  Waiting for KSN requests completion. In queue: 24
14:57:28.0300 0x0e58  Waiting for KSN requests completion. In queue: 24
14:57:29.0345 0x0e58  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.8.204.0 ), 0x61000 ( enabled : updated )
14:57:29.0376 0x0e58  Win FW state via NFP2: enabled ( trusted )
14:57:32.0231 0x0e58  ============================================================
14:57:32.0231 0x0e58  Scan finished
14:57:32.0231 0x0e58  ============================================================
14:57:32.0231 0x008c  Detected object count: 0
14:57:32.0231 0x008c  Actual detected object count: 0
14:58:08.0002 0x0c0c  Deinitialize success

I've checked some basic functions (Firefox) (Documents: read, recycle bin) calculator says 2+2=4, search in Computer......

It all looks normal.  No missing files, strange goings on, hordes of Mordor, or tentacle monsters from the deep erupting from my desktop scene.

Or is that what they said in Ghostbusters before the giant Marshmallow Man made an appearance? ;)

Oh.  I am getting a laugh over those earlier lines on ShortCutArgument.  Makes me recall some family vacation outings.  "Don't you dare!  Stay on the main road!"

Thank you for the rest of the log.  I did like seeing "Detected object count: 0". 

Fortunately the scans with ESET, Panda, MSE, Malwarebytes and TDSSKiller all proved negative so all we can do is figure that the first indication was a false/positive that was corrected by the time you scanned later with MSE.  Even more fortunately, you haven't lost your sense of humor.

Considering what you experienced with the Panda scan, you may want to take a look at Unchecky.  It automatically unchecks the boxes that allow companies to install promotional crapware on your computer, and issues warnings if you accidentally agree to install something you may not want.   http://unchecky.com/

Let's take care of removing the tools used:

Please download Delfix from here (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix).

Ensure the following boxes are checked:

• Remove disinfection tools
  
• Create registry backup
  
• Purge system restore
  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fwww.hdrcgb.org.uk%2Fg2g%2Fdelfix.jpg&hash=430c0d18b39654835cac5f1633ed1b23348d76f1)
  
• Click Run
  

The program will run for a few moments and then notepad will open with a log.   Please paste the log in your next reply.

# DelFix v1.011 - Logfile created 04/12/2015 at 16:57:54
# Updated 18/08/2015 by Xplode
# Username : Kathleen - HOME-DESKTOP
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : \FRST
Deleted : \ComboFix.txt
Deleted : \TDSSKiller.3.1.0.7_04.12.2015_14.56.12_log.txt
Deleted : C:\Users\Kathleen\Downloads\dds(1).scr
Deleted : C:\Users\Kathleen\Downloads\dds.scr
Deleted : C:\Users\Kathleen\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Kathleen\Downloads\TFC.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\Swearware

~ Creating registry backup ... OK

~ Cleaning system restore ...


New restore point created !

########## - EOF - ##########

Ha!  Swearware?  -chuckles-

Definitely going to check out that software you linked.  There's probably been a dozen times over the years where I missed some sneaky, so-and-so optional software that they like to gift people with.

Yep, a sense of humor is a lifesaver these days.

Speaking of which:

Harry Potter (my HP computer) is truly free from horcruxes!  Yes!

It goes without saying that if I gave you all the 'thank you's you deserved I'd surely sink the kilobyte capacity of the servers or something.
So I figure for payment I could do something like committ a hundred acts of kindness in your name.
As a bonus--should anyone dislike my acts of kindness and want to call the cops--I can give them GR@PH;<'S name instead.  ;)

You are most welcome, Kyer.  I was very happy to help.  I'll just bet you were able to type GR@PH;<'S from memory too and didn't need to copy/paste!

Yup, swearware -- leftover from ComboFix.  Delfix cleaned up that and an OldTimer file too (his programs aren't being updated either).

BTW, seeing as how December 8 is the second Tuesday of the month, you can expect a likely Flash Player update.  You can set Flash Player to auto-update. Just click Start > Settings > Control Panel > Flash Player.  The setting is in the Updates tab.  Although I have that setting, I don't like to wait for Adobe to get around to updating my browsers so I use the direct download links.  The latest version will be posted here in the Security Alerts & Briefings (http://www.landzdown.com/security-alerts-briefings/) forum.  No unwanted extras to uncheck with the auto-update or direct download links either.

Um.... [shifty key eyes]... yeah....let's go with the 'no copy/paste'.  Sure.  [thumbs up]


Adobe makes me itch, but so many webpages require their programs.
I should do the auto update considering that my time-honored method of keeping a bookmark for their site (and somehow losing it) was what started this whole mess.  (Missed the last few episodes of The Flash on CW and tried to watch them on their site.  For some reason they suddenly wanted Flash Player 10 or above....and wouldn't let me view the videos.  So I make one error in typing the address....

The rest goes without saying.  It was a stupid thing to do.  I'll blame holiday madness causing lack of sleep.  This caused a lot more lack of sleep.

Silver lining though.... it gave me the extra push to finally log on here again and check up on the latest computer news that I've been neglecting.

Well.... yes, lack of sleep.  Need to rectify that now.

Harry Potter also needs to rest to after all those doctor exams.

:)  Muchas gracias!

Oh sure, I highly doubt Harry Potter is going to get much rest while you catch up on The Flash.  :D