Yesterday all of a sudden my skype randomly sent a link to everyone on my contact list. It was a google/youtube type of link with their name included in it and when they clicked on it it was some sort of celebrity video.

I am a little concerned as a lot of my contacts are poker players so I would really like to ensure I deal with this properly so no one is compromised. I will follow the advice in the sticky and post here. I appreciate any help I can get!

Had to split into two posts as the text was too long

Part 1

06:54:23.0903 0xc294 TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
06:54:23.0903 0xc294 UEFI system
06:54:28.0447 0xc294 ================================================== ==========
06:54:28.0447 0xc294 Current date / time: 2016/02/01 06:54:28.0447
06:54:28.0447 0xc294 SystemInfo:
06:54:28.0447 0xc294
06:54:28.0447 0xc294 OS Version: 6.3.9600 ServicePack: 0.0
06:54:28.0447 0xc294 Product type: Workstation
06:54:28.0447 0xc294 ComputerName: PAUL
06:54:28.0447 0xc294 UserName: pauloneill86
06:54:28.0447 0xc294 Windows directory: C:\Windows
06:54:28.0447 0xc294 System windows directory: C:\Windows
06:54:28.0447 0xc294 Running under WOW64
06:54:28.0447 0xc294 Processor architecture: Intel x64
06:54:28.0447 0xc294 Number of processors: 8
06:54:28.0447 0xc294 Page size: 0x1000
06:54:28.0447 0xc294 Boot type: Normal boot
06:54:28.0447 0xc294 ================================================== ==========
06:54:28.0505 0xc294 KLMD registered as C:\Windows\system32\drivers\74409357.sys
06:54:28.0951 0xc294 System UUID: {A3981FEE-1F89-6638-B2F8-7F5B1ED43445}
06:54:29.0275 0xc294 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 ( 233.76 Gb ), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:54:29.0279 0xc294 ================================================== ==========
06:54:29.0279 0xc294 \Device\Harddisk0\DR0:
06:54:29.0279 0xc294 GPT partitions:
06:54:29.0279 0xc294 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {48E6B24A-AF37-40A7-8928-8B03208282FF}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000
06:54:29.0279 0xc294 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {53746F72-6167-11AA-AA11-00306543ECAC}, UniqueGUID: {7B28AA14-E34F-4034-B11A-5F4BC4A4DF37}, Name: Untitled, StartLBA 0x64028, BlocksNum 0xB913210
06:54:29.0279 0xc294 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {426F6F74-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {98ADFA28-0FF3-41F0-A40B-8BF51F8E0616}, Name: Recovery HD, StartLBA 0xB977238, BlocksNum 0x135F20
06:54:29.0279 0xc294 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D6A6B24F-1E97-4738-B5C7-B13BB49893C0}, Name: BOOTCAMP, StartLBA 0xBAAD800, BlocksNum 0x118D8800
06:54:29.0279 0xc294 MBR partitions:
06:54:29.0279 0xc294 ================================================== ==========
06:54:29.0280 0xc294 C: <-> \Device\Harddisk0\DR0\Partition4
06:54:29.0280 0xc294 ================================================== ==========
06:54:29.0280 0xc294 Initialize success
06:54:29.0280 0xc294 ================================================== ==========
06:55:04.0534 0x9750 ================================================== ==========
06:55:04.0534 0x9750 Scan started
06:55:04.0534 0x9750 Mode: Manual; SigCheck; TDLFS;
06:55:04.0534 0x9750 ================================================== ==========
06:55:04.0534 0x9750 KSN ping started
06:55:06.0901 0x9750 KSN ping finished: true
06:55:07.0504 0x9750 ================ Scan system memory ========================
06:55:07.0504 0x9750 System memory - ok
06:55:07.0504 0x9750 ================ Scan services =============================
06:55:07.0547 0x9750 [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A 05B988C1D6CC23 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
06:55:07.0572 0x9750 1394ohci - ok
06:55:07.0579 0x9750 [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542 A4C345C503FB02 ] 3ware C:\Windows\system32\drivers\3ware.sys
06:55:07.0586 0x9750 3ware - ok
06:55:07.0603 0x9750 [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77 BB64F69C3C21F5 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:55:07.0619 0x9750 ACPI - ok
06:55:07.0623 0x9750 [ CFA8E06DEFA40BA2702FA92A98BDAA86, CDAD728F6E65026C6B8F348FE09312D024674FB4FDE08749D8 36EF4FFCF99F0F ] acpials C:\Windows\System32\drivers\acpials.sys
06:55:07.0633 0x9750 acpials - ok
06:55:07.0637 0x9750 [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE787519184576 4B890A8CA5AFA9 ] acpiex C:\Windows\system32\Drivers\acpiex.sys
06:55:07.0645 0x9750 acpiex - ok
06:55:07.0648 0x9750 [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5F D0F86A5622C791 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
06:55:07.0655 0x9750 acpipagr - ok
06:55:07.0657 0x9750 [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8 761178C0B84A45 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
06:55:07.0665 0x9750 AcpiPmi - ok
06:55:07.0668 0x9750 [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E 6645289A04E293 ] acpitime C:\Windows\System32\drivers\acpitime.sys
06:55:07.0674 0x9750 acpitime - ok
06:55:07.0679 0x9750 [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D332 8443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:55:07.0685 0x9750 AdobeARMservice - ok
06:55:07.0712 0x9750 [ 295A5BFCE8D225D014DB4E6E69336279, F786F06F0EE3253FA936FA5D73FD9AC704FAB19BE76C60C65A EAD399DC93F9C5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
06:55:07.0720 0x9750 AdobeFlashPlayerUpdateSvc - ok
06:55:07.0736 0x9750 [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F96 5FAC8ABCCAF0F8 ] ADP80XX C:\Windows\system32\drivers\ADP80XX.SYS
06:55:07.0757 0x9750 ADP80XX - ok
06:55:07.0764 0x9750 [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B1 78BA257715B992 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:55:07.0780 0x9750 AeLookupSvc - ok
06:55:07.0793 0x9750 [ A460C3AF3755A2A79A3C8EFE72E147B5, 62CEA85DA53D86D3E7B5D79F94095C6126FFF3DEE1427BBF3D EF5EA366B4513B ] AFD C:\Windows\system32\drivers\afd.sys
06:55:07.0816 0x9750 AFD - ok
06:55:07.0821 0x9750 [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A 67E48EE91D2093 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:55:07.0828 0x9750 agp440 - ok
06:55:07.0832 0x9750 [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539E F0E45AB5453DD1 ] ahcache C:\Windows\system32\DRIVERS\ahcache.sys
06:55:07.0843 0x9750 ahcache - ok
06:55:07.0848 0x9750 [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF 9AB6E7B26E545C ] ALG C:\Windows\System32\alg.exe
06:55:07.0859 0x9750 ALG - ok
06:55:07.0864 0x9750 [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA544333102089 9698EB5114A0FB ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
06:55:07.0873 0x9750 AmdK8 - ok
06:55:07.0877 0x9750 [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE 5A19A1B7797879 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
06:55:07.0885 0x9750 AmdPPM - ok
06:55:07.0889 0x9750 [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A8 1D4223ED204C35 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:55:07.0895 0x9750 amdsata - ok
06:55:07.0902 0x9750 [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A 1A0BF3AB8B1FF8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
06:55:07.0912 0x9750 amdsbs - ok
06:55:07.0916 0x9750 [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EF E6BD35FF6FD717 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:55:07.0922 0x9750 amdxata - ok
06:55:07.0970 0x9750 [ 848A5573CEF4D55439DDD460067F61C0, 6131DC95F6E74E7ACE3F5DE9F3C34DCF8E00A8A2F7B46AB4C2 F1FF6B3A959620 ] appdrv01 C:\Windows\system32\Drivers\appdrv01.sys
06:55:08.0025 0x9750 appdrv01 - ok
06:55:08.0033 0x9750 appdrvrem01 - ok
06:55:08.0036 0x9750 [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC 052216B2C846EC ] AppID C:\Windows\system32\drivers\appid.sys
06:55:08.0048 0x9750 AppID - ok
06:55:08.0051 0x9750 [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359 E82A1F48180D4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:55:08.0058 0x9750 AppIDSvc - ok
06:55:08.0062 0x9750 [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA4 4F83EAEC7130F8 ] Appinfo C:\Windows\System32\appinfo.dll
06:55:08.0074 0x9750 Appinfo - ok
06:55:08.0077 0x9750 [ 20B9968123B3890FCD75D42C2F0AE4DA, 262A11A717A22CAF06EB0AB099664689A7AFC01A7752AEED63 FD41081928B937 ] AppleBtBc C:\Windows\system32\DRIVERS\AppleBtBc.sys
06:55:08.0084 0x9750 AppleBtBc - ok
06:55:08.0114 0x9750 [ C21296CF9A61AE7F90C07D4EAE68FD05, 6EC37D48C0764ED059DD49F472456A4F70150297D6397B7CC7 965034CF78627E ] AppleCamera C:\Windows\system32\DRIVERS\AppleCamera.sys
06:55:08.0150 0x9750 AppleCamera - ok
06:55:08.0157 0x9750 [ 0D01560225FBC6D0EAFFD2ADD688010B, CE0CA347C48D1C5C668C1C0C2A97EA7F6E732227399E7A36BB 0C7CC7E3EF4E54 ] AppleHFS C:\Windows\system32\drivers\AppleHFS.sys
06:55:08.0162 0x9750 AppleHFS - ok
06:55:08.0165 0x9750 [ 2454D4893D4E8465E09B35B16FFBDC1B, 683C552DF75C3EBE45241FAFCB412814365CD6C19FED392A6A A9FCFE47B9A07C ] AppleMNT C:\Windows\system32\drivers\AppleMNT.sys
06:55:08.0169 0x9750 AppleMNT - ok
06:55:08.0174 0x9750 [ FDE689F2EFA99AB796DCA848124D73AA, 70610CD08CEDEB7317E86DB8C9038BD7BC3AE720378A4616B1 CD7C5A2913FA08 ] applemtm C:\Windows\system32\DRIVERS\applemtm.sys
06:55:08.0180 0x9750 applemtm - ok
06:55:08.0184 0x9750 [ 8012EDF248D3A3F7CB2EA7163DA4E65E, 750DEEB3DF236CC36AF7C317D2BABA3E12E5AE14914719ADAE 98298CF9E54B1C ] applemtp C:\Windows\system32\DRIVERS\applemtp.sys
06:55:08.0190 0x9750 applemtp - ok
06:55:08.0196 0x9750 [ BBB75684520B3BCDED33660CD32344B4, 43340B50D4C3CEA1730E0A1E8521AE65E004AA3575F3432981 E9A6DE2764CD89 ] AppleOSSMgr C:\Windows\system32\AppleOSSMgr.exe
06:55:08.0203 0x9750 AppleOSSMgr - ok
06:55:08.0206 0x9750 [ 20F669088819DBEE779B3688AFFDC0BD, FAD579B62E5327960DF221DD38986358E5B7D022A33CC71CA2 5C73FEAC3E5777 ] AppleSDR C:\Windows\system32\DRIVERS\AppleSDR.sys
06:55:08.0212 0x9750 AppleSDR - ok
06:55:08.0216 0x9750 [ F23F359A345F0DFACF3741CBB03F2435, EEA7CEE897A04FE4617E93BE2E420EB7F40E89D6A1686101E1 E060DDAD2BD564 ] applewirelessmouse C:\Windows\System32\drivers\applewirelessmouse.sys
06:55:08.0223 0x9750 applewirelessmouse - ok
06:55:08.0229 0x9750 [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10E D387A2B99EC216 ] AppMgmt C:\Windows\System32\appmgmts.dll
06:55:08.0290 0x9750 AppMgmt - ok
06:55:08.0302 0x9750 [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C 2229ED8753B269 ] AppReadiness C:\Windows\system32\AppReadiness.dll
06:55:08.0322 0x9750 AppReadiness - ok
06:55:08.0348 0x9750 [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6A A944674DD993D3 ] AppXSvc C:\Windows\system32\appxdeploymentserver.dll
06:55:08.0380 0x9750 AppXSvc - ok
06:55:08.0387 0x9750 [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD3 8BA0D0D8747FAA ] arcsas C:\Windows\system32\drivers\arcsas.sys
06:55:08.0394 0x9750 arcsas - ok
06:55:08.0397 0x9750 [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D79 62EE5EE2C3C3D9 ] atapi C:\Windows\system32\drivers\atapi.sys
06:55:08.0402 0x9750 atapi - ok
06:55:08.0409 0x9750 [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A 0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
06:55:08.0423 0x9750 AudioEndpointBuilder - ok
06:55:08.0442 0x9750 [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE4 32083730EEE3F5 ] Audiosrv C:\Windows\System32\Audiosrv.dll
06:55:08.0463 0x9750 Audiosrv - ok
06:55:08.0469 0x9750 [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A 23F85B79405ED2 ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:55:08.0480 0x9750 AxInstSV - ok
06:55:08.0492 0x9750 [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D1 6A62D39A606A79 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
06:55:08.0508 0x9750 b06bdrv - ok
06:55:08.0514 0x9750 [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2F BF4BA4BA14F2DD ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
06:55:08.0549 0x9750 BasicDisplay - ok
06:55:08.0553 0x9750 [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB 640918948847F7 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
06:55:08.0563 0x9750 BasicRender - ok
06:55:08.0702 0x9750 [ 0AFC9C43C91827151A5DEBEA796139B6, AEF64C5FF3C2DD9D6CF16B8A9269BDA9A8FE9C27082BF15F67 FBBB07248075FF ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl63a.sys
06:55:08.0847 0x9750 BCM43XX - ok
06:55:08.0865 0x9750 [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB 27F2A2FF721857 ] bcmfn2 C:\Windows\System32\drivers\bcmfn2.sys
06:55:08.0869 0x9750 bcmfn2 - ok
06:55:08.0877 0x9750 [ 4B6F61BD394DCEDA9B06D702836531C2, 83C739467BD9A00FE09BCE83BB9409EA2DA62FCDD2384F9EE9 8626226223E918 ] BDESVC C:\Windows\System32\bdesvc.dll
06:55:08.0891 0x9750 BDESVC - ok
06:55:08.0895 0x9750 [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF1 9ECC7585E073FC ] Beep C:\Windows\system32\drivers\Beep.sys
06:55:08.0903 0x9750 Beep - ok
06:55:08.0921 0x9750 [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B 924EBA202ECEC5 ] BFE C:\Windows\System32\bfe.dll
06:55:08.0945 0x9750 BFE - ok
06:55:08.0964 0x9750 [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC3 7A9173B9C5D489 ] BITS C:\Windows\System32\qmgr.dll
06:55:08.0990 0x9750 BITS - ok
06:55:08.0995 0x9750 [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD2 7450D881F1142D ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:55:09.0149 0x9750 bowser - ok
06:55:09.0156 0x9750 [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284E D69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
06:55:09.0170 0x9750 BrokerInfrastructure - ok
06:55:09.0175 0x9750 [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0 880470CBE40EF4 ] Browser C:\Windows\System32\browser.dll
06:55:09.0188 0x9750 Browser - ok
06:55:09.0191 0x9750 [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E 1A2C06E36D4381 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
06:55:09.0199 0x9750 BthAvrcpTg - ok
06:55:09.0203 0x9750 [ 1104A31260CCF4318C884E0AE6C513BF, A8F83B558944DEF0F84414A11DC3CB90C3A92377B46760EC0A 9B8BC22FB0D5C7 ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
06:55:09.0214 0x9750 BthEnum - ok
06:55:09.0218 0x9750 [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E 8E0EAF3074C925 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
06:55:09.0228 0x9750 BthHFEnum - ok
06:55:09.0232 0x9750 [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070B CAD7BE2D8ED000 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
06:55:09.0239 0x9750 bthhfhid - ok
06:55:09.0248 0x9750 [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E30 89BDD061C63A19 ] BthHFSrv C:\Windows\System32\BthHFSrv.dll
06:55:09.0259 0x9750 BthHFSrv - ok
06:55:09.0267 0x9750 [ D30C67473A2E229662D21F27EAA9AAA5, D009C4836B0DFE963D8E3DEEDE611068838F2BBCAB146E6D70 692FAB838E11F1 ] BthLEEnum C:\Windows\System32\drivers\BthLEEnum.sys
06:55:09.0280 0x9750 BthLEEnum - ok
06:55:09.0284 0x9750 [ 07E33226AD218A2A162662A05CAFB52F, 0AC3D8B79EDA6DA232FA4E1CAF6592420A9EDE96350D1F0504 C2434261684F0B ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
06:55:09.0292 0x9750 BTHMODEM - ok
06:55:09.0297 0x9750 [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D38202994 8A5E6221EDF788 ] BthPan C:\Windows\System32\drivers\bthpan.sys
06:55:09.0308 0x9750 BthPan - ok
06:55:09.0339 0x9750 [ 0CC00ADC1B84C93FB46E1A0974E956E1, 64C759244651B916901F4D0C82C3D6034532A20714A72FD26F C9D050B99E230B ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
06:55:09.0365 0x9750 BTHPORT - ok
06:55:09.0371 0x9750 [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F317 3F08EC17228356 ] bthserv C:\Windows\system32\bthserv.dll
06:55:09.0382 0x9750 bthserv - ok
06:55:09.0387 0x9750 [ 08EA90955AED2D959EE67DF6EDF0E2B6, 0A70AA67E5DD24C473C66A570C0FEBA9D398A0F0AD8386FE05 D01C4D16346968 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
06:55:09.0394 0x9750 BTHUSB - ok
06:55:09.0421 0x9750 [ 52AE2CDD37AB735FBDA52263EFD524AA, 844103913E6079CC1C49B05FFB1CDC9A68692A8EE5A05C9C28 FD272DFE534913 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe
06:55:09.0450 0x9750 c2cautoupdatesvc - ok
06:55:09.0482 0x9750 [ C35B91B6777E7C6DB67B8583D2AA66A7, CE3A004B560EB750442150FEEFEE074A11A17E66B3F2A489E8 EF1DBCF8FE8390 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
06:55:09.0516 0x9750 c2cpnrsvc - ok
06:55:09.0523 0x9750 [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC99 01F482FC36C978 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:55:09.0533 0x9750 cdfs - ok
06:55:09.0540 0x9750 [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E5 98455CBB78139C ] cdrom C:\Windows\System32\drivers\cdrom.sys
06:55:09.0550 0x9750 cdrom - ok
06:55:09.0555 0x9750 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28 647B1249C15018 ] CertPropSvc C:\Windows\System32\certprop.dll
06:55:09.0568 0x9750 CertPropSvc - ok
06:55:09.0573 0x9750 [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F 0EF5F62FC7C859 ] circlass C:\Windows\System32\drivers\circlass.sys
06:55:09.0580 0x9750 circlass - ok
06:55:09.0583 0x9750 [ 66B2691C7381669B8C5FCCBE4B9687F1, 811EFDA3EF024F1BDCB4582456B467E5D21CBB1F470218D631 15351790E5F288 ] CirrusLFD C:\Windows\system32\DRIVERS\CSLFD.sys
06:55:09.0590 0x9750 CirrusLFD - ok
06:55:09.0593 0x9750 [ C7F1CE54EB4E4D1CB735A76A12772D62, ECC529D368266151363778B235F896FCFC52F25F5B19BEFF6E 45200A9D3E44FA ] CirrusUFD C:\Windows\system32\DRIVERS\CSUFD.sys
06:55:09.0599 0x9750 CirrusUFD - ok
06:55:09.0607 0x9750 [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E95981 5EAE7670054127 ] CLFS C:\Windows\system32\drivers\CLFS.sys
06:55:09.0621 0x9750 CLFS - ok
06:55:09.0629 0x9750 [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142 FB51A08A0BE96B ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
06:55:09.0635 0x9750 CmBatt - ok
06:55:09.0647 0x9750 [ C9ACE28CDCD5FF473033A01AA510A184, 8A423D613894EB531C48025A11F1ABB923AFB38070E0A24A8D 71909B217CE406 ] CNG C:\Windows\system32\Drivers\cng.sys
06:55:09.0665 0x9750 CNG - ok
06:55:09.0670 0x9750 [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F90569 03AC265B503AFA ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
06:55:09.0677 0x9750 CompositeBus - ok
06:55:09.0680 0x9750 COMSysApp - ok
06:55:09.0683 0x9750 [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BED BCF6FA4DDD496C ] condrv C:\Windows\system32\drivers\condrv.sys
06:55:09.0691 0x9750 condrv - ok
06:55:09.0716 0x9750 [ A55806DA2041592EF489BC8E22915C7F, BD85E25A8F366B17B2C1D9C444038E352FEB6E7FBB15DD5930 B68C8962F7FAA0 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
06:55:09.0725 0x9750 cphs - ok
06:55:09.0732 0x9750 [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B 6802B4A1E30584 ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:55:09.0747 0x9750 CryptSvc - ok
06:55:09.0759 0x9750 [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1 213BBE376227A2 ] CSC C:\Windows\system32\drivers\csc.sys
06:55:09.0777 0x9750 CSC - ok
06:55:09.0795 0x9750 [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A 332B31F2C0F8EB ] CscService C:\Windows\System32\cscsvc.dll
06:55:09.0813 0x9750 CscService - ok
06:55:09.0818 0x9750 [ 315BA4BC19316D72B2E037534E048B93, 69613635DB23E6A935673B1025C2010ED3E195473D25368CF7 4234C4C36910BE ] dam C:\Windows\system32\drivers\dam.sys
06:55:09.0824 0x9750 dam - ok
06:55:09.0841 0x9750 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC 561F94357A9345 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:55:09.0865 0x9750 DcomLaunch - ok
06:55:09.0877 0x9750 [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8 E3F2DFEE7AB0ED ] defragsvc C:\Windows\System32\defragsvc.dll
06:55:09.0895 0x9750 defragsvc - ok
06:55:09.0905 0x9750 [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A4224 96EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
06:55:09.0921 0x9750 DeviceAssociationService - ok
06:55:09.0927 0x9750 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F 86E49793BD473E ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
06:55:09.0941 0x9750 DeviceInstall - ok
06:55:09.0946 0x9750 [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737 B9EA1F58A69246 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
06:55:09.0959 0x9750 Dfsc - ok
06:55:09.0968 0x9750 [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155 E4D4509E97F43D ] Dhcp C:\Windows\system32\dhcpcore.dll
06:55:09.0984 0x9750 Dhcp - ok
06:55:10.0015 0x9750 [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84 EF9C27E3533CEE ] DiagTrack C:\Windows\system32\diagtrack.dll
06:55:10.0051 0x9750 DiagTrack - ok
06:55:10.0058 0x9750 [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF00 00892BE43F8E13 ] disk C:\Windows\system32\drivers\disk.sys
06:55:10.0065 0x9750 disk - ok
06:55:10.0068 0x9750 [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD 25A7526CB1A112 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
06:55:10.0075 0x9750 dmvsc - ok
06:55:10.0081 0x9750 [ 33ADFB7453BF3271463712C4BCE61AD1, A1DB30F874BA7B2C4C653494D70B46B94BF7D39D0DD8559F6C A7A14B676FD617 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:55:10.0091 0x9750 Dnscache - ok
06:55:10.0099 0x9750 [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472 AE26C4BC4203B0 ] dot3svc C:\Windows\System32\dot3svc.dll
06:55:10.0114 0x9750 dot3svc - ok
06:55:10.0120 0x9750 [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F65 90D006BE57238D ] DPS C:\Windows\system32\dps.dll
06:55:10.0129 0x9750 DPS - ok
06:55:10.0132 0x9750 [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0 496D1D3CCB4E90 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:55:10.0138 0x9750 drmkaud - ok
06:55:10.0144 0x9750 [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FB D62D1EE422D416 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
06:55:10.0154 0x9750 DsmSvc - ok
06:55:10.0181 0x9750 [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FA E800423DCACDAB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:55:10.0217 0x9750 DXGKrnl - ok
06:55:10.0224 0x9750 [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631 B5835E8D76A253 ] Eaphost C:\Windows\System32\eapsvc.dll
06:55:10.0236 0x9750 Eaphost - ok
06:55:10.0291 0x9750 [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA 3506FCB909C857 ] ebdrv C:\Windows\system32\drivers\evbda.sys
06:55:10.0363 0x9750 ebdrv - ok
06:55:10.0374 0x9750 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F8 1AF7430FDC556F ] EFS C:\Windows\System32\lsass.exe
06:55:10.0380 0x9750 EFS - ok
06:55:10.0384 0x9750 [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5D E45FD63ABB4960 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
06:55:10.0391 0x9750 EhStorClass - ok
06:55:10.0396 0x9750 [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C13 8C5E64A2EFB514 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
06:55:10.0404 0x9750 EhStorTcgDrv - ok
06:55:10.0407 0x9750 [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E2 78F8F8E0D8E82E ] ErrDev C:\Windows\System32\drivers\errdev.sys
06:55:10.0412 0x9750 ErrDev - ok
06:55:10.0425 0x9750 [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB 1A953CF71D9A5D ] EventSystem C:\Windows\system32\es.dll
06:55:10.0444 0x9750 EventSystem - ok
06:55:10.0451 0x9750 [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5A B0507C43A0B6D4 ] exfat C:\Windows\system32\drivers\exfat.sys
06:55:10.0472 0x9750 exfat - ok
06:55:10.0478 0x9750 [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287 B618EED22C9A1D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:55:10.0488 0x9750 fastfat - ok
06:55:10.0501 0x9750 [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DB C2822D7935D24B ] Fax C:\Windows\system32\fxssvc.exe
06:55:10.0522 0x9750 Fax - ok
06:55:10.0526 0x9750 [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2 DE4064A5770AF8 ] fdc C:\Windows\System32\drivers\fdc.sys
06:55:10.0533 0x9750 fdc - ok
06:55:10.0536 0x9750 [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E66 48FF363799E6F1 ] fdPHost C:\Windows\system32\fdPHost.dll
06:55:10.0545 0x9750 fdPHost - ok
06:55:10.0550 0x9750 [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F 697D2E22A7D594 ] FDResPub C:\Windows\system32\fdrespub.dll
06:55:10.0551 0x142a0 Object required for P2P: [ 295A5BFCE8D225D014DB4E6E69336279 ] AdobeFlashPlayerUpdateSvc
06:55:10.0558 0x9750 FDResPub - ok
06:55:10.0562 0x9750 [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6D AE4D4EF6B9A970 ] fhsvc C:\Windows\system32\fhsvc.dll
06:55:10.0575 0x9750 fhsvc - ok
06:55:10.0579 0x9750 [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0 F9EB587D1181E7 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:55:10.0586 0x9750 FileInfo - ok
06:55:10.0589 0x9750 [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06 973CAD96D3A81C ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:55:10.0599 0x9750 Filetrace - ok
06:55:10.0602 0x9750 [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B070 55FFDA3C231551 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
06:55:10.0608 0x9750 flpydisk - ok
06:55:10.0617 0x9750 [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B72 0358ABA019FFAA ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:55:10.0629 0x9750 FltMgr - ok
06:55:10.0655 0x9750 [ 2F225BC85B84C04EA01BAB8D8DACFA83, 1F6E20C8F0FFD3FA60BDF556FB8392FE014E6519C3F314D1D2 2D394DB2A040CA ] FontCache C:\Windows\system32\FntCache.dll
06:55:10.0687 0x9750 FontCache - ok
06:55:10.0693 0x9750 [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310B DF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\Pres entationFontCache.exe
06:55:10.0699 0x9750 FontCache3.0.0.0 - ok
06:55:10.0702 0x9750 [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC 48CBCD1691B441 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:55:10.0709 0x9750 FsDepends - ok
06:55:10.0712 0x9750 [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636 E73777AB9A5791 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:55:10.0717 0x9750 Fs_Rec - ok
06:55:10.0730 0x9750 [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000 E71CEF053F6A6E ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:55:10.0747 0x9750 fvevol - ok
06:55:10.0751 0x9750 [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A 4DE2B631E99996 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
06:55:10.0757 0x9750 FxPPM - ok
06:55:10.0760 0x9750 [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130 B5E939D8D25CE3 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
06:55:10.0767 0x9750 gagp30kx - ok
06:55:10.0770 0x9750 [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE 48684EB32A07A3 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
06:55:10.0776 0x9750 gencounter - ok
06:55:10.0780 0x9750 [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FD C82E25586B3014 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
06:55:10.0788 0x9750 GPIOClx0101 - ok
06:55:10.0813 0x9750 [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9 F020F49AB58CD3 ] gpsvc C:\Windows\System32\gpsvc.dll
06:55:10.0843 0x9750 gpsvc - ok
06:55:10.0851 0x9750 [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C0 7D2233ED746B19 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:55:10.0856 0x9750 gupdate - ok
06:55:10.0860 0x9750 [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C0 7D2233ED746B19 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:55:10.0866 0x9750 gupdatem - ok
06:55:10.0878 0x9750 [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4 D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:55:10.0890 0x9750 HdAudAddService - ok
06:55:10.0896 0x9750 [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4 D726540634923F ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
06:55:10.0908 0x9750 HDAudBus - ok
06:55:10.0913 0x9750 [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC430 97920794FEE08D ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
06:55:10.0919 0x9750 HidBatt - ok
06:55:10.0925 0x9750 [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29 CB18E1D6A6D806 ] HidBth C:\Windows\System32\drivers\hidbth.sys
06:55:10.0933 0x9750 HidBth - ok
06:55:10.0937 0x9750 [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1 B7809B9427B767 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
06:55:10.0944 0x9750 hidi2c - ok
06:55:10.0947 0x9750 [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D 30EE0B8B1BFB40 ] HidIr C:\Windows\System32\drivers\hidir.sys
06:55:10.0953 0x9750 HidIr - ok
06:55:10.0957 0x9750 [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE 44025ABB145FE5 ] hidserv C:\Windows\system32\hidserv.dll
06:55:10.0967 0x9750 hidserv - ok
06:55:10.0970 0x9750 [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B 3D820B85FB9C83 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
06:55:10.0980 0x9750 HidUsb - ok
06:55:10.0986 0x9750 [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801 C3F158C402889F ] hkmsvc C:\Windows\system32\kmsvc.dll
06:55:10.0997 0x9750 hkmsvc - ok
06:55:11.0006 0x9750 [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6 607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:55:11.0020 0x9750 HomeGroupListener - ok
06:55:11.0032 0x9750 [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA 7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:55:11.0045 0x9750 HomeGroupProvider - ok
06:55:11.0051 0x9750 [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5 912DE12893E096 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:55:11.0058 0x9750 HpSAMD - ok
06:55:11.0077 0x9750 [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADE B911E4A9F65A88 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:55:11.0102 0x9750 HTTP - ok
06:55:11.0107 0x9750 [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D 02E8E13669BD6E ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:55:11.0113 0x9750 hwpolicy - ok
06:55:11.0115 0x9750 [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF30 3248B942423F38 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
06:55:11.0121 0x9750 hyperkbd - ok
06:55:11.0124 0x9750 [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F 574A5706C6715D ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
06:55:11.0130 0x9750 HyperVideo - ok
06:55:11.0135 0x9750 [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291 D0E323F679EB4D ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
06:55:11.0147 0x9750 i8042prt - ok
06:55:11.0151 0x9750 [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D003 18AB065EB72E4A ] iaLPSSi_GPIO C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
06:55:11.0155 0x9750 iaLPSSi_GPIO - ok
06:55:11.0159 0x9750 [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E 5E750D88CFC334 ] iaLPSSi_I2C C:\Windows\System32\drivers\iaLPSSi_I2C.sys
06:55:11.0165 0x9750 iaLPSSi_I2C - ok
06:55:11.0178 0x9750 [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D 6C42EE41D8D079 ] iaStorAV C:\Windows\system32\drivers\iaStorAV.sys
06:55:11.0193 0x9750 iaStorAV - ok
06:55:11.0203 0x9750 [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE64 9DB5A5150986B0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:55:11.0216 0x9750 iaStorV - ok
06:55:11.0222 0x9750 [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F110 2928B320795091 ] ICCS C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
06:55:11.0228 0x9750 ICCS - ok
06:55:11.0231 0x9750 IEEtwCollectorService - ok
06:55:11.0299 0x9750 [ 4EB6ABBF5D78E65A418BA71EF3ACE251, 261586815680E666F61FCE3CCB5D485A1D200C42FF52D451AE 31D80740EA5BDB ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
06:55:11.0382 0x9750 igfx - ok
06:55:11.0413 0x9750 [ AF8A43C376F83A4A1E7DA16461EDE114, EBA10519B074888355A4FC11D52FF1E6A52F88F754B7F1F986 3A8313638645CB ] IKEEXT C:\Windows\System32\ikeext.dll
06:55:11.0436 0x9750 IKEEXT - ok
06:55:11.0441 0x9750 [ 4011430BC9DA46ADFAE9915EFEC312FB, 925DDDA187AE7C46C94FBBFA18FC602260957B6BA891D65DFC 09385B6DDEAB58 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
06:55:11.0446 0x9750 intaud_WaveExtensible - ok
06:55:11.0457 0x9750 [ B375D8686E1BD2B79C0F00E3868A8C3B, A15D99F04B69FB37ED3AC0C3BBA464BF6D6EB1873D4AE10629 83120E3BD1C4DB ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
06:55:11.0467 0x9750 IntcDAud - ok
06:55:11.0471 0x9750 [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331 EE39CAC1043A00 ] intelide C:\Windows\system32\drivers\intelide.sys
06:55:11.0476 0x9750 intelide - ok
06:55:11.0479 0x9750 [ A770340FC02B999EF0DE6C2A6BC8437C, 214567BE706B21BEA7EC13AF6B10FBFF658000511DBBA79BAA 28D1D4EFD029A7 ] intelpep C:\Windows\system32\drivers\intelpep.sys
06:55:11.0486 0x9750 intelpep - ok
06:55:11.0490 0x9750 [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06 892B7C3B330761 ] intelppm C:\Windows\System32\drivers\intelppm.sys
06:55:11.0498 0x9750 intelppm - ok
06:55:11.0501 0x9750 [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313 398292A2CD5703 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:55:11.0514 0x9750 IpFilterDriver - ok
06:55:11.0532 0x9750 [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE 9708650DA9D973 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:55:11.0553 0x9750 iphlpsvc - ok
06:55:11.0558 0x9750 [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF 5929B4A96C0B8D ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
06:55:11.0570 0x9750 IPMIDRV - ok
06:55:11.0575 0x9750 [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450 523E50212D1A32 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:55:11.0587 0x9750 IPNAT - ok
06:55:11.0591 0x9750 [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44 B6FE2E3DBD6F7A ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:55:11.0599 0x9750 IRENUM - ok
06:55:11.0602 0x9750 [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5 F989BB660789AF ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:55:11.0608 0x9750 isapnp - ok
06:55:11.0616 0x9750 [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFD D22BCF16BDB97D ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
06:55:11.0627 0x9750 iScsiPrt - ok
06:55:11.0630 0x9750 [ EE03564B7FAFE2E44EDA33D52E83B4A3, 53C917EEC92B813EB0C86B225E9887C9CDFDD7708AEA71BFAC 0A3039E26D7BEB ] iwdbus C:\Windows\System32\drivers\iwdbus.sys
06:55:11.0634 0x9750 iwdbus - ok
06:55:11.0638 0x9750 [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A03 74D46A565BED4F ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
06:55:11.0645 0x9750 kbdclass - ok
06:55:11.0648 0x9750 [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B15426676 80D54FC24DEBE1 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
06:55:11.0654 0x9750 kbdhid - ok
06:55:11.0659 0x9750 [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4D DCE7B453D1B9AE ] kbldfltr C:\Windows\system32\drivers\kbldfltr.sys
06:55:11.0665 0x9750 kbldfltr - ok
06:55:11.0668 0x9750 [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F 3336BBB54A3FFB ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
06:55:11.0676 0x9750 kdnic - ok
06:55:11.0678 0x9750 [ 1666B6DE7893D3CD94DC3AB7C9A359A9, 72AE98BC492344B309CE1B54B952AA1C19CF215FF6E4A9EE38 45761F6BE119B8 ] KeyAgent C:\Windows\system32\drivers\KeyAgent.sys
06:55:11.0683 0x9750 KeyAgent - ok
06:55:11.0686 0x9750 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F8 1AF7430FDC556F ] KeyIso C:\Windows\system32\lsass.exe
06:55:11.0693 0x9750 KeyIso - ok
06:55:11.0696 0x9750 [ D24599B3A5D2282465257AE83FBF2DF6, D94927961F20FE44F4DCF1C26894720D9613F9D36DD78DC8FA B103BA8959F05B ] KeyMagic C:\Windows\system32\DRIVERS\KeyMagic.sys
06:55:11.0703 0x9750 KeyMagic - ok
06:55:11.0708 0x9750 [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF 1F12944B15B52E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:55:11.0715 0x9750 KSecDD - ok
06:55:11.0720 0x9750 [ A950AB512ED2BD847789FAAD3E967AFA, 005340965B30C5A14E4E081E2CDF7214D2C00BAF05C62DA9ED 63EA3026E70C8A ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:55:11.0729 0x9750 KSecPkg - ok
06:55:11.0732 0x9750 [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DE A4BAF676947163 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:55:11.0738 0x9750 ksthunk - ok
06:55:11.0746 0x9750 [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57 D5E9834CEDEB41 ] KtmRm C:\Windows\system32\msdtckrm.dll
06:55:11.0759 0x9750 KtmRm - ok
06:55:11.0767 0x9750 [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3F B252D08277A40C ] LanmanServer C:\Windows\system32\srvsvc.dll
06:55:11.0782 0x9750 LanmanServer - ok
06:55:11.0790 0x9750 [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F032 6965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:55:11.0802 0x9750 LanmanWorkstation - ok
06:55:11.0815 0x9750 [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0 C9F598F6B81F94 ] lfsvc C:\Windows\System32\GeofenceMonitorService.dll
06:55:11.0833 0x9750 lfsvc - ok
06:55:11.0837 0x9750 [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA 674D1C21B04FF8 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:55:11.0845 0x9750 lltdio - ok
06:55:11.0853 0x9750 [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025 532869004C686B ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:55:11.0864 0x9750 lltdsvc - ok
06:55:11.0867 0x9750 [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525D CE12E1109A93E2 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:55:11.0879 0x9750 lmhosts - ok
06:55:11.0887 0x9750 [ 60471C88EB4906DB0C2026B3290EE4B6, D51752E4149A5BA578BF9F8DA83443BFF0719BAA34D91BD938 DAC831BC0BA6DC ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
06:55:11.0897 0x9750 LMS - ok
06:55:11.0902 0x9750 [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088 D698FAA796460F ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
06:55:11.0910 0x9750 LSI_SAS - ok
06:55:11.0914 0x9750 [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365 DA236B8EC3410F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
06:55:11.0921 0x9750 LSI_SAS2 - ok
06:55:11.0925 0x9750 [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D4 64F5DC800A8E60 ] LSI_SAS3 C:\Windows\system32\drivers\lsi_sas3.sys
06:55:11.0932 0x9750 LSI_SAS3 - ok
06:55:11.0935 0x9750 [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66 AFFF1BC3019B85 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
06:55:11.0942 0x9750 LSI_SSS - ok
06:55:11.0958 0x9750 [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB2 97A63F865A95FF ] LSM C:\Windows\System32\lsm.dll
06:55:11.0981 0x9750 LSM - ok
06:55:11.0986 0x9750 [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F965115 6E66A1E2BC6553 ] luafv C:\Windows\system32\drivers\luafv.sys
06:55:11.0998 0x9750 luafv - ok
06:55:12.0001 0x9750 [ BCCF0F1E759C3C08A3B1C751B619CA19, 0F87B90CB0E40D097641B2BE8B4C52A7E95235E19FC99A2C70 C7C2DD77993C5C ] MacHALDriver C:\Windows\system32\drivers\MacHALDriver.sys
06:55:12.0006 0x9750 MacHALDriver - ok
06:55:12.0010 0x9750 [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A7627 45C1C2415FC12D ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
06:55:12.0014 0x9750 MBAMProtector - ok
06:55:12.0034 0x9750 [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2 D1F1314599FD14 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
06:55:12.0057 0x9750 MBAMService - ok
06:55:12.0063 0x9750 [ 08DECFCB9BA97786165A69AB1015BC30, EDC8C8447B57BD412E2DEBCA9B5B1B58C19D40105DC7CE9520 DE214081696B05 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
06:55:12.0068 0x9750 MBAMWebAccessControl - ok
06:55:12.0071 0x9750 [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E3 4BD38E6D4E066D ] megasas C:\Windows\system32\drivers\megasas.sys
06:55:12.0077 0x9750 megasas - ok
06:55:12.0089 0x9750 [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802 B9841DEC559469 ] megasr C:\Windows\system32\drivers\megasr.sys
06:55:12.0106 0x9750 megasr - ok
06:55:12.0111 0x9750 [ 6FE7B681F1840366B2E4E8B15BE8E2CB, D60DB52345FB17160C1761AE5BF6C8CF56B350FC626A40C985 CA2AE5C88B2F50 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
06:55:12.0117 0x9750 MEIx64 - ok
06:55:12.0120 0x9750 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C 160EF30AD6E64B ] MMCSS C:\Windows\system32\mmcss.dll
06:55:12.0131 0x9750 MMCSS - ok
06:55:12.0134 0x9750 [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421 C51E70DEA74727 ] Modem C:\Windows\system32\drivers\modem.sys
06:55:12.0142 0x9750 Modem - ok
06:55:12.0145 0x9750 [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B73 46B266DDB0C5A0 ] monitor C:\Windows\System32\drivers\monitor.sys
06:55:12.0151 0x9750 monitor - ok
06:55:12.0155 0x9750 [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D16 06316090548661 ] mouclass C:\Windows\System32\drivers\mouclass.sys
06:55:12.0162 0x9750 mouclass - ok
06:55:12.0165 0x9750 [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB 7023D4D24CB0DE ] mouhid C:\Windows\System32\drivers\mouhid.sys
06:55:12.0173 0x9750 mouhid - ok
06:55:12.0177 0x9750 [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3 A7B9E23DA38350 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:55:12.0184 0x9750 mountmgr - ok
06:55:12.0190 0x9750 [ 4DA42FB0A8294C9FBD52B0EF2EA9EE07, 4C327BC4DCE86CE5DFDD57F2CF09DD9EF52E3E1D0D74BB5825 808975FFA7B0FD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:55:12.0197 0x9750 MozillaMaintenance - ok
06:55:12.0201 0x9750 [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178 DD679A1CDE617D ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:55:12.0211 0x9750 mpsdrv - ok
06:55:12.0230 0x9750 [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9 117D2AA7171EEC ] MpsSvc C:\Windows\system32\mpssvc.dll
06:55:12.0252 0x9750 MpsSvc - ok
06:55:12.0259 0x9750 [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29 EB099A74D8F678 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:55:12.0262 0x17438 Object required for P2P: [ C35B91B6777E7C6DB67B8583D2AA66A7 ] c2cpnrsvc
06:55:12.0270 0x9750 MRxDAV - ok
06:55:12.0280 0x9750 [ 767087A3646D01EBA4E8DDD903920BD0, 2BFB9018DBAD5805796B4F8B7E7E8094240A06657AC50C4D92 87B25F49D27426 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:55:12.0292 0x9750 mrxsmb - ok
06:55:12.0301 0x9750 [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B632 9057620235F087 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:55:12.0318 0x9750 mrxsmb10 - ok
06:55:12.0325 0x9750 [ D5EB16B7A8FBD925E5A4F27A653E38C9, B7AADCB7F67D6D3933EB8075DC7D8A48F35D704FE8123C2D44 7677347DC06379 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:55:12.0334 0x9750 mrxsmb20 - ok
06:55:12.0338 0x9750 [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8 C204637C19E783 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
06:55:12.0346 0x9750 MsBridge - ok
06:55:12.0351 0x9750 [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F 4B07E2ACD56331 ] MSDTC C:\Windows\System32\msdtc.exe
06:55:12.0359 0x9750 MSDTC - ok
06:55:12.0365 0x9750 [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3 971E43EF1AB6EB ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:55:12.0372 0x9750 Msfs - ok
06:55:12.0377 0x9750 [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECD AA528AA4FA669A ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
06:55:12.0383 0x9750 msgpiowin32 - ok
06:55:12.0386 0x9750 [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535D A9A41CAC164628 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:55:12.0392 0x9750 mshidkmdf - ok
06:55:12.0394 0x9750 [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73 138C76D9A95B0B ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
06:55:12.0400 0x9750 mshidumdf - ok
06:55:12.0404 0x9750 [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF 0850D3C9129DD2 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:55:12.0410 0x9750 msisadrv - ok
06:55:12.0415 0x9750 [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DF C0ADB20DD3AF6B ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:55:12.0424 0x9750 MSiSCSI - ok
06:55:12.0426 0x9750 msiserver - ok
06:55:12.0431 0x9750 [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66 D121655AF27614 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
06:55:12.0439 0x9750 MsKeyboardFilter - ok
06:55:12.0441 0x9750 [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B1 56A1CB9A3E6EE9 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:55:12.0448 0x9750 MSKSSRV - ok
06:55:12.0451 0x9750 [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51 651CC308829628 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
06:55:12.0462 0x9750 MsLldp - ok
06:55:12.0464 0x9750 [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F 08C89AD8FE476E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:55:12.0470 0x9750 MSPCLOCK - ok
06:55:12.0473 0x9750 [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA8765 7DE2129FEF02D2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:55:12.0480 0x9750 MSPQM - ok
06:55:12.0488 0x9750 [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886C DB60E5E95A6DAE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:55:12.0500 0x9750 MsRPC - ok
06:55:12.0506 0x9750 [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C1 7BF1FF2A0028CD ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
06:55:12.0512 0x9750 mssmbios - ok
06:55:12.0515 0x9750 [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E 271CA09566C925 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:55:12.0522 0x9750 MSTEE - ok
06:55:12.0525 0x9750 [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE1182 9325EAB9F8B7ED ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
06:55:12.0531 0x9750 MTConfig - ok
06:55:12.0534 0x9750 [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E 3868620F30AFDF ] Mup C:\Windows\system32\Drivers\mup.sys
06:55:12.0541 0x9750 Mup - ok
06:55:12.0545 0x9750 [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC66 77B47AD74D6324 ] mvumis C:\Windows\system32\drivers\mvumis.sys
06:55:12.0551 0x9750 mvumis - ok
06:55:12.0561 0x9750 [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3 BDF4506B778244 ] napagent C:\Windows\system32\qagentRT.dll
06:55:12.0575 0x9750 napagent - ok
06:55:12.0586 0x9750 [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09 A85722E0B75320 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:55:12.0602 0x9750 NativeWifiP - ok
06:55:12.0609 0x9750 [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69 E0218839F6E6A5 ] NcaSvc C:\Windows\System32\ncasvc.dll
06:55:12.0621 0x9750 NcaSvc - ok
06:55:12.0628 0x9750 [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F8 5526DF01E4E38B ] NcbService C:\Windows\System32\ncbservice.dll
06:55:12.0640 0x9750 NcbService - ok
06:55:12.0644 0x9750 [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE 235EBFB0E1DB22 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
06:55:12.0653 0x9750 NcdAutoSetup - ok
06:55:12.0675 0x9750 [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC 45B7D088C84229 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:55:12.0702 0x9750 NDIS - ok
06:55:12.0708 0x9750 [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E184672 5A9C8616300F42 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:55:12.0714 0x9750 NdisCap - ok
06:55:12.0719 0x9750 [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0 F5C86291C715FF ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
06:55:12.0730 0x9750 NdisImPlatform - ok
06:55:12.0733 0x9750 [ 82821F4EEC776B4CF11695A38F3ABA46, 23184F9D31E662855DC4D23EFE7C2FE00E5487D3762B602470 4A5D8C87762E1C ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:55:12.0741 0x9750 NdisTapi - ok
06:55:12.0745 0x9750 [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D 9CBC947636BB00 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:55:12.0752 0x9750 Ndisuio - ok
06:55:12.0756 0x9750 [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E475 5A2BA6CDB3C4EA ] NdisVirtualBus C:\Windows\System32\drivers\NdisVirtualBus.sys
06:55:12.0763 0x9750 NdisVirtualBus - ok
06:55:12.0769 0x9750 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769 D1F882E0AFB571 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:55:12.0780 0x9750 NdisWan - ok
06:55:12.0785 0x9750 [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769 D1F882E0AFB571 ] NdisWanLegacy C:\Windows\system32\DRIVERS\ndiswan.sys
06:55:12.0795 0x9750 NdisWanLegacy - ok
06:55:12.0800 0x9750 [ DDD7F92A83F74D1476B71FBA9530A8DC, D3F94FC9F48854E09B0B77CE5E1C1DB948D54EAC63C5583437 051BB893B5A386 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:55:12.0807 0x9750 NDProxy - ok
06:55:12.0812 0x9750 [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE 668E31261C1590 ] Ndu C:\Windows\system32\drivers\Ndu.sys
06:55:12.0823 0x9750 Ndu - ok
06:55:12.0828 0x9750 [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA 9F3FEC52620A6D ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:55:12.0835 0x9750 NetBIOS - ok
06:55:12.0841 0x9750 [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850 C3F94AF03DFBF5 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:55:12.0854 0x9750 NetBT - ok
06:55:12.0858 0x9750 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F8 1AF7430FDC556F ] Netlogon C:\Windows\system32\lsass.exe
06:55:12.0865 0x9750 Netlogon - ok
06:55:12.0872 0x9750 [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D 7E3753CA3B7CF3 ] Netman C:\Windows\System32\netman.dll
06:55:12.0883 0x9750 Netman - ok
06:55:12.0895 0x9750 [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B 32BE1E7095B3FD ] netprofm C:\Windows\System32\netprofmsvc.dll
06:55:12.0912 0x9750 netprofm - ok
06:55:12.0920 0x9750 [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E 6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
06:55:12.0928 0x9750 NetTcpPortSharing - ok
06:55:12.0932 0x9750 [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872F AD1CC35CF94CEA ] netvsc C:\Windows\System32\drivers\netvsc63.sys
06:55:12.0943 0x9750 netvsc - ok
06:55:12.0953 0x9750 [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254 B66977497FEE2A ] NlaSvc C:\Windows\System32\nlasvc.dll
06:55:12.0969 0x9750 NlaSvc - ok
06:55:12.0974 0x9750 [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A 36164DE4B94074 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:55:12.0982 0x9750 Npfs - ok
06:55:12.0985 0x9750 [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A97 78BCCCC67490F2 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
06:55:12.0991 0x9750 npsvctrig - ok
06:55:12.0995 0x9750 [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF9 1B61C44A4C8B82 ] nsi C:\Windows\system32\nsisvc.dll
06:55:13.0007 0x9750 nsi - ok
06:55:13.0010 0x9750 [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2 A2C4B8A35675A9 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:55:13.0016 0x9750 nsiproxy - ok
06:55:13.0052 0x9750 [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E0 8D935731C858DE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:55:13.0096 0x9750 Ntfs - ok
06:55:13.0102 0x9750 [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB72 89A6748A60F9EA ] Null C:\Windows\system32\drivers\Null.sys
06:55:13.0108 0x9750 Null - ok
06:55:13.0113 0x9750 [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B 4F9977BA5C36D5 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:55:13.0121 0x9750 nvraid - ok
06:55:13.0127 0x9750 [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC1 69E27C01DA68F2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:55:13.0135 0x9750 nvstor - ok
06:55:13.0140 0x9750 [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E471 70810C32492892 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:55:13.0148 0x9750 nv_agp - ok
06:55:13.0157 0x9750 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF 26388CE80A3683 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:55:13.0173 0x9750 p2pimsvc - ok
06:55:13.0184 0x9750 [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D5 5E0A148BF7F02D ] p2psvc C:\Windows\system32\p2psvc.dll
06:55:13.0201 0x9750 p2psvc - ok
06:55:13.0207 0x9750 [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC 9A11A33C756967 ] Parport C:\Windows\System32\drivers\parport.sys
06:55:13.0215 0x9750 Parport - ok
06:55:13.0219 0x9750 [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA29 32BDEDB333850C ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:55:13.0226 0x9750 partmgr - ok
06:55:13.0236 0x9750 [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD 9F83A37F3AC8E5 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:55:13.0250 0x9750 PcaSvc - ok
06:55:13.0260 0x9750 [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC 28D83D542319EC ] pci C:\Windows\system32\drivers\pci.sys
06:55:13.0270 0x9750 pci - ok
06:55:13.0273 0x9750 [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E6 8FB5A212C3AA58 ] pciide C:\Windows\system32\drivers\pciide.sys
06:55:13.0279 0x9750 pciide - ok
06:55:13.0284 0x9750 [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB8 08756FE06FC98E ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
06:55:13.0291 0x9750 pcmcia - ok
06:55:13.0294 0x142a0 Object send P2P result: true
06:55:13.0295 0x9750 [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E 62BD53004BEF74 ] pcw C:\Windows\system32\drivers\pcw.sys
06:55:13.0295 0x142a0 Object required for P2P: [ 848A5573CEF4D55439DDD460067F61C0 ] appdrv01
06:55:13.0304 0x9750 pcw - ok
06:55:13.0308 0x9750 [ 24A8DFC07E4BAF29AEA26E383D4CC886, 1B903FE52CD816662D37A8113930B4B7019B6996D49F1982D8 F42933A3525A67 ] pdc C:\Windows\system32\drivers\pdc.sys
06:55:13.0315 0x9750 pdc - ok
06:55:13.0329 0x9750 [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674 133200AC505D44 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:55:13.0349 0x9750 PEAUTH - ok
06:55:13.0387 0x9750 [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC3 0D6D7A07475D83 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
06:55:13.0435 0x9750 PeerDistSvc - ok
06:55:13.0458 0x9750 [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C30 0A1E739743838A ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:55:13.0467 0x9750 PerfHost - ok
06:55:13.0496 0x9750 [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F 531297893CC3EC ] pla C:\Windows\system32\pla.dll
06:55:13.0528 0x9750 pla - ok
06:55:13.0535 0x9750 [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F 86E49793BD473E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:55:13.0543 0x9750 PlugPlay - ok
06:55:13.0545 0x9750 [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11 F6D6ED811D118E ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:55:13.0553 0x9750 PNRPAutoReg - ok
06:55:13.0561 0x9750 [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF 26388CE80A3683 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:55:13.0574 0x9750 PNRPsvc - ok
06:55:13.0584 0x9750 [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5E F9B63A51FF00AA ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:55:13.0597 0x9750 PolicyAgent - ok
06:55:13.0601 0x9750 postgresql-x64-9.0 - ok
06:55:13.0606 0x9750 [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D288 3408FCEDD97576 ] Power C:\Windows\system32\umpo.dll
06:55:13.0618 0x9750 Power - ok
06:55:13.0670 0x9750 [ E3514CE7CB4AF80ECCA383F065BC77C0, 1EA06D358A07EB9DFB703CEFC4EB834B947B899E0ACFE1C494 E2DAED63F1D4B5 ] PrintNotify C:\Windows\system32\spool\drivers\x64\3\PrintConfi g.dll
06:55:13.0727 0x9750 PrintNotify - ok
06:55:13.0737 0x9750 [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C70 0A3753908C1392 ] Processor C:\Windows\System32\drivers\processr.sys
06:55:13.0744 0x9750 Processor - ok
06:55:13.0750 0x9750 [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86 371DE4C829DD1A ] ProfSvc C:\Windows\system32\profsvc.dll
06:55:13.0765 0x9750 ProfSvc - ok
06:55:13.0770 0x9750 [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA 882D4DD6D69E43 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:55:13.0779 0x9750 Psched - ok
06:55:13.0786 0x9750 [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F1 6928BFCF53CA93 ] QWAVE C:\Windows\system32\qwave.dll
06:55:13.0800 0x9750 QWAVE - ok
06:55:13.0804 0x9750 [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A7781 34D435D76A0B07 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:55:13.0810 0x9750 QWAVEdrv - ok
06:55:13.0813 0x9750 [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FB BA0A787A5A5BE7 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:55:13.0819 0x9750 RasAcd - ok
06:55:13.0823 0x9750 [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE 454C473F62F955 ] RasAuto C:\Windows\System32\rasauto.dll
06:55:13.0831 0x9750 RasAuto - ok
06:55:13.0842 0x9750 [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A98 76D5AA43D81293 ] RasMan C:\Windows\System32\rasmans.dll
06:55:13.0857 0x9750 RasMan - ok
06:55:13.0862 0x9750 [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA9 0F5EF611520E48 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:55:13.0871 0x9750 RasPppoe - ok
06:55:13.0881 0x9750 [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA69 5579BA60D84280 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:55:13.0901 0x9750 rdbss - ok
06:55:13.0905 0x9750 [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF 9FAB593269B419 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
06:55:13.0912 0x9750 rdpbus - ok
06:55:13.0917 0x9750 [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37 D903377F0A39BD ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
06:55:13.0928 0x9750 RDPDR - ok
06:55:13.0933 0x9750 [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787 636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
06:55:13.0940 0x9750 RdpVideoMiniport - ok
06:55:13.0946 0x9750 [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E3 78E68FD94C9C4F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:55:13.0956 0x9750 rdyboost - ok
06:55:13.0973 0x9750 [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99B B813CB95E37BC0 ] ReFS C:\Windows\system32\drivers\ReFS.sys
06:55:13.0996 0x9750 ReFS - ok
06:55:14.0004 0x9750 [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA 4D94F790F27825 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:55:14.0014 0x9750 RemoteAccess - ok
06:55:14.0019 0x9750 [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE66 13DF382825A3C1 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:55:14.0031 0x9750 RemoteRegistry - ok
06:55:14.0038 0x9750 [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B2 1042C2896E235A ] RFCOMM C:\Windows\System32\drivers\rfcomm.sys
06:55:14.0045 0x9750 RFCOMM - ok
06:55:14.0049 0x9750 [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4 E8BC3A9DCD3BB0 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:55:14.0058 0x9750 RpcEptMapper - ok
06:55:14.0061 0x9750 [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F 0F493B64032C9C ] RpcLocator C:\Windows\system32\locator.exe
06:55:14.0070 0x9750 RpcLocator - ok
06:55:14.0086 0x9750 [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC 561F94357A9345 ] RpcSs C:\Windows\system32\rpcss.dll
06:55:14.0106 0x9750 RpcSs - ok
06:55:14.0110 0x9750 [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C 3C3777E2EA320D ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:55:14.0119 0x9750 rspndr - ok
06:55:14.0122 0x9750 [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A 7BA471D8409263 ] s3cap C:\Windows\System32\drivers\vms3cap.sys
06:55:14.0127 0x9750 s3cap - ok
06:55:14.0131 0x9750 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F8 1AF7430FDC556F ] SamSs C:\Windows\system32\lsass.exe
06:55:14.0138 0x9750 SamSs - ok
06:55:14.0142 0x9750 [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2 B0236E6201E681 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:55:14.0149 0x9750 sbp2port - ok
06:55:14.0156 0x9750 [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8 345193BEEBE206 ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:55:14.0166 0x9750 SCardSvr - ok
06:55:14.0170 0x9750 [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCD FD097DCC8CFD4A ] ScDeviceEnum C:\Windows\System32\ScDeviceEnum.dll
06:55:14.0179 0x9750 ScDeviceEnum - ok
06:55:14.0183 0x9750 [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B 542AB67FA0D55F ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:55:14.0189 0x9750 scfilter - ok
06:55:14.0212 0x9750 [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6AB B4EB1B8416B3F6 ] Schedule C:\Windows\system32\schedsvc.dll
06:55:14.0243 0x9750 Schedule - ok
06:55:14.0249 0x9750 [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28 647B1249C15018 ] SCPolicySvc C:\Windows\System32\certprop.dll
06:55:14.0258 0x9750 SCPolicySvc - ok
06:55:14.0266 0x9750 [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC 806E041782B91E ] sdbus C:\Windows\System32\drivers\sdbus.sys
06:55:14.0276 0x9750 sdbus - ok
06:55:14.0280 0x9750 [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2 DC64996B4AE515 ] sdstor C:\Windows\System32\drivers\sdstor.sys
06:55:14.0287 0x9750 sdstor - ok
06:55:14.0292 0x9750 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4 E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:55:14.0301 0x9750 secdrv - ok
06:55:14.0304 0x9750 [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831 542129EB585AFA ] seclogon C:\Windows\system32\seclogon.dll
06:55:14.0312 0x9750 seclogon - ok
06:55:14.0316 0x9750 [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A4 41B4DC0EB690AF ] SENS C:\Windows\System32\sens.dll
06:55:14.0324 0x9750 SENS - ok
06:55:14.0330 0x9750 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04B A21E58394BB751 ] SensorsAlsDriver C:\Windows\System32\drivers\WUDFRd.sys
06:55:14.0343 0x9750 SensorsAlsDriver - ok
06:55:14.0350 0x9750 [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B457 3E9F4AD88708A2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:55:14.0360 0x9750 SensrSvc - ok
06:55:14.0364 0x9750 [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F3309 21E6DFA7DE1B85 ] SerCx C:\Windows\system32\drivers\SerCx.sys
06:55:14.0371 0x9750 SerCx - ok
06:55:14.0376 0x9750 [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA 1550AC31F6E2A5 ] SerCx2 C:\Windows\system32\drivers\SerCx2.sys
06:55:14.0384 0x9750 SerCx2 - ok
06:55:14.0387 0x9750 [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE67 61A1A3E1CDCBE2 ] Serenum C:\Windows\System32\drivers\serenum.sys
06:55:14.0393 0x9750 Serenum - ok
06:55:14.0397 0x9750 [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D20 42AD51E3FDA724 ] Serial C:\Windows\System32\drivers\serial.sys
06:55:14.0405 0x9750 Serial - ok
06:55:14.0408 0x9750 [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E72 19CEF28FA54F7A ] sermouse C:\Windows\System32\drivers\sermouse.sys
06:55:14.0414 0x9750 sermouse - ok
06:55:14.0425 0x9750 [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A0 9E5277983CB89B ] SessionEnv C:\Windows\system32\sessenv.dll
06:55:14.0440 0x9750 SessionEnv - ok
06:55:14.0444 0x9750 [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754F D8D429F3418835 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
06:55:14.0451 0x9750 sfloppy - ok
06:55:14.0460 0x9750 [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41 F415A94A19D3AB ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:55:14.0474 0x9750 SharedAccess - ok
06:55:14.0490 0x9750 [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D22 1A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:55:14.0511 0x9750 ShellHWDetection - ok
06:55:14.0515 0x9750 [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF7 8B307B6ADBC835 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
06:55:14.0521 0x9750 SiSRaid2 - ok
06:55:14.0525 0x9750 [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B 0980827627BBF4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
06:55:14.0532 0x9750 SiSRaid4 - ok
06:55:14.0540 0x9750 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069C CDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
06:55:14.0551 0x9750 SkypeUpdate - ok
06:55:14.0555 0x9750 [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153 B266C292CB7815 ] smphost C:\Windows\System32\smphost.dll
06:55:14.0561 0x9750 smphost - ok
06:55:14.0566 0x9750 [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9F B61D359B13F1B4 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:55:14.0573 0x9750 SNMPTRAP - ok
06:55:14.0586 0x9750 [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EF A1F9A0108691C4 ] spaceport C:\Windows\system32\drivers\spaceport.sys
06:55:14.0600 0x9750 spaceport - ok
06:55:14.0604 0x9750 [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B5 8600E9966C7E4D ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
06:55:14.0611 0x9750 SpbCx - ok
06:55:14.0627 0x9750 [ FCB156A6745631A67DEA61827061D483, 9275ABFA1E1E595969A71C0DA228D18D1B868BF46E097E1276 142BD80F8A32C9 ] Spooler C:\Windows\System32\spoolsv.exe
06:55:14.0651 0x9750 Spooler - ok
06:55:14.0749 0x9750 [ C993A0B97BECD3AAF5158E3869878465, 8B86F37DEFCBE55DE507D830EC4980EBB39B3CCA30C2B3E76B 588AAB282A50FC ] sppsvc C:\Windows\system32\sppsvc.exe
06:55:14.0879 0x9750 sppsvc - ok
06:55:14.0895 0x9750 [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CA CB0D83F84BE488 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:55:14.0911 0x9750 srv - ok
06:55:14.0922 0x17438 Object send P2P result: true
06:55:14.0926 0x9750 [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D013 2FBB825409A75D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:55:14.0946 0x9750 srv2 - ok
06:55:14.0954 0x9750 [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B9 6704B1CBD2F338 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:55:14.0967 0x9750 srvnet - ok
06:55:14.0973 0x9750 [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215 C9CD2476946811 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:55:14.0984 0x9750 SSDPSRV - ok
06:55:14.0993 0x9750 [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228F A93B2A536F5C27 ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:55:15.0002 0x9750 SstpSvc - ok
06:55:15.0006 0x9750 [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27 AC7551FCA002F8 ] stexstor C:\Windows\system32\drivers\stexstor.sys
06:55:15.0012 0x9750 stexstor - ok
06:55:15.0027 0x9750 [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378 B8CDD4DC352E69 ] stisvc C:\Windows\System32\wiaservc.dll
06:55:15.0050 0x9750 stisvc - ok
06:55:15.0055 0x9750 [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C7 1FF6A7E0CDED30 ] storahci C:\Windows\system32\drivers\storahci.sys
06:55:15.0063 0x9750 storahci - ok
06:55:15.0066 0x9750 [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2 E3FFFE97686D43 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
06:55:15.0072 0x9750 storflt - ok
06:55:15.0076 0x9750 [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF 70A2933306D188 ] stornvme C:\Windows\system32\drivers\stornvme.sys
06:55:15.0083 0x9750 stornvme - ok
06:55:15.0086 0x9750 [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A3463 6415DB12E0D381 ] StorSvc C:\Windows\system32\storsvc.dll
06:55:15.0096 0x9750 StorSvc - ok
06:55:15.0099 0x9750 [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89C AF13A83C6CA48D ] storvsc C:\Windows\system32\drivers\storvsc.sys
06:55:15.0106 0x9750 storvsc - ok
06:55:15.0110 0x9750 [ 7D123389FCD97D84881BA9C07012BA0C, 044442D8FCFE7935A025602F817C726576BA1C515CB594C432 0A8AC6D8DA8F41 ] storvsp C:\Windows\System32\drivers\storvsp.sys
06:55:15.0120 0x9750 storvsp - ok
06:55:15.0126 0x9750 [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E7 9F19A5626F6325 ] svsvc C:\Windows\system32\svsvc.dll
06:55:15.0136 0x9750 svsvc - ok
06:55:15.0147 0x9750 [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D31 85AD63F1D7A2EE ] swenum C:\Windows\System32\drivers\swenum.sys
06:55:15.0153 0x9750 swenum - ok
06:55:15.0176 0x9750 [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FA DB4DD82596C43E ] swprv C:\Windows\System32\swprv.dll
06:55:15.0195 0x9750 swprv - ok
06:55:15.0217 0x9750 [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F753 6C6D40C2570632 ] SysMain C:\Windows\system32\sysmain.dll
06:55:15.0246 0x9750 SysMain - ok
06:55:15.0255 0x9750 [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B 26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
06:55:15.0269 0x9750 SystemEventsBroker - ok
06:55:15.0274 0x9750 [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770 CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:55:15.0288 0x9750 TabletInputService - ok
06:55:15.0295 0x9750 [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA8 7EBBD21D61DECD ] TapiSrv C:\Windows\System32\tapisrv.dll
06:55:15.0311 0x9750 TapiSrv - ok
06:55:15.0352 0x9750 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADC E5461E259BCE82 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:55:15.0403 0x9750 Tcpip - ok
06:55:15.0446 0x9750 [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADC E5461E259BCE82 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:55:15.0497 0x9750 TCPIP6 - ok
06:55:15.0505 0x9750 [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118C D3FF6CB1C84C3F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:55:15.0515 0x9750 tcpipreg - ok
06:55:15.0520 0x9750 [ E0BD2D83875464FEEEB242CBA8B7E073, A3067165128F36035FA9F3CBA55CFED736E180C495497FA733 2B3D97908C3D90 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:55:15.0527 0x9750 tdx - ok
06:55:15.0631 0x9750 [ E72B44F86082DFE649CD991E3CD2F8B6, C5A1E53E41E48D3465A7D96886A1E5D1C3145C7E1A40FB74E3 A05EDC2DA04F84 ] TeamViewer C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
06:55:15.0740 0x9750 TeamViewer - ok
06:55:15.0749 0x9750 [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A 953BCC52445547 ] terminpt C:\Windows\System32\drivers\terminpt.sys
06:55:15.0756 0x9750 terminpt - ok
06:55:15.0777 0x9750 [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6 AE0030B3B03339 ] TermService C:\Windows\System32\termsrv.dll
06:55:15.0802 0x9750 TermService - ok
06:55:15.0806 0x9750 [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC502 75CF24B4D914DE ] Themes C:\Windows\system32\themeservice.dll
06:55:15.0814 0x9750 Themes - ok
06:55:15.0818 0x9750 [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C 160EF30AD6E64B ] THREADORDER C:\Windows\system32\mmcss.dll
06:55:15.0825 0x9750 THREADORDER - ok
06:55:15.0832 0x9750 [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9 DD43BAF27E3F5B ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
06:55:15.0846 0x9750 TimeBroker - ok
06:55:15.0852 0x9750 [ 80A2FC1A089A71F2DBE5D8394FFB009F, DEA30E751F6EA42E43E16869713FC7E37832B15DAFA0062B17 98DFA476981385 ] TPM C:\Windows\system32\drivers\tpm.sys
06:55:15.0860 0x9750 TPM - ok
06:55:15.0865 0x9750 [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED4495 8F100410F93506 ] TrkWks C:\Windows\System32\trkwks.dll
06:55:15.0874 0x9750 TrkWks - ok
06:55:15.0878 0x9750 [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6 BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:55:15.0889 0x9750 TrustedInstaller - ok
06:55:15.0894 0x9750 [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC 36CBB018A0DD0F ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:55:15.0902 0x9750 TsUsbFlt - ok
06:55:15.0906 0x9750 [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E8563 50CE149A34EA9F ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
06:55:15.0916 0x9750 TsUsbGD - ok
06:55:15.0921 0x9750 [ E85916632CD3B9E9B546968DB950BF42, DECE3852C763CC6293C7D1B772296C43A0AE1E47BBCC4979C9 6B3B2AD70413F3 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:55:15.0933 0x9750 tunnel - ok
06:55:15.0936 0x9750 [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CA B57D4E89A29468 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
06:55:15.0943 0x9750 uagp35 - ok
06:55:15.0947 0x9750 [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7 CAACFA9A449044 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
06:55:15.0954 0x9750 UASPStor - ok
06:55:15.0960 0x9750 [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF3 82AE7807F79EF0 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
06:55:15.0963 0x142a0 Object send P2P result: true
06:55:15.0969 0x9750 UCX01000 - ok
06:55:15.0977 0x9750 [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24 B0BC209EAFD67E ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:55:15.0991 0x9750 udfs - ok
06:55:15.0994 0x9750 [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA3 0516FDACCF6301 ] UEFI C:\Windows\System32\drivers\UEFI.sys
06:55:16.0000 0x9750 UEFI - ok
06:55:16.0005 0x9750 [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3 189D0719B6A277 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:55:16.0015 0x9750 UI0Detect - ok
06:55:16.0019 0x9750 [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0 DFA9EEA5928E98 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:55:16.0025 0x9750 uliagpkx - ok
06:55:16.0029 0x9750 [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C 3272818599FE32 ] umbus C:\Windows\System32\drivers\umbus.sys
06:55:16.0036 0x9750 umbus - ok

Part 2

06:55:16.0038 0x9750 [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D212 2A841BD9CDA8FA ] UmPass C:\Windows\System32\drivers\umpass.sys
06:55:16.0045 0x9750 UmPass - ok
06:55:16.0053 0x9750 [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A0 0F18227DE31D23 ] UmRdpService C:\Windows\System32\umrdp.dll
06:55:16.0067 0x9750 UmRdpService - ok
06:55:16.0077 0x9750 [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D 367E5BD699E800 ] upnphost C:\Windows\System32\upnphost.dll
06:55:16.0093 0x9750 upnphost - ok
06:55:16.0100 0x9750 [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D 4AE54432D4269D ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
06:55:16.0108 0x9750 usbccgp - ok
06:55:16.0114 0x9750 [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E 8605D50D528A80 ] usbcir C:\Windows\System32\drivers\usbcir.sys
06:55:16.0124 0x9750 usbcir - ok
06:55:16.0129 0x9750 [ BBFD17B6B954FC9FA02E62D604052069, 47D2B7228EABA7F37F69A1756B69FFFB19F0C2CC2869C5BF67 4E4FD9257488A2 ] usbehci C:\Windows\System32\drivers\usbehci.sys
06:55:16.0137 0x9750 usbehci - ok
06:55:16.0151 0x9750 [ CD81683F4553677B9BF5163A922153EB, 6B304B0D68B9BFF0245EC755CDAAF9DF59DF3A081727E32CB6 6672929F0DBC50 ] usbhub C:\Windows\System32\drivers\usbhub.sys
06:55:16.0166 0x9750 usbhub - ok
06:55:16.0180 0x9750 [ 5C90D5379B53590FBB24BBAD4FA682EE, DC036340510C1C0999AB1CB845F8E6EB8B7696BAC9BBE6E936 454C0000D1E9D4 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
06:55:16.0194 0x9750 USBHUB3 - ok
06:55:16.0198 0x9750 [ A0F0484C97D6441ED6A75D7426ECCC9E, FF928ADE1C5464E581BF929F7383D5762D110EA6C7E31A6F08 87EA7357ADBEFE ] usbohci C:\Windows\System32\drivers\usbohci.sys
06:55:16.0208 0x9750 usbohci - ok
06:55:16.0211 0x9750 [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5 C16EB5E949A516 ] usbprint C:\Windows\System32\drivers\usbprint.sys
06:55:16.0220 0x9750 usbprint - ok
06:55:16.0223 0x9750 [ 0F030491BA4A27BD46F8B8ACEEE83F1A, 7063855611BEF94D4D229BA1BE507ECBDD89F5861641A407EB 3E2919A352F9D4 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
06:55:16.0234 0x9750 usbscan - ok
06:55:16.0240 0x9750 [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CA DA46D9D7FED97C ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
06:55:16.0249 0x9750 USBSTOR - ok
06:55:16.0254 0x9750 [ FC974B03C8B87455F44F734C8F31A3C8, D69F6EE8030F7DF96FF151D9EAA6AE65417ACAC5A267C7DB96 E9611D5BC42D2C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
06:55:16.0260 0x9750 usbuhci - ok
06:55:16.0270 0x9750 [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD72 87CD71FD86961C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
06:55:16.0282 0x9750 USBXHCI - ok
06:55:16.0286 0x9750 [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F8 1AF7430FDC556F ] VaultSvc C:\Windows\system32\lsass.exe
06:55:16.0293 0x9750 VaultSvc - ok
06:55:16.0296 0x9750 [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16 D7B1BF829223FF ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:55:16.0302 0x9750 vdrvroot - ok
06:55:16.0326 0x9750 [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EE F11E54B0BF983D ] vds C:\Windows\System32\vds.exe
06:55:16.0354 0x9750 vds - ok
06:55:16.0361 0x9750 [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E 90AC59F9F46089 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
06:55:16.0369 0x9750 VerifierExt - ok
06:55:16.0386 0x9750 [ C06E8481E068F170A258441639AC5792, 2F550530BACB511A195D5047F003B01CB6E04FA9A0DCCF638C B3D51FF5467DC7 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
06:55:16.0402 0x9750 vhdmp - ok
06:55:16.0406 0x9750 [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B4049 2B218DF65EBF68 ] viaide C:\Windows\system32\drivers\viaide.sys
06:55:16.0412 0x9750 viaide - ok
06:55:16.0418 0x9750 [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361E ED9E23CC7CD42C ] Vid C:\Windows\System32\drivers\Vid.sys
06:55:16.0428 0x9750 Vid - ok
06:55:16.0432 0x9750 [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E 7365ECD9E25A21 ] vmbus C:\Windows\system32\drivers\vmbus.sys
06:55:16.0439 0x9750 vmbus - ok
06:55:16.0442 0x9750 [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F9 2F98C9FE53A5B8 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
06:55:16.0448 0x9750 VMBusHID - ok
06:55:16.0453 0x9750 [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD 35A43C06ED33CD ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
06:55:16.0461 0x9750 vmbusr - ok
06:55:16.0473 0x9750 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943 D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
06:55:16.0488 0x9750 vmicguestinterface - ok
06:55:16.0499 0x9750 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943 D8CBEE6C01D4F0 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
06:55:16.0514 0x9750 vmicheartbeat - ok
06:55:16.0525 0x9750 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943 D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
06:55:16.0540 0x9750 vmickvpexchange - ok
06:55:16.0551 0x9750 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943 D8CBEE6C01D4F0 ] vmicrdv C:\Windows\System32\ICSvc.dll
06:55:16.0566 0x9750 vmicrdv - ok
06:55:16.0576 0x9750 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943 D8CBEE6C01D4F0 ] vmicshutdown C:\Windows\System32\ICSvc.dll
06:55:16.0591 0x9750 vmicshutdown - ok
06:55:16.0602 0x9750 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943 D8CBEE6C01D4F0 ] vmictimesync C:\Windows\System32\ICSvc.dll
06:55:16.0617 0x9750 vmictimesync - ok
06:55:16.0628 0x9750 [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943 D8CBEE6C01D4F0 ] vmicvss C:\Windows\System32\ICSvc.dll
06:55:16.0643 0x9750 vmicvss - ok
06:55:16.0648 0x9750 [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227 BD15500AE7F45F ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:55:16.0655 0x9750 volmgr - ok
06:55:16.0664 0x9750 [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281 816457AD8813F5 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:55:16.0676 0x9750 volmgrx - ok
06:55:16.0686 0x9750 [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06 D6F41484594386 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:55:16.0697 0x9750 volsnap - ok
06:55:16.0701 0x9750 [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B 9F95BB8737E0D4 ] vpci C:\Windows\System32\drivers\vpci.sys
06:55:16.0707 0x9750 vpci - ok
06:55:16.0710 0x9750 [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8 BD96366BCB02DA ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
06:55:16.0718 0x9750 vpcivsp - ok
06:55:16.0723 0x9750 [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB583 07F6EB62237E2C ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
06:55:16.0731 0x9750 vsmraid - ok
06:55:16.0756 0x9750 [ 94FAFD473CDD80CE19A21FB9503D7ED1, 953E5E8C753C0017E1258695A76F60CC05D283F7476B9D9C5C 8AC78B8E3FCE18 ] VSS C:\Windows\system32\vssvc.exe
06:55:16.0788 0x9750 VSS - ok
06:55:16.0797 0x9750 [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC999 9D81543EBCAEC5 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
06:55:16.0808 0x9750 VSTXRAID - ok
06:55:16.0812 0x9750 [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB1 9D0A891830E383 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:55:16.0822 0x9750 vwifibus - ok
06:55:16.0826 0x9750 [ 35BF5C5F5E3C9902C98978C7640574DA, C61E50B04000DCEC72365723F0C0725C2E005529DAF2777A59 E624C14DA29E55 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:55:16.0836 0x9750 vwififlt - ok
06:55:16.0840 0x9750 [ 65ED7B9CFEA893DF7748D5FF692690DE, 73AB9D8BB928B3247BDFC7BB47AD7FCA763B375DC250C251DB 4E0573531040E8 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
06:55:16.0847 0x9750 vwifimp - ok
06:55:16.0856 0x9750 [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9 070217A069B96F ] W32Time C:\Windows\system32\w32time.dll
06:55:16.0874 0x9750 W32Time - ok
06:55:16.0877 0x9750 [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3 456A5A09EE1C6B ] WacomPen C:\Windows\System32\drivers\wacompen.sys
06:55:16.0884 0x9750 WacomPen - ok
06:55:16.0913 0x9750 [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A52 4D9F019CC836FB ] wbengine C:\Windows\system32\wbengine.exe
06:55:16.0949 0x9750 wbengine - ok
06:55:16.0962 0x9750 [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB0 0AE217E04ACA17 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:55:16.0980 0x9750 WbioSrvc - ok
06:55:16.0989 0x9750 [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC2 3C9706E9BF0175 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
06:55:17.0002 0x9750 Wcmsvc - ok
06:55:17.0014 0x9750 [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6 C1DD3F7F9AA4C5 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:55:17.0027 0x9750 wcncsvc - ok
06:55:17.0031 0x9750 [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FF A2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:55:17.0043 0x9750 WcsPlugInService - ok
06:55:17.0046 0x9750 [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C 14F7B338A6F235 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
06:55:17.0052 0x9750 WdBoot - ok
06:55:17.0069 0x9750 [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B 4E38C6961AD884 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:55:17.0088 0x9750 Wdf01000 - ok
06:55:17.0095 0x9750 [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204 514FD20652FE40 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
06:55:17.0106 0x9750 WdFilter - ok
06:55:17.0110 0x9750 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B 2E29EE4CA267A9 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:55:17.0120 0x9750 WdiServiceHost - ok
06:55:17.0123 0x9750 [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B 2E29EE4CA267A9 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:55:17.0132 0x9750 WdiSystemHost - ok
06:55:17.0136 0x9750 [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417B CFD0C331DBD282 ] WdNisDrv C:\Windows\system32\Drivers\WdNisDrv.sys
06:55:17.0144 0x9750 WdNisDrv - ok
06:55:17.0146 0x9750 WdNisSvc - ok
06:55:17.0152 0x9750 [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE 51B0305FD7D75E ] WebClient C:\Windows\System32\webclnt.dll
06:55:17.0165 0x9750 WebClient - ok
06:55:17.0171 0x9750 [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B 4DEA514E245315 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:55:17.0182 0x9750 Wecsvc - ok
06:55:17.0185 0x9750 [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAE AA190F6287CAEF ] WEPHOSTSVC C:\Windows\system32\wephostsvc.dll
06:55:17.0193 0x9750 WEPHOSTSVC - ok
06:55:17.0197 0x9750 [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516 171638549666B5 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:55:17.0212 0x9750 wercplsupport - ok
06:55:17.0216 0x9750 [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1F E285047268685D ] WerSvc C:\Windows\System32\WerSvc.dll
06:55:17.0226 0x9750 WerSvc - ok
06:55:17.0231 0x9750 [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD4 0B656EE40FE166 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
06:55:17.0239 0x9750 WFPLWFS - ok
06:55:17.0243 0x9750 [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E78907135400 80D03D5629C81D ] WiaRpc C:\Windows\System32\wiarpc.dll
06:55:17.0251 0x9750 WiaRpc - ok
06:55:17.0254 0x9750 [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D78185535579259 6D2419160263C2 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:55:17.0260 0x9750 WIMMount - ok
06:55:17.0261 0x9750 WinDefend - ok
06:55:17.0279 0x9750 [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F 735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
06:55:17.0301 0x9750 WinHttpAutoProxySvc - ok
06:55:17.0311 0x9750 [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D50 7135469D6D3CDD ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:55:17.0324 0x9750 Winmgmt - ok
06:55:17.0367 0x9750 [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE3 6F2CAB2D2E63D0 ] WinRM C:\Windows\system32\WsmSvc.dll
06:55:17.0417 0x9750 WinRM - ok
06:55:17.0426 0x9750 [ 3AF1FA17F1C4ACBDB660D8F98B1A9C13, 99B0851410B462685F6705EBF832D10943FB9634030B02D15B F5D0C66F26F2C2 ] WinUsb C:\Windows\System32\drivers\WinUsb.sys
06:55:17.0437 0x9750 WinUsb - ok
06:55:17.0465 0x9750 [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85 554267DF0D3249 ] WlanSvc C:\Windows\System32\wlansvc.dll
06:55:17.0496 0x9750 WlanSvc - ok
06:55:17.0526 0x9750 [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B 0CEA9BE9792AE4 ] wlidsvc C:\Windows\system32\wlidsvc.dll
06:55:17.0559 0x9750 wlidsvc - ok
06:55:17.0564 0x9750 [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3 FBD6865F436A44 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
06:55:17.0570 0x9750 WmiAcpi - ok
06:55:17.0577 0x9750 [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD378 86DDE604FF0D9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:55:17.0587 0x9750 wmiApSrv - ok
06:55:17.0589 0x9750 WMPNetworkSvc - ok
06:55:17.0594 0x9750 [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEA DC14B908613D4E ] Wof C:\Windows\system32\drivers\Wof.sys
06:55:17.0603 0x9750 Wof - ok
06:55:17.0633 0x9750 [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5 F95A006156C5D3 ] workfolderssvc C:\Windows\system32\workfolderssvc.dll
06:55:17.0669 0x9750 workfolderssvc - ok
06:55:17.0674 0x9750 [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028 192E4D09ABB2C5 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
06:55:17.0680 0x9750 wpcfltr - ok
06:55:17.0683 0x9750 [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28F AC05840CEA19BA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:55:17.0693 0x9750 WPCSvc - ok
06:55:17.0697 0x9750 [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D 1694945D9073BB ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:55:17.0709 0x9750 WPDBusEnum - ok
06:55:17.0712 0x9750 [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A 3389F938D680B6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
06:55:17.0718 0x9750 WpdUpFltr - ok
06:55:17.0721 0x9750 [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD4 10E8CEA7899EDB ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:55:17.0728 0x9750 ws2ifsl - ok
06:55:17.0734 0x9750 [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551 155EAC8E53DCB2 ] wscsvc C:\Windows\System32\wscsvc.dll
06:55:17.0746 0x9750 wscsvc - ok
06:55:17.0749 0x9750 [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC82 1D3095AFAA100B ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
06:55:17.0756 0x9750 WSDPrintDevice - ok
06:55:17.0759 0x9750 [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758 CDC713EB64DFEF ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
06:55:17.0765 0x9750 WSDScan - ok
06:55:17.0768 0x9750 WSearch - ok
06:55:17.0824 0x9750 [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B 7DC43C5C199EDC ] WSService C:\Windows\System32\WSService.dll
06:55:17.0897 0x9750 WSService - ok
06:55:17.0956 0x9750 [ 688DAAE720E39DA86822785195646663, DB6E0F89496BB74EDF8378E6AE06364B19249701F6ACD176A0 DCA1951E81A63D ] wuauserv C:\Windows\system32\wuaueng.dll
06:55:18.0024 0x9750 wuauserv - ok
06:55:18.0032 0x9750 [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677 E8B96B0FAD988F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:55:18.0039 0x9750 WudfPf - ok
06:55:18.0045 0x9750 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04B A21E58394BB751 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
06:55:18.0054 0x9750 WUDFRd - ok
06:55:18.0059 0x9750 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04B A21E58394BB751 ] WUDFSensorLP C:\Windows\System32\drivers\WUDFRd.sys
06:55:18.0068 0x9750 WUDFSensorLP - ok
06:55:18.0073 0x9750 [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B9 94A025A484D2B7 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:55:18.0081 0x9750 wudfsvc - ok
06:55:18.0087 0x9750 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04B A21E58394BB751 ] WUDFWpdFs C:\Windows\System32\drivers\WUDFRd.sys
06:55:18.0097 0x9750 WUDFWpdFs - ok
06:55:18.0102 0x9750 [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04B A21E58394BB751 ] WUDFWpdMtp C:\Windows\System32\drivers\WUDFRd.sys
06:55:18.0111 0x9750 WUDFWpdMtp - ok
06:55:18.0122 0x9750 [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F 3F606079A86184 ] WwanSvc C:\Windows\System32\wwansvc.dll
06:55:18.0137 0x9750 WwanSvc - ok
06:55:18.0145 0x9750 ================ Scan global ===============================
06:55:18.0150 0x9750 [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E3484 25BBFCDE4DCDC3 ] C:\Windows\system32\basesrv.dll
06:55:18.0156 0x9750 [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14 783C9C563202CA ] C:\Windows\system32\winsrv.dll
06:55:18.0163 0x9750 [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C9695 5AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
06:55:18.0172 0x9750 [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F 26AAD035C69DE0 ] C:\Windows\system32\services.exe
06:55:18.0178 0x9750 [ Global ] - ok
06:55:18.0178 0x9750 ================ Scan MBR ==================================
06:55:18.0180 0x9750 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
06:55:18.0207 0x9750 \Device\Harddisk0\DR0 - ok
06:55:18.0207 0x9750 ================ Scan VBR ==================================
06:55:18.0209 0x9750 [ 6AB70F3F7D5375750E9314A2DB99A6D6 ] \Device\Harddisk0\DR0\Partition1
06:55:18.0209 0x9750 \Device\Harddisk0\DR0\Partition1 - ok
06:55:18.0212 0x9750 [ F857D0639395FDF1CDB1B246D7F5383C ] \Device\Harddisk0\DR0\Partition2
06:55:18.0212 0x9750 \Device\Harddisk0\DR0\Partition2 - ok
06:55:18.0214 0x9750 [ E8B39EF70C261AD011A770F6ECFA8A97 ] \Device\Harddisk0\DR0\Partition3
06:55:18.0214 0x9750 \Device\Harddisk0\DR0\Partition3 - ok
06:55:18.0216 0x9750 [ 768BFC72C3C089951EF654A5801484A3 ] \Device\Harddisk0\DR0\Partition4
06:55:18.0217 0x9750 \Device\Harddisk0\DR0\Partition4 - ok
06:55:18.0218 0x9750 ================ Scan generic autorun ======================
06:55:18.0226 0x9750 [ 0EAE939B0D0FAB8E92070E9EBD4796FD, BD45E996A936DCF587D18C2FAEDD860F06D0890C845B25F1C3 5168E03607486F ] C:\Windows\system32\igfxtray.exe
06:55:18.0236 0x9750 IgfxTray - ok
06:55:18.0249 0x9750 [ 141E537EB589E94701D8E352A1963ED3, 482CA7336712755851504FD1F895D701293E92D7F834BF77F0 DA7FFCFCEE0154 ] C:\Windows\system32\hkcmd.exe
06:55:18.0266 0x9750 HotKeysCmds - ok
06:55:18.0281 0x9750 [ 5A4FE3D8D6A23254554F5A239F903F71, 8734352A94255268E1436EEF01AB87CCA1529DC009074181BF F3161B8E08AF9A ] C:\Windows\system32\igfxpers.exe
06:55:18.0297 0x9750 Persistence - ok
06:55:18.0313 0x9750 [ 72E3226A57073ED8D2DD442F4518A976, E1A7971C9343F950FD4CB6E98E7B22B72F96877B9C56345A1C C162DD5427D5C8 ] C:\Program Files\Boot Camp\Bootcamp.exe
06:55:18.0327 0x9750 Apple_KbdMgr - ok
06:55:18.0331 0x9750 [ 6C308D32AFA41D26CE2A0EA8F7B79565, 5CC2C563D89257964C4B446F54AFE1E57BBEE49315A9FC001F F5A6BCB6650393 ] C:\Windows\system32\rundll32.exe
06:55:18.0345 0x9750 Logitech Download Assistant - ok
06:55:18.0351 0x9750 [ 7C6D524C78A1722AD987B9E47AC1FEE2, FFDC6C92ABB547D0DCD2621EC423C755A78079B061A41FA175 1A56799D1A79A5 ] C:\Users\pauloneill86\AppData\Local\Dropbox\Update \DropboxUpdate.exe
06:55:18.0357 0x9750 Dropbox Update - ok
06:55:18.0413 0x9750 [ 928466D2DD5BE2BCDABC6D770E13DA8A, 437CFB67EF43A67575446AA9E818BF372847D399CD8AD505E9 2401722B088074 ] C:\Program Files (x86)\Gyazo\GyStation.exe
06:55:18.0472 0x9750 Gyazo - ok
06:55:18.0475 0x9750 Waiting for KSN requests completion. In queue: 333
06:55:19.0477 0x9750 Waiting for KSN requests completion. In queue: 333
06:55:20.0478 0x9750 Waiting for KSN requests completion. In queue: 20
06:55:20.0887 0x163e0 Object required for P2P: [ 928466D2DD5BE2BCDABC6D770E13DA8A ] C:\Program Files (x86)\Gyazo\GyStation.exe
06:55:21.0478 0x9750 Waiting for KSN requests completion. In queue: 1
06:55:22.0479 0x9750 Waiting for KSN requests completion. In queue: 1
06:55:23.0480 0x9750 Waiting for KSN requests completion. In queue: 1
06:55:23.0603 0x163e0 Object send P2P result: true
06:55:24.0500 0x9750 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x61100 ( enabled : updated )
06:55:24.0505 0x9750 Win FW state via NFP2: enabled ( trusted )
06:55:26.0983 0x9750 ================================================== ==========
06:55:26.0983 0x9750 Scan finished
06:55:26.0983 0x9750 ================================================== ==========
06:55:27.0004 0xb350 Detected object count: 0
06:55:27.0004 0xb350 Actual detected object count: 0

OTL.txt report - Part 1

OTL logfile created on: 2/1/2016 7:04:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pauloneill86\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18161)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.37 Gb Available Physical Memory | 77.77% Memory free
20.41 Gb Paging File | 13.37 Gb Available in Paging File | 65.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.42 Gb Total Space | 34.07 Gb Free Space | 24.26% Space Free | Partition Type: NTFS

Computer Name: PAUL | User Name: pauloneill86 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/02/01 07:00:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
PRC - [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/01/19 18:10:36 | 003,586,848 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe
PRC - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/12/14 10:43:10 | 006,889,232 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/12/08 16:36:58 | 024,952,456 | ---- | M] (Dropbox, Inc.) -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Dropbox.exe
PRC - [2014/01/31 20:54:33 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2015/12/08 16:36:50 | 000,024,904 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
MOD - [2015/12/08 16:36:50 | 000,021,840 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
MOD - [2015/12/08 16:36:50 | 000,021,320 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_pywin_kernel32_xde9e4433x360333f0.pyd
MOD - [2015/12/08 16:36:48 | 000,023,376 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2015/12/08 16:36:48 | 000,020,800 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_python_x66cf7a7cx17a72769.pyd
MOD - [2015/12/08 16:36:46 | 000,381,752 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32com.shell.shell.pyd
MOD - [2015/12/08 16:36:46 | 000,019,760 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ tornado.speedups.pyd
MOD - [2015/12/08 16:36:42 | 003,891,504 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtWidgets.pyd
MOD - [2015/12/08 16:36:40 | 000,225,080 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtWebKitWidgets.pyd
MOD - [2015/12/08 16:36:40 | 000,133,936 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtWebKit.pyd
MOD - [2015/12/08 16:36:38 | 000,486,704 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtQuick.pyd
MOD - [2015/12/08 16:36:38 | 000,357,680 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtQml.pyd
MOD - [2015/12/08 16:36:36 | 001,950,000 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtGui.pyd
MOD - [2015/12/08 16:36:36 | 000,519,984 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtNetwork.pyd
MOD - [2015/12/08 16:36:36 | 000,207,672 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtPrintSupport.pyd
MOD - [2015/12/08 16:36:34 | 001,826,608 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtCore.pyd
MOD - [2015/12/08 16:36:32 | 000,052,024 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ psutil._psutil_windows.pyd
MOD - [2015/12/08 16:36:32 | 000,024,392 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ librsyncffi.compiled._librsyncffi.pyd
MOD - [2015/12/08 16:36:30 | 000,038,696 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ fastpath.pyd
MOD - [2015/12/08 16:36:28 | 001,737,032 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cryptography.hazmat.bindings._openssl.pyd
MOD - [2015/12/08 16:36:28 | 000,084,792 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ dropbox_sqlite_ext.dll
MOD - [2015/12/08 16:36:28 | 000,020,808 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cryptography.hazmat.bindings._padding.pyd
MOD - [2015/12/08 16:36:26 | 000,023,352 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Util._counter.pyd
MOD - [2015/12/08 16:36:26 | 000,020,816 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cryptography.hazmat.bindings._constant_time.pyd
MOD - [2015/12/08 16:36:24 | 000,022,848 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Random.OSRNG.winrandom.pyd
MOD - [2015/12/08 16:36:24 | 000,021,304 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Util.strxor.pyd
MOD - [2015/12/08 16:36:22 | 000,117,056 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ breakpad.client.windows.handler.pyd
MOD - [2015/12/08 16:36:22 | 000,042,296 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Cipher._AES.pyd
MOD - [2015/12/08 16:36:22 | 000,020,280 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cpuid.compiled._cpuid.pyd
MOD - [2015/10/30 20:01:00 | 000,019,920 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick.2\qtquick2plugin.dll
MOD - [2015/10/30 20:00:58 | 000,786,904 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2015/10/30 20:00:58 | 000,063,448 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2015/10/30 20:00:58 | 000,019,408 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick\Window.2\windowplugin.dll
MOD - [2015/10/30 20:00:26 | 000,036,296 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ librsync.dll
MOD - [2015/10/30 20:00:24 | 000,350,152 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ winxpgui.pyd
MOD - [2015/10/30 20:00:22 | 000,048,592 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32service.pyd
MOD - [2015/10/30 20:00:22 | 000,028,616 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32ts.pyd
MOD - [2015/10/30 20:00:20 | 000,114,640 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32security.pyd
MOD - [2015/10/30 20:00:20 | 000,043,472 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32process.pyd
MOD - [2015/10/30 20:00:20 | 000,024,016 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32profile.pyd
MOD - [2015/10/30 20:00:18 | 000,175,560 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32gui.pyd
MOD - [2015/10/30 20:00:18 | 000,030,160 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32pipe.pyd
MOD - [2015/10/30 20:00:16 | 000,124,880 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32file.pyd
MOD - [2015/10/30 20:00:16 | 000,024,528 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32event.pyd
MOD - [2015/10/30 20:00:14 | 000,105,928 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32api.pyd
MOD - [2015/10/30 20:00:14 | 000,024,016 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32clipboard.pyd
MOD - [2015/10/30 20:00:14 | 000,020,936 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ mmapfile.pyd
MOD - [2015/10/30 20:00:10 | 000,109,520 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_backend.pyd
MOD - [2015/10/30 20:00:08 | 000,240,584 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ jpegtran.pyd
MOD - [2015/10/30 20:00:08 | 000,083,912 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ sip.pyd
MOD - [2015/10/30 20:00:06 | 000,019,408 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ faulthandler.pyd
MOD - [2015/10/30 19:59:54 | 000,134,608 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _elementtree.pyd
MOD - [2015/10/30 19:59:54 | 000,034,768 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _multiprocessing.pyd
MOD - [2015/10/30 19:59:52 | 000,692,688 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ unicodedata.pyd
MOD - [2015/10/30 19:59:52 | 000,093,640 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _ctypes.pyd
MOD - [2015/10/30 19:59:50 | 000,134,088 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ pyexpat.pyd
MOD - [2015/10/30 19:59:50 | 000,018,376 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ select.pyd
MOD - [2015/10/30 19:59:48 | 000,392,144 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ pythoncom27.dll
MOD - [2015/10/30 19:59:48 | 000,116,688 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ pywintypes27.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/12/23 03:23:14 | 000,476,024 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2015/07/22 08:52:08 | 001,633,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/16 13:58:34 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/07 04:39:32 | 000,366,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/07 04:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/05/30 14:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/05/12 08:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/05/07 10:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2015/02/20 18:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/28 23:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/10/28 22:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/28 22:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConf ig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/28 21:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/28 21:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/28 21:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/28 21:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/28 21:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/10/28 21:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/28 20:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/28 20:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/28 20:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/28 20:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/28 20:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/28 20:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/28 20:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/28 20:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/28 20:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/28 20:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/28 20:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/28 20:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/28 20:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/28 20:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/28 19:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/28 19:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/10/28 19:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/02/06 15:36:02 | 000,226,112 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2012/09/21 03:01:39 | 000,111,104 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-x64-9.0)
SRV - [2016/01/28 18:47:15 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/01/20 08:04:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe -- (c2cautoupdatesvc)
SRV - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/12/14 10:43:10 | 006,889,232 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 04:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/05/07 10:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/28 22:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfi g.dll -- (PrintNotify)
SRV - [2014/10/28 20:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 20:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/01/31 20:54:33 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/12 04:05:38 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/24 17:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/12/23 03:23:14 | 002,993,896 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2015/10/11 01:34:30 | 000,468,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/09 10:43:40 | 000,071,648 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applewirelessmouse.sy s -- (applewirelessmouse)
DRV:64bit: - [2015/10/09 10:43:36 | 000,043,488 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2015/10/05 04:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 04:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/29 07:24:42 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/07 04:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/07 04:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/07 04:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/04/16 01:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/03/19 20:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/03/12 23:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/03/08 21:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/03/08 21:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2015/03/04 05:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/11/10 13:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/28 22:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/28 22:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/28 22:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/28 21:47:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2014/10/28 21:47:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2014/10/28 21:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/28 21:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/28 21:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/28 21:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/28 21:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/15 03:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/12 21:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 21:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/07 01:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/07 01:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/02/22 10:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 07:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/02/06 15:36:08 | 000,016,672 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2014/02/06 15:36:06 | 000,072,992 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2014/02/06 15:36:06 | 000,023,328 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2014/02/06 15:36:06 | 000,018,208 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2014/01/31 20:54:31 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/01/10 12:54:41 | 008,497,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2013/12/12 04:05:42 | 004,195,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/12 04:05:38 | 000,449,496 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/12/04 13:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/12/04 13:18:38 | 001,793,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleCamera.sys -- (AppleCamera)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/17 17:41:31 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/10/17 17:41:31 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/10/17 11:24:15 | 000,056,720 | ---- | M] (Cirrus Logic Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CSLFD.sys -- (CirrusLFD)
DRV:64bit: - [2013/10/17 11:24:15 | 000,011,928 | ---- | M] (Cirrus Logic Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CSUFD.sys -- (CirrusUFD)
DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/14 09:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/06 12:35:16 | 000,039,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2013/09/06 12:35:16 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2013/09/04 00:16:17 | 000,012,800 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppleSDR.sys -- (AppleSDR)
DRV:64bit: - [2013/08/22 14:11:19 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 14:11:12 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 14:11:12 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 14:11:12 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 14:11:12 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2012/12/24 04:36:24 | 000,020,480 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 72 40 79 00 35 D1 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "MT"
FF - prefs.js..browser.search.region: "MT"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_ 286.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_ 286.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/02/26 17:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pauloneill86\AppData\Roaming\Mozilla\Exte nsions
[2016/01/19 13:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pauloneill86\AppData\Roaming\Mozilla\Fire fox\Profiles\h58s0tel.default\extensions
[2016/01/19 13:14:47 | 001,001,911 | ---- | M] () (No name found) -- C:\Users\pauloneill86\AppData\Roaming\Mozilla\Fire fox\Profiles\h58s0tel.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/02/01 06:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/01/28 18:47:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.9_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap\1.1_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi\1.0_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\8.1_0\

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [Dropbox Update] C:\Users\pauloneill86\AppData\Local\Dropbox\Update \DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - Startup: C:\Users\pauloneill86\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{6F5C273D-3C62-42C8-8C11-925D25049AC2}: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{F6836B15-5D13-4867-8C42-A55D367B408F}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:64bit: MsKeyboardFilter - C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {78E345F7-E976-3595-9C30-2458D6A8EC32} - .NET Framework
ActiveX:64bit: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:64bit: {81DCEDC9-DC5C-48AF-946A-45C09E8A33F0} - C:\Windows\system32\msiexec.exe /fu {FA2B2C2A-EA41-495A-9308-60726125D562} /qb+
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

OTL.txt report - Part 1

OTL logfile created on: 2/1/2016 7:04:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pauloneill86\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18161)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.37 Gb Available Physical Memory | 77.77% Memory free
20.41 Gb Paging File | 13.37 Gb Available in Paging File | 65.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.42 Gb Total Space | 34.07 Gb Free Space | 24.26% Space Free | Partition Type: NTFS

Computer Name: PAUL | User Name: pauloneill86 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/02/01 07:00:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
PRC - [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2016/01/19 18:10:36 | 003,586,848 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe
PRC - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2015/12/14 10:43:10 | 006,889,232 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2015/12/08 16:36:58 | 024,952,456 | ---- | M] (Dropbox, Inc.) -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Dropbox.exe
PRC - [2014/01/31 20:54:33 | 000,368,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2015/12/08 16:36:50 | 000,024,904 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
MOD - [2015/12/08 16:36:50 | 000,021,840 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
MOD - [2015/12/08 16:36:50 | 000,021,320 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_pywin_kernel32_xde9e4433x360333f0.pyd
MOD - [2015/12/08 16:36:48 | 000,023,376 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2015/12/08 16:36:48 | 000,020,800 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_python_x66cf7a7cx17a72769.pyd
MOD - [2015/12/08 16:36:46 | 000,381,752 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32com.shell.shell.pyd
MOD - [2015/12/08 16:36:46 | 000,019,760 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ tornado.speedups.pyd
MOD - [2015/12/08 16:36:42 | 003,891,504 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtWidgets.pyd
MOD - [2015/12/08 16:36:40 | 000,225,080 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtWebKitWidgets.pyd
MOD - [2015/12/08 16:36:40 | 000,133,936 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtWebKit.pyd
MOD - [2015/12/08 16:36:38 | 000,486,704 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtQuick.pyd
MOD - [2015/12/08 16:36:38 | 000,357,680 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtQml.pyd
MOD - [2015/12/08 16:36:36 | 001,950,000 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtGui.pyd
MOD - [2015/12/08 16:36:36 | 000,519,984 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtNetwork.pyd
MOD - [2015/12/08 16:36:36 | 000,207,672 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtPrintSupport.pyd
MOD - [2015/12/08 16:36:34 | 001,826,608 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ PyQt5.QtCore.pyd
MOD - [2015/12/08 16:36:32 | 000,052,024 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ psutil._psutil_windows.pyd
MOD - [2015/12/08 16:36:32 | 000,024,392 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ librsyncffi.compiled._librsyncffi.pyd
MOD - [2015/12/08 16:36:30 | 000,038,696 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ fastpath.pyd
MOD - [2015/12/08 16:36:28 | 001,737,032 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cryptography.hazmat.bindings._openssl.pyd
MOD - [2015/12/08 16:36:28 | 000,084,792 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ dropbox_sqlite_ext.dll
MOD - [2015/12/08 16:36:28 | 000,020,808 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cryptography.hazmat.bindings._padding.pyd
MOD - [2015/12/08 16:36:26 | 000,023,352 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Util._counter.pyd
MOD - [2015/12/08 16:36:26 | 000,020,816 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cryptography.hazmat.bindings._constant_time.pyd
MOD - [2015/12/08 16:36:24 | 000,022,848 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Random.OSRNG.winrandom.pyd
MOD - [2015/12/08 16:36:24 | 000,021,304 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Util.strxor.pyd
MOD - [2015/12/08 16:36:22 | 000,117,056 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ breakpad.client.windows.handler.pyd
MOD - [2015/12/08 16:36:22 | 000,042,296 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Crypto.Cipher._AES.pyd
MOD - [2015/12/08 16:36:22 | 000,020,280 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ cpuid.compiled._cpuid.pyd
MOD - [2015/10/30 20:01:00 | 000,019,920 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick.2\qtquick2plugin.dll
MOD - [2015/10/30 20:00:58 | 000,786,904 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick\Controls\qtquickcontrolsplugin.dll
MOD - [2015/10/30 20:00:58 | 000,063,448 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick\Layouts\qquicklayoutsplugin.dll
MOD - [2015/10/30 20:00:58 | 000,019,408 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ QtQuick\Window.2\windowplugin.dll
MOD - [2015/10/30 20:00:26 | 000,036,296 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ librsync.dll
MOD - [2015/10/30 20:00:24 | 000,350,152 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ winxpgui.pyd
MOD - [2015/10/30 20:00:22 | 000,048,592 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32service.pyd
MOD - [2015/10/30 20:00:22 | 000,028,616 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32ts.pyd
MOD - [2015/10/30 20:00:20 | 000,114,640 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32security.pyd
MOD - [2015/10/30 20:00:20 | 000,043,472 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32process.pyd
MOD - [2015/10/30 20:00:20 | 000,024,016 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32profile.pyd
MOD - [2015/10/30 20:00:18 | 000,175,560 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32gui.pyd
MOD - [2015/10/30 20:00:18 | 000,030,160 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32pipe.pyd
MOD - [2015/10/30 20:00:16 | 000,124,880 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32file.pyd
MOD - [2015/10/30 20:00:16 | 000,024,528 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32event.pyd
MOD - [2015/10/30 20:00:14 | 000,105,928 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32api.pyd
MOD - [2015/10/30 20:00:14 | 000,024,016 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ win32clipboard.pyd
MOD - [2015/10/30 20:00:14 | 000,020,936 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ mmapfile.pyd
MOD - [2015/10/30 20:00:10 | 000,109,520 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _cffi_backend.pyd
MOD - [2015/10/30 20:00:08 | 000,240,584 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ jpegtran.pyd
MOD - [2015/10/30 20:00:08 | 000,083,912 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ sip.pyd
MOD - [2015/10/30 20:00:06 | 000,019,408 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ faulthandler.pyd
MOD - [2015/10/30 19:59:54 | 000,134,608 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _elementtree.pyd
MOD - [2015/10/30 19:59:54 | 000,034,768 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _multiprocessing.pyd
MOD - [2015/10/30 19:59:52 | 000,692,688 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ unicodedata.pyd
MOD - [2015/10/30 19:59:52 | 000,093,640 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ _ctypes.pyd
MOD - [2015/10/30 19:59:50 | 000,134,088 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ pyexpat.pyd
MOD - [2015/10/30 19:59:50 | 000,018,376 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ select.pyd
MOD - [2015/10/30 19:59:48 | 000,392,144 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ pythoncom27.dll
MOD - [2015/10/30 19:59:48 | 000,116,688 | ---- | M] () -- C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ pywintypes27.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/12/23 03:23:14 | 000,476,024 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\Windows\SysNative\appdrvrem01.exe -- (appdrvrem01)
SRV:64bit: - [2015/07/22 08:52:08 | 001,633,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/07/16 13:58:34 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2015/07/07 04:39:32 | 000,366,552 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2015/07/07 04:39:32 | 000,023,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2015/05/30 14:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2015/05/12 08:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2015/05/07 10:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2015/02/20 18:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/10/30 23:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/10/28 23:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:64bit: - [2014/10/28 22:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/10/28 22:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConf ig.dll -- (PrintNotify)
SRV:64bit: - [2014/10/28 21:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2014/10/28 21:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2014/10/28 21:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2014/10/28 21:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2014/10/28 21:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2014/10/28 21:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2014/10/28 20:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2014/10/28 20:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2014/10/28 20:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2014/10/28 20:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2014/10/28 20:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2014/10/28 20:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2014/10/28 20:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2014/10/28 20:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2014/10/28 20:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2014/10/28 20:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/10/28 20:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2014/10/28 20:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/10/28 20:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/10/28 20:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/10/28 20:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2014/10/28 19:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/10/28 19:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/10/28 19:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/02/06 15:36:02 | 000,226,112 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)
SRV:64bit: - [2012/09/21 03:01:39 | 000,111,104 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe -- (postgresql-x64-9.0)
SRV - [2016/01/28 18:47:15 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/01/20 08:04:12 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/01/08 10:47:10 | 001,433,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe -- (c2cautoupdatesvc)
SRV - [2016/01/08 10:44:00 | 001,773,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2015/12/14 10:43:10 | 006,889,232 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2015/10/05 04:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015/07/09 12:14:04 | 000,327,296 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2015/05/07 10:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/28 22:50:12 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfi g.dll -- (PrintNotify)
SRV - [2014/10/28 20:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/28 20:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/01/31 20:54:33 | 000,368,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/12 04:05:38 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/04/24 17:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/12/23 03:23:14 | 002,993,896 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\appdrv01.sys -- (appdrv01)
DRV:64bit: - [2015/10/11 01:34:30 | 000,468,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2015/10/09 10:43:40 | 000,071,648 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applewirelessmouse.sy s -- (applewirelessmouse)
DRV:64bit: - [2015/10/09 10:43:36 | 000,043,488 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)
DRV:64bit: - [2015/10/05 04:50:22 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 04:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2015/09/29 07:24:42 | 000,155,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2015/07/07 04:40:12 | 000,044,560 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2015/07/07 04:40:05 | 000,270,168 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2015/07/07 04:40:05 | 000,114,520 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2015/04/16 01:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2015/03/19 20:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2015/03/12 23:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2015/03/08 21:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2015/03/08 21:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2015/03/04 05:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2014/11/10 13:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/10/28 22:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/10/28 22:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/10/28 22:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/10/28 21:47:48 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2014/10/28 21:47:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
DRV:64bit: - [2014/10/28 21:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2014/10/28 21:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2014/10/28 21:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2014/10/28 21:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2014/10/28 21:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2014/10/15 03:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/10/12 21:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/10/12 21:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/10/07 01:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/10/07 01:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2014/08/14 19:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/13 07:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/02/22 10:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/02/22 07:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/02/06 15:36:08 | 000,016,672 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)
DRV:64bit: - [2014/02/06 15:36:06 | 000,072,992 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)
DRV:64bit: - [2014/02/06 15:36:06 | 000,023,328 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)
DRV:64bit: - [2014/02/06 15:36:06 | 000,018,208 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)
DRV:64bit: - [2014/01/31 20:54:31 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:64bit: - [2014/01/10 12:54:41 | 008,497,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL63a.SYS -- (BCM43XX)
DRV:64bit: - [2013/12/12 04:05:42 | 004,195,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/12/12 04:05:38 | 000,449,496 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013/12/04 13:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2013/12/04 13:18:38 | 001,793,664 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleCamera.sys -- (AppleCamera)
DRV:64bit: - [2013/10/25 20:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/10/17 17:41:31 | 000,039,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2013/10/17 17:41:31 | 000,027,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2013/10/17 11:24:15 | 000,056,720 | ---- | M] (Cirrus Logic Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CSLFD.sys -- (CirrusLFD)
DRV:64bit: - [2013/10/17 11:24:15 | 000,011,928 | ---- | M] (Cirrus Logic Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CSUFD.sys -- (CirrusUFD)
DRV:64bit: - [2013/10/05 10:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/09/14 09:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/06 12:35:16 | 000,039,424 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtp.sys -- (applemtp)
DRV:64bit: - [2013/09/06 12:35:16 | 000,012,288 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\applemtm.sys -- (applemtm)
DRV:64bit: - [2013/09/04 00:16:17 | 000,012,800 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppleSDR.sys -- (AppleSDR)
DRV:64bit: - [2013/08/22 14:11:19 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:64bit: - [2013/08/22 14:11:12 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2013/08/22 14:11:12 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2013/08/22 14:11:12 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2013/08/22 14:11:12 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 08:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 08:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 07:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 07:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 07:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 07:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 07:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 07:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 07:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 07:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 07:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 07:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 07:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 07:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 07:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 07:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 07:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 07:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 07:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 07:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 07:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 07:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 07:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 07:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 07:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 07:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 07:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 06:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 06:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 06:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 06:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 06:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 06:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 06:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 06:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 06:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 06:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 06:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 06:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 06:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 06:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 06:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 06:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 03:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 18:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 19:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 13:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 14:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2012/12/24 04:36:24 | 000,020,480 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleBtBc.sys -- (AppleBtBc)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ca/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 72 40 79 00 35 D1 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "MT"
FF - prefs.js..browser.search.region: "MT"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:44.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_ 286.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_ 286.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 44.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 44.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/02/26 17:19:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pauloneill86\AppData\Roaming\Mozilla\Exte nsions
[2016/01/19 13:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pauloneill86\AppData\Roaming\Mozilla\Fire fox\Profiles\h58s0tel.default\extensions
[2016/01/19 13:14:47 | 001,001,911 | ---- | M] () (No name found) -- C:\Users\pauloneill86\AppData\Roaming\Mozilla\Fire fox\Profiles\h58s0tel.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/02/01 06:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2016/01/28 18:47:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake\0.9_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\14.0_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.30_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap\1.1_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi\1.0_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\pauloneill86\AppData\Local\Google\Chrome\ User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\8.1_0\

O1 HOSTS File: ([2013/08/22 08:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKCU..\Run: [Dropbox Update] C:\Users\pauloneill86\AppData\Local\Dropbox\Update \DropboxUpdate.exe (Dropbox, Inc.)
O4 - HKCU..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - Startup: C:\Users\pauloneill86\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\pauloneill86\AppData\Roaming\Dropbox\bin\ Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{6F5C273D-3C62-42C8-8C11-925D25049AC2}: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{F6836B15-5D13-4867-8C42-A55D367B408F}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: lfsvc - C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:64bit: MsKeyboardFilter - C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation)


SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: BasicDisplay.sys - C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootMin:64bit: BasicRender.sys - C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootMin:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootMin:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootMin:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SafeBootMin:64bit: TBS - Service
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: TBS - Service
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootMin: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BasicDisplay.sys - C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
SafeBootNet:64bit: BasicRender.sys - C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: BrokerInfrastructure - C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SafeBootNet:64bit: EFS - C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: KeyIso - C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SafeBootNet:64bit: LSM - C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Netlogon - C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SafeBootNet:64bit: netprofm - C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdpencdd.sys - Driver
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: SmartcardSimulator - Driver
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SafeBootNet:64bit: TBS - Service
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: VaultSvc - C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: VirtualSmartcardReader - Driver
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: Wcmsvc - C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet:64bit: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpencdd.sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SmartcardSimulator - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TBS - Service
SafeBootNet: TDI - Driver Group
SafeBootNet: VirtualSmartcardReader - Driver
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {9DA2B80F-F89F-4A49-A5C2-511B085B9E8A} - Enhanced Storage Devices
SafeBootNet: {A0A588A4-C46F-4B37-B7EA-C82FE89870C6} - SDA Standard Compliant SD Host Controller
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {66C64F22-FC60-4E6C-A6B5-F0D580E680CE} - C:\Windows\System32\ie4uinit.exe -EnableTLS
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {78E345F7-E976-3595-9C30-2458D6A8EC32} - .NET Framework
ActiveX:64bit: {7D715857-A67C-4C2F-A929-038448584D63} - C:\Windows\System32\ie4uinit.exe -DisableSSL3
ActiveX:64bit: {81DCEDC9-DC5C-48AF-946A-45C09E8A33F0} - C:\Windows\system32\msiexec.exe /fu {FA2B2C2A-EA41-495A-9308-60726125D562} /qb+
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\Insta ller\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EC43E638-09F0-38CC-A585-72FCCDDF035C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Part 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2016/02/01 07:00:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
[2016/01/26 05:23:45 | 000,000,000 | ---D | C] -- C:\Users\pauloneill86\Desktop\Desktop
[2016/01/19 16:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Gyazo
[2016/01/13 04:19:35 | 006,051,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/01/13 04:19:33 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/01/13 04:19:32 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/01/13 04:19:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/01/13 04:19:31 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/01/13 04:19:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/01/13 04:19:31 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/01/13 04:19:31 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/01/13 04:18:44 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2016/01/13 04:18:44 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2016/01/13 04:18:43 | 002,745,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2016/01/13 04:18:43 | 002,528,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2016/01/13 04:18:43 | 002,334,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2016/01/13 04:18:43 | 002,324,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2016/01/13 04:18:43 | 001,877,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2016/01/13 04:18:43 | 001,484,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2016/01/13 04:18:43 | 001,288,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2016/01/13 04:18:43 | 001,210,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2016/01/13 04:18:43 | 001,115,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2016/01/13 04:18:42 | 002,450,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2016/01/13 04:18:42 | 002,447,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2016/01/13 04:18:42 | 001,697,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2016/01/13 04:18:42 | 001,037,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2016/01/13 04:18:42 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2016/01/13 04:18:42 | 000,887,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2016/01/13 04:18:42 | 000,850,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2016/01/13 04:18:42 | 000,735,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2016/01/13 04:18:42 | 000,700,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2016/01/13 04:18:42 | 000,584,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2016/01/13 04:18:42 | 000,498,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll
[2016/01/13 04:18:41 | 001,664,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2016/01/13 04:18:41 | 001,501,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2016/01/13 04:18:41 | 000,629,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2016/01/13 04:18:41 | 000,557,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2016/01/13 04:18:41 | 000,492,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2016/01/13 04:18:41 | 000,463,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2016/01/13 04:18:41 | 000,399,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll
[2016/01/13 04:18:41 | 000,299,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2016/01/13 04:18:41 | 000,250,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2016/01/13 04:18:41 | 000,248,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2016/01/13 04:18:41 | 000,246,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2016/01/13 04:18:41 | 000,203,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2016/01/13 04:18:41 | 000,099,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2016/01/13 04:18:40 | 001,150,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2016/01/13 04:18:40 | 000,914,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2016/01/13 04:18:40 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2016/01/13 04:18:40 | 000,275,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2016/01/13 04:18:40 | 000,274,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2016/01/13 04:18:40 | 000,244,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2016/01/13 04:18:40 | 000,229,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2016/01/13 04:18:40 | 000,184,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2016/01/13 04:18:40 | 000,183,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2016/01/13 04:18:40 | 000,116,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2016/01/13 04:18:40 | 000,110,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2016/01/13 04:18:40 | 000,090,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2016/01/13 04:18:40 | 000,090,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2016/01/13 04:18:40 | 000,081,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2016/01/13 04:18:40 | 000,076,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2016/01/13 04:18:39 | 001,411,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2016/01/13 04:18:39 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2016/01/13 04:18:39 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2016/01/13 04:18:39 | 000,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2016/01/13 04:18:39 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2016/01/13 04:18:39 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2016/01/13 04:18:39 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2016/01/13 04:18:39 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2016/01/13 04:18:39 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2016/01/13 04:18:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2016/01/13 04:18:37 | 001,380,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016/01/13 04:18:36 | 007,453,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/01/13 04:18:36 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/01/13 04:18:28 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/01/13 04:18:28 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/01/13 04:18:28 | 000,397,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2016/01/13 04:18:28 | 000,340,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2016/01/13 04:18:28 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/01/13 04:18:28 | 000,137,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/01/13 04:18:28 | 000,106,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2016/01/13 04:18:28 | 000,091,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2016/01/13 04:18:08 | 001,380,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/01/13 04:18:08 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/01/13 04:18:08 | 000,792,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/01/13 04:18:08 | 000,705,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/01/13 04:18:08 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/01/13 04:18:08 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2016/01/13 04:18:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/01/13 04:18:08 | 000,033,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016/01/13 04:17:42 | 000,685,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/01/07 07:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2016/02/01 07:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/02/01 07:00:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
[2016/02/01 06:52:36 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3921511036-2768514807-1178691701-1001UA.job
[2016/02/01 06:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/02/01 05:59:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/02/01 05:29:30 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/02/01 05:29:30 | 000,731,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/02/01 05:29:30 | 000,135,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/02/01 05:26:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/01/31 12:52:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3921511036-2768514807-1178691701-1001Core.job
[2016/01/30 07:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/29 17:29:07 | 000,013,886 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 29th.png
[2016/01/28 18:47:35 | 000,012,214 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 28th.png
[2016/01/27 18:48:59 | 000,010,518 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 27th.png
[2016/01/26 20:22:26 | 000,008,868 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 26th.png
[2016/01/25 19:11:57 | 000,007,400 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 25th.png
[2016/01/24 19:44:23 | 000,005,698 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 24th.png
[2016/01/23 19:54:50 | 000,003,989 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 23rd.png
[2016/01/23 16:39:51 | 000,066,950 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU BB.png
[2016/01/23 13:59:07 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2016/01/23 13:59:06 | 782,024,701 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/23 07:01:39 | 000,022,854 | ---- | M] () -- C:\Users\pauloneill86\Desktop\Reference questions (Elena Riazanova).odt
[2016/01/21 15:24:41 | 000,014,106 | ---- | M] () -- C:\Users\pauloneill86\Desktop\HU SB vs BB 15bb.odt
[2016/01/21 11:10:26 | 000,398,496 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB.zip
[2016/01/21 06:39:04 | 000,142,542 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU SB.png
[2016/01/21 06:02:27 | 000,033,341 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU SB exploit Reg BB.png
[2016/01/21 05:59:00 | 000,076,870 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU.png
[2016/01/18 05:26:49 | 000,013,359 | ---- | M] () -- C:\Users\pauloneill86\Desktop\Poker study.odt
[2016/01/13 04:55:26 | 000,015,697 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_06BB.bin
[2016/01/13 04:55:04 | 000,025,823 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_075BB.bi n
[2016/01/13 04:53:44 | 000,038,547 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_09BB.bin
[2016/01/13 04:53:18 | 000,049,381 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_11BB.bin
[2016/01/13 04:52:32 | 000,052,360 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_13BB.bin
[2016/01/13 04:52:04 | 000,052,936 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_16BB.bin
[2016/01/13 04:51:40 | 000,055,135 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_19BB.bin
[2016/01/13 04:51:14 | 000,059,359 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_23BB.bin
[2016/01/13 04:50:44 | 000,079,006 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_27BB.bin
[2016/01/08 08:03:58 | 000,001,191 | ---- | M] () -- C:\Users\pauloneill86\Desktop\PokerSnowie.lnk
[2016/01/05 15:04:40 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/01/05 15:04:40 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2016/01/29 17:29:07 | 000,013,886 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 29th.png
[2016/01/28 18:47:35 | 000,012,214 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 28th.png
[2016/01/27 18:48:59 | 000,010,518 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 27th.png
[2016/01/26 20:22:26 | 000,008,868 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 26th.png
[2016/01/25 19:11:56 | 000,007,400 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 25th.png
[2016/01/24 19:44:23 | 000,005,698 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 24th.png
[2016/01/23 19:54:50 | 000,003,989 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 23rd.png
[2016/01/23 07:01:38 | 000,022,854 | ---- | C] () -- C:\Users\pauloneill86\Desktop\Reference questions (Elena Riazanova).odt
[2016/01/21 11:10:05 | 000,398,496 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB.zip
[2016/01/21 10:55:17 | 000,079,006 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_27BB.bin
[2016/01/21 10:55:15 | 000,055,135 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_19BB.bin
[2016/01/21 10:55:15 | 000,052,936 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_16BB.bin
[2016/01/21 10:55:15 | 000,052,360 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_13BB.bin
[2016/01/21 10:55:15 | 000,049,381 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_11BB.bin
[2016/01/21 10:55:15 | 000,038,547 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_09BB.bin
[2016/01/21 10:55:15 | 000,025,823 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_075BB.bi n
[2016/01/21 10:55:15 | 000,015,697 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_06BB.bin
[2016/01/21 10:54:56 | 000,059,359 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_23BB.bin
[2016/01/21 07:03:17 | 000,066,950 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU BB.png
[2016/01/21 06:39:04 | 000,142,542 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU SB.png
[2016/01/21 06:02:26 | 000,033,341 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU SB exploit Reg BB.png
[2016/01/20 12:48:04 | 000,076,870 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU.png
[2016/01/17 19:45:09 | 000,013,359 | ---- | C] () -- C:\Users\pauloneill86\Desktop\Poker study.odt
[2016/01/08 08:03:58 | 000,001,191 | ---- | C] () -- C:\Users\pauloneill86\Desktop\PokerSnowie.lnk
[2016/01/03 10:41:52 | 000,014,106 | ---- | C] () -- C:\Users\pauloneill86\Desktop\HU SB vs BB 15bb.odt
[2015/09/10 10:31:55 | 000,012,644 | ---- | C] () -- C:\ProgramData\afcdjwcw.all
[2015/08/10 10:00:31 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2015/04/22 07:38:17 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015/04/22 07:37:06 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/03/29 17:50:52 | 054,634,392 | ---- | C] () -- C:\Users\pauloneill86\AppData\Local\TempFullTiltSe tup.exe
[2015/03/02 16:36:00 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2015/02/26 23:05:42 | 000,317,440 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2015/02/26 23:05:36 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2015/02/26 23:05:36 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2015/02/26 18:01:19 | 000,004,939 | ---- | C] () -- C:\ProgramData\flwjycbm.bab

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/26 21:43:09 | 022,372,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/26 21:42:51 | 019,795,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 20:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 19:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 20:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2016/02/01 07:00:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
[2015/08/13 21:32:32 | 000,910,536 | ---- | M] (Banished Ltd) -- C:\Users\pauloneill86\Desktop\SpinWiz.exe
[2015/02/27 12:02:58 | 000,268,800 | ---- | M] () -- C:\Users\pauloneill86\Desktop\SwongSim.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2016/01/28 18:47:15 | 000,282,568 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2016/01/28 18:47:15 | 000,146,888 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
[2016/01/28 18:47:15 | 000,155,976 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
[2016/01/28 18:47:14 | 000,278,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2016/01/28 18:47:14 | 000,171,464 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
[2016/01/28 18:47:14 | 000,300,488 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe
[2016/01/28 18:47:14 | 000,086,832 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
[2016/01/28 18:47:14 | 000,233,416 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
[2016/01/28 18:47:14 | 000,107,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2015/09/24 11:50:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2015/02/26 22:34:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2015/07/18 10:49:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon
[2015/03/02 06:40:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CoffeeCalcs - husng.com
[2015/12/20 10:48:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2015/03/29 20:39:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker
[2015/03/29 19:01:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker.Eu
[2015/08/24 08:21:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2016/01/19 16:21:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gyazo
[2015/02/26 22:35:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2015/02/26 22:36:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2015/12/11 17:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2015/07/09 22:47:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LAV Filters
[2015/11/21 07:27:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/01/16 09:50:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/08/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2016/01/28 18:47:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2016/01/28 18:47:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/04/26 16:50:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MPC-HC
[2015/04/27 03:41:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2015/03/02 06:58:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice 4
[2016/01/08 08:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerSnowie
[2015/11/14 10:52:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.EU
[2015/10/15 10:44:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.FR
[2015/03/05 13:58:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStrategy.com
[2016/01/25 18:09:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerTracker 4
[2015/03/18 09:56:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProPokerHUDs
[2015/02/26 22:35:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2015/04/27 03:41:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2016/02/01 06:02:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2015/12/21 06:04:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2015/02/26 22:35:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2015/08/12 17:55:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2013/08/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2013/08/22 10:36:30 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar
[2013/08/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WindowsPowerShell

< MD5 for: EXPLORER.EXE >
[2015/03/10 20:36:40 | 000,296,625 | ---- | M] () MD5=032FCFBE4C110C3C185D5A2C7127495F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd 898b4d6ef82e\explorer.exe
[2015/04/02 06:32:48 | 000,346,045 | ---- | M] () MD5=04070828E1AE13385991A06123A9F287 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfa a3b381ee81a0\explorer.exe
[2015/03/10 20:36:44 | 000,270,770 | ---- | M] () MD5=0A8F3AFA8E72812FB15A57CA4B9D9DB4 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5 f9614d8dbfa5\explorer.exe
[2015/04/28 20:58:00 | 000,087,190 | ---- | M] () MD5=1BF154F7BFAE2B9E0545FB09946C1817 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_42bf a1f94d79e1bb\explorer.exe
[2015/03/10 20:36:49 | 000,270,774 | ---- | M] () MD5=2195687491E604BA42961470EDA7660E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42ac ff334d876b54\explorer.exe
[2015/04/02 06:32:52 | 000,345,923 | ---- | M] () MD5=2C862CE86A0FA1E02E1518B5E20FC35E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02 a60381e74c58\explorer.exe
[2015/04/02 03:15:58 | 000,396,313 | ---- | M] () MD5=426AEABD8DD389A65A8EE92AB5936153 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272 ee6f4db391ad\explorer.exe
[2015/04/29 00:10:43 | 000,107,122 | ---- | M] () MD5=52063502D4A2E28FEBEA781D0EE5C453 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_4d14 4c4b81daa3b6\explorer.exe
[2015/03/10 20:36:47 | 000,271,249 | ---- | M] () MD5=667BC926C7CB889BF276A5FEA316CAEE -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42ad fbb14d868a5d\explorer.exe
[2015/04/02 06:32:38 | 000,353,455 | ---- | M] () MD5=82E88B451E1B2113EB6EE3EFB0A208AB -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4cc7 b16f8214372e\explorer.exe
[2015/01/27 18:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\SysWOW64\explorer.exe
[2015/01/27 18:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_4ce0 410f82015c67\explorer.exe
[2015/03/10 20:36:42 | 000,298,039 | ---- | M] () MD5=ADB95EFCBC505B5E64F25142628CAAE0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b 47d54d95b691\explorer.exe
[2015/01/27 18:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\explorer.exe
[2015/01/27 18:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_428b 96bd4da09a6c\explorer.exe
[2015/04/02 06:32:45 | 000,344,818 | ---- | M] () MD5=C90064856B7A90F7EEF367E47F0BD9D5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4cef f22781f6788c\explorer.exe
[2015/04/02 06:33:02 | 000,338,943 | ---- | M] () MD5=E4FD740C3316F1D1C8322471553466C7 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc7 98c1821453a8\explorer.exe
[2015/04/02 06:32:41 | 000,346,252 | ---- | M] () MD5=E7F88CCF2AC29DE7F85D7BC594408ADD -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d22 33dd81cfba29\explorer.exe
[2015/03/10 20:36:38 | 000,344,258 | ---- | M] () MD5=ED98CDFE7BBC5BD3ACEE947013F8EBAF -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4273 071d4db37533\explorer.exe
[2015/04/02 06:32:55 | 000,351,154 | ---- | M] () MD5=F45843BE025C6647AF1CA6CDA9830118 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01 a98581e82d4f\explorer.exe

< MD5 for: NETLOGON.DLL >
[2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\Windows\SysNative\netlogon.dll
[2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_eec2 b22a0bb75b53\netlogon.dll
[2015/04/02 09:10:19 | 000,058,552 | ---- | M] () MD5=35048C9600694C3BF01D644D1AAE62BE -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_f8ca c1a04051b0c6\netlogon.dll
[2015/04/28 23:49:55 | 000,125,384 | ---- | M] () MD5=45C2C2EA335BD7FF360C7F006B915766 -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_ee9e 39a60bd3552e\netlogon.dll
[2015/04/29 00:17:29 | 000,105,907 | ---- | M] () MD5=B25E2DE4078511EB1747FA0BDB6E4FC5 -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_f8f2 e3f840341729\netlogon.dll
[2014/10/28 20:02:34 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\SysWOW64\netlogon.dll
[2014/10/28 20:02:34 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_f917 5c7c40181d4e\netlogon.dll
[2015/03/10 21:02:54 | 000,108,975 | ---- | M] () MD5=D817ED82C2A0E1CED9B396826F52F7CB -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_ee76 174e0bf0eecb\netlogon.dll

< MD5 for: SERVICES.EXE >
[2015/04/28 23:48:29 | 000,099,046 | ---- | M] () MD5=6B5BDEEB170D0DA2C56753F0347809DD -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17084_none_2fd708 ffd09a6815\services.exe
[2015/03/10 21:00:18 | 000,082,895 | ---- | M] () MD5=892D1838D0C77D4734F7E21F064CD06C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd725 79d09a45e9\services.exe
[2015/05/21 17:42:17 | 000,073,764 | ---- | M] () MD5=AB48952896280CE4CF1048334F6463DC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17415_none_3023c0 55d060b271\services.exe
[2015/04/08 17:55:21 | 000,410,128 | ---- | M] (Microsoft Corporation) MD5=E0C7813A97CA7947FF5C18A8F3B61A45 -- C:\Windows\SysNative\services.exe
[2015/04/08 17:55:21 | 000,410,128 | ---- | M] (Microsoft Corporation) MD5=E0C7813A97CA7947FF5C18A8F3B61A45 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17794_none_2fcc46 5dd0a27017\services.exe

< MD5 for: SVCHOST.EXE >
[2015/04/29 00:32:14 | 000,007,517 | ---- | M] () MD5=73AA583D4FB0F05C313B38C091D94804 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1 e2820e75323\svchost.exe
[2015/04/28 23:50:03 | 000,007,559 | ---- | M] () MD5=CFE97816CBBEF783FD8634109F1877D2 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b 9abd944c459\svchost.exe
[2014/10/28 22:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\SysWOW64\svchost.exe
[2014/10/28 22:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_4aa7b 90420adbfab\svchost.exe
[2014/10/28 23:11:20 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\Windows\SysNative\svchost.exe
[2014/10/28 23:11:20 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_a6c65 487d90b30e1\svchost.exe
[2015/10/05 04:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: USERINIT.EXE >
[2015/04/28 23:54:31 | 000,002,671 | ---- | M] () MD5=061AC3BD7ADC5DCBA6AC0F23895266F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce7 1a20a5a6fe7f\userinit.exe
[2015/04/29 00:34:21 | 000,004,269 | ---- | M] () MD5=1AE98168631581DE1343C3A87A6CBCA9 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c8 7e9ced498d49\userinit.exe
[2014/10/28 20:28:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\Windows\SysNative\userinit.exe
[2014/10/28 20:28:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_cd33 b4fca56d6b07\userinit.exe
[2014/10/28 20:05:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\SysWOW64\userinit.exe
[2014/10/28 20:05:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_7115 1978ed0ff9d1\userinit.exe

< MD5 for: WINLOGON.EXE >
[2015/12/16 09:42:18 | 000,050,608 | ---- | M] () MD5=139F3E7820BF0640805DE98C32D07B92 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_60cd fbfda8aeeef1\winlogon.exe
[2015/10/05 13:25:35 | 000,572,928 | ---- | M] (Microsoft Corporation) MD5=3F8645885823692D93765817759BE21C -- C:\Windows\SysNative\winlogon.exe
[2015/10/05 13:25:35 | 000,572,928 | ---- | M] (Microsoft Corporation) MD5=3F8645885823692D93765817759BE21C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.18083_none_6080 2d95a8e9a4df\winlogon.exe
[2015/04/28 23:56:12 | 000,100,951 | ---- | M] () MD5=A176623494AF009927242266EF51DCFB -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b4 5365a8c2ccdb\winlogon.exe
[2015/04/02 03:59:14 | 000,089,459 | ---- | M] () MD5=E40DC8DF924E02F04F3620DBAC1ACE31 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_6081 6121a8e88269\winlogon.exe
[2015/10/05 04:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2015/11/08 16:15:55 | 000,718,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2015/11/08 16:15:55 | 000,718,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2015/11/08 16:15:55 | 000,718,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 83 bytes -> C:\Users\pauloneill86\Desktop\SwongSim.exe:com.dro pbox.attributes
@Alternate Data Stream - 164 bytes -> C:\Users\pauloneill86\Desktop\Visa statement.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\pauloneill86\Desktop\Letter.jpeg:3or4kl4 x13tuuug3Byamue2s4b

< End of report >

Part 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2016/02/01 07:00:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
[2016/01/26 05:23:45 | 000,000,000 | ---D | C] -- C:\Users\pauloneill86\Desktop\Desktop
[2016/01/19 16:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Gyazo
[2016/01/13 04:19:35 | 006,051,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2016/01/13 04:19:33 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2016/01/13 04:19:32 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2016/01/13 04:19:32 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2016/01/13 04:19:31 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2016/01/13 04:19:31 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2016/01/13 04:19:31 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2016/01/13 04:19:31 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2016/01/13 04:18:44 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2016/01/13 04:18:44 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2016/01/13 04:18:43 | 002,745,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2016/01/13 04:18:43 | 002,528,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2016/01/13 04:18:43 | 002,334,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfcore.dll
[2016/01/13 04:18:43 | 002,324,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfcore.dll
[2016/01/13 04:18:43 | 001,877,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2016/01/13 04:18:43 | 001,484,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2016/01/13 04:18:43 | 001,288,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetsrc.dll
[2016/01/13 04:18:43 | 001,210,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2016/01/13 04:18:43 | 001,115,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetsrc.dll
[2016/01/13 04:18:42 | 002,450,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2016/01/13 04:18:42 | 002,447,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2016/01/13 04:18:42 | 001,697,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2016/01/13 04:18:42 | 001,037,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2016/01/13 04:18:42 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2016/01/13 04:18:42 | 000,887,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2016/01/13 04:18:42 | 000,850,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfnetcore.dll
[2016/01/13 04:18:42 | 000,735,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2016/01/13 04:18:42 | 000,700,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfnetcore.dll
[2016/01/13 04:18:42 | 000,584,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2016/01/13 04:18:42 | 000,498,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfsvr.dll
[2016/01/13 04:18:41 | 001,664,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2016/01/13 04:18:41 | 001,501,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2016/01/13 04:18:41 | 000,629,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2016/01/13 04:18:41 | 000,557,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2016/01/13 04:18:41 | 000,492,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2016/01/13 04:18:41 | 000,463,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2016/01/13 04:18:41 | 000,399,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfsvr.dll
[2016/01/13 04:18:41 | 000,299,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2016/01/13 04:18:41 | 000,250,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2016/01/13 04:18:41 | 000,248,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2016/01/13 04:18:41 | 000,246,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2016/01/13 04:18:41 | 000,203,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2016/01/13 04:18:41 | 000,099,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2016/01/13 04:18:40 | 001,150,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2016/01/13 04:18:40 | 000,914,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2016/01/13 04:18:40 | 000,451,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2016/01/13 04:18:40 | 000,275,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2016/01/13 04:18:40 | 000,274,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2016/01/13 04:18:40 | 000,244,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2016/01/13 04:18:40 | 000,229,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2016/01/13 04:18:40 | 000,184,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2016/01/13 04:18:40 | 000,183,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2016/01/13 04:18:40 | 000,116,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2016/01/13 04:18:40 | 000,110,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2016/01/13 04:18:40 | 000,090,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2016/01/13 04:18:40 | 000,090,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2016/01/13 04:18:40 | 000,081,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2016/01/13 04:18:40 | 000,076,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2016/01/13 04:18:39 | 001,411,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2016/01/13 04:18:39 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2016/01/13 04:18:39 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2016/01/13 04:18:39 | 000,644,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2016/01/13 04:18:39 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2016/01/13 04:18:39 | 000,468,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2016/01/13 04:18:39 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2016/01/13 04:18:39 | 000,340,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2016/01/13 04:18:39 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2016/01/13 04:18:39 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2016/01/13 04:18:37 | 001,380,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2016/01/13 04:18:36 | 007,453,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2016/01/13 04:18:36 | 001,735,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2016/01/13 04:18:28 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2016/01/13 04:18:28 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2016/01/13 04:18:28 | 000,397,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2016/01/13 04:18:28 | 000,340,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2016/01/13 04:18:28 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2016/01/13 04:18:28 | 000,137,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2016/01/13 04:18:28 | 000,106,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncryptsslp.dll
[2016/01/13 04:18:28 | 000,091,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncryptsslp.dll
[2016/01/13 04:18:08 | 001,380,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2016/01/13 04:18:08 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2016/01/13 04:18:08 | 000,792,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2016/01/13 04:18:08 | 000,705,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2016/01/13 04:18:08 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2016/01/13 04:18:08 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll
[2016/01/13 04:18:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll
[2016/01/13 04:18:08 | 000,033,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe
[2016/01/13 04:17:42 | 000,685,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2016/01/07 07:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2016/02/01 07:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/02/01 07:00:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
[2016/02/01 06:52:36 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3921511036-2768514807-1178691701-1001UA.job
[2016/02/01 06:42:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/02/01 05:59:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/02/01 05:29:30 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/02/01 05:29:30 | 000,731,650 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/02/01 05:29:30 | 000,135,726 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/02/01 05:26:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/01/31 12:52:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3921511036-2768514807-1178691701-1001Core.job
[2016/01/30 07:42:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/01/29 17:29:07 | 000,013,886 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 29th.png
[2016/01/28 18:47:35 | 000,012,214 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 28th.png
[2016/01/27 18:48:59 | 000,010,518 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 27th.png
[2016/01/26 20:22:26 | 000,008,868 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 26th.png
[2016/01/25 19:11:57 | 000,007,400 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 25th.png
[2016/01/24 19:44:23 | 000,005,698 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 24th.png
[2016/01/23 19:54:50 | 000,003,989 | ---- | M] () -- C:\Users\pauloneill86\Desktop\January 23rd.png
[2016/01/23 16:39:51 | 000,066,950 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU BB.png
[2016/01/23 13:59:07 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2016/01/23 13:59:06 | 782,024,701 | -HS- | M] () -- C:\hiberfil.sys
[2016/01/23 07:01:39 | 000,022,854 | ---- | M] () -- C:\Users\pauloneill86\Desktop\Reference questions (Elena Riazanova).odt
[2016/01/21 15:24:41 | 000,014,106 | ---- | M] () -- C:\Users\pauloneill86\Desktop\HU SB vs BB 15bb.odt
[2016/01/21 11:10:26 | 000,398,496 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB.zip
[2016/01/21 06:39:04 | 000,142,542 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU SB.png
[2016/01/21 06:02:27 | 000,033,341 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU SB exploit Reg BB.png
[2016/01/21 05:59:00 | 000,076,870 | ---- | M] () -- C:\Users\pauloneill86\Desktop\18bb HU.png
[2016/01/18 05:26:49 | 000,013,359 | ---- | M] () -- C:\Users\pauloneill86\Desktop\Poker study.odt
[2016/01/13 04:55:26 | 000,015,697 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_06BB.bin
[2016/01/13 04:55:04 | 000,025,823 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_075BB.bi n
[2016/01/13 04:53:44 | 000,038,547 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_09BB.bin
[2016/01/13 04:53:18 | 000,049,381 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_11BB.bin
[2016/01/13 04:52:32 | 000,052,360 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_13BB.bin
[2016/01/13 04:52:04 | 000,052,936 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_16BB.bin
[2016/01/13 04:51:40 | 000,055,135 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_19BB.bin
[2016/01/13 04:51:14 | 000,059,359 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_23BB.bin
[2016/01/13 04:50:44 | 000,079,006 | ---- | M] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_27BB.bin
[2016/01/08 08:03:58 | 000,001,191 | ---- | M] () -- C:\Users\pauloneill86\Desktop\PokerSnowie.lnk
[2016/01/05 15:04:40 | 000,826,872 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016/01/05 15:04:40 | 000,176,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2016/01/29 17:29:07 | 000,013,886 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 29th.png
[2016/01/28 18:47:35 | 000,012,214 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 28th.png
[2016/01/27 18:48:59 | 000,010,518 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 27th.png
[2016/01/26 20:22:26 | 000,008,868 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 26th.png
[2016/01/25 19:11:56 | 000,007,400 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 25th.png
[2016/01/24 19:44:23 | 000,005,698 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 24th.png
[2016/01/23 19:54:50 | 000,003,989 | ---- | C] () -- C:\Users\pauloneill86\Desktop\January 23rd.png
[2016/01/23 07:01:38 | 000,022,854 | ---- | C] () -- C:\Users\pauloneill86\Desktop\Reference questions (Elena Riazanova).odt
[2016/01/21 11:10:05 | 000,398,496 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB.zip
[2016/01/21 10:55:17 | 000,079,006 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_27BB.bin
[2016/01/21 10:55:15 | 000,055,135 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_19BB.bin
[2016/01/21 10:55:15 | 000,052,936 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_16BB.bin
[2016/01/21 10:55:15 | 000,052,360 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_13BB.bin
[2016/01/21 10:55:15 | 000,049,381 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_11BB.bin
[2016/01/21 10:55:15 | 000,038,547 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_09BB.bin
[2016/01/21 10:55:15 | 000,025,823 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_075BB.bi n
[2016/01/21 10:55:15 | 000,015,697 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_06BB.bin
[2016/01/21 10:54:56 | 000,059,359 | ---- | C] () -- C:\Users\pauloneill86\Desktop\GTOv1_SBvBB_23BB.bin
[2016/01/21 07:03:17 | 000,066,950 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU BB.png
[2016/01/21 06:39:04 | 000,142,542 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU SB.png
[2016/01/21 06:02:26 | 000,033,341 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU SB exploit Reg BB.png
[2016/01/20 12:48:04 | 000,076,870 | ---- | C] () -- C:\Users\pauloneill86\Desktop\18bb HU.png
[2016/01/17 19:45:09 | 000,013,359 | ---- | C] () -- C:\Users\pauloneill86\Desktop\Poker study.odt
[2016/01/08 08:03:58 | 000,001,191 | ---- | C] () -- C:\Users\pauloneill86\Desktop\PokerSnowie.lnk
[2016/01/03 10:41:52 | 000,014,106 | ---- | C] () -- C:\Users\pauloneill86\Desktop\HU SB vs BB 15bb.odt
[2015/09/10 10:31:55 | 000,012,644 | ---- | C] () -- C:\ProgramData\afcdjwcw.all
[2015/08/10 10:00:31 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2015/04/22 07:38:17 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015/04/22 07:37:06 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/03/29 17:50:52 | 054,634,392 | ---- | C] () -- C:\Users\pauloneill86\AppData\Local\TempFullTiltSe tup.exe
[2015/03/02 16:36:00 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2015/02/26 23:05:42 | 000,317,440 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll
[2015/02/26 23:05:36 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2015/02/26 23:05:36 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2015/02/26 18:01:19 | 000,004,939 | ---- | C] () -- C:\ProgramData\flwjycbm.bab

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/08/26 21:43:09 | 022,372,152 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/08/26 21:42:51 | 019,795,904 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/28 20:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/28 19:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/28 20:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2016/02/01 07:00:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\pauloneill86\Desktop\OTL.exe
[2015/08/13 21:32:32 | 000,910,536 | ---- | M] (Banished Ltd) -- C:\Users\pauloneill86\Desktop\SpinWiz.exe
[2015/02/27 12:02:58 | 000,268,800 | ---- | M] () -- C:\Users\pauloneill86\Desktop\SwongSim.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2016/01/28 18:47:15 | 000,282,568 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2016/01/28 18:47:15 | 000,146,888 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
[2016/01/28 18:47:15 | 000,155,976 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
[2016/01/28 18:47:14 | 000,278,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2016/01/28 18:47:14 | 000,171,464 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
[2016/01/28 18:47:14 | 000,300,488 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe
[2016/01/28 18:47:14 | 000,086,832 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
[2016/01/28 18:47:14 | 000,233,416 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
[2016/01/28 18:47:14 | 000,107,976 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\wow_helper.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2015/09/24 11:50:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2015/02/26 22:34:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2015/07/18 10:49:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon
[2015/03/02 06:40:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CoffeeCalcs - husng.com
[2015/12/20 10:48:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2015/03/29 20:39:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker
[2015/03/29 19:01:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Tilt Poker.Eu
[2015/08/24 08:21:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2016/01/19 16:21:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Gyazo
[2015/02/26 22:35:13 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2015/02/26 22:36:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2015/12/11 17:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2015/07/09 22:47:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LAV Filters
[2015/11/21 07:27:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2016/01/16 09:50:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/08/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2016/01/28 18:47:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2016/01/28 18:47:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2015/04/26 16:50:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MPC-HC
[2015/04/27 03:41:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2015/03/02 06:58:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice 4
[2016/01/08 08:03:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerSnowie
[2015/11/14 10:52:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.EU
[2015/10/15 10:44:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.FR
[2015/03/05 13:58:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStrategy.com
[2016/01/25 18:09:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerTracker 4
[2015/03/18 09:56:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProPokerHUDs
[2015/02/26 22:35:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2015/04/27 03:41:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2016/02/01 06:02:21 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2015/12/21 06:04:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2015/02/26 22:35:19 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2015/08/12 17:55:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Multimedia Platform
[2013/08/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2015/04/27 03:41:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2013/08/22 10:36:30 | 000,000,000 | -HSD | M] -- C:\Program Files (x86)\Windows Sidebar
[2013/08/22 10:36:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WindowsPowerShell

< MD5 for: EXPLORER.EXE >
[2015/03/10 20:36:40 | 000,296,625 | ---- | M] () MD5=032FCFBE4C110C3C185D5A2C7127495F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_42cd 898b4d6ef82e\explorer.exe
[2015/04/02 06:32:48 | 000,346,045 | ---- | M] () MD5=04070828E1AE13385991A06123A9F287 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfa a3b381ee81a0\explorer.exe
[2015/03/10 20:36:44 | 000,270,770 | ---- | M] () MD5=0A8F3AFA8E72812FB15A57CA4B9D9DB4 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5 f9614d8dbfa5\explorer.exe
[2015/04/28 20:58:00 | 000,087,190 | ---- | M] () MD5=1BF154F7BFAE2B9E0545FB09946C1817 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_42bf a1f94d79e1bb\explorer.exe
[2015/03/10 20:36:49 | 000,270,774 | ---- | M] () MD5=2195687491E604BA42961470EDA7660E -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_42ac ff334d876b54\explorer.exe
[2015/04/02 06:32:52 | 000,345,923 | ---- | M] () MD5=2C862CE86A0FA1E02E1518B5E20FC35E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02 a60381e74c58\explorer.exe
[2015/04/02 03:15:58 | 000,396,313 | ---- | M] () MD5=426AEABD8DD389A65A8EE92AB5936153 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4272 ee6f4db391ad\explorer.exe
[2015/04/29 00:10:43 | 000,107,122 | ---- | M] () MD5=52063502D4A2E28FEBEA781D0EE5C453 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17415_none_4d14 4c4b81daa3b6\explorer.exe
[2015/03/10 20:36:47 | 000,271,249 | ---- | M] () MD5=667BC926C7CB889BF276A5FEA316CAEE -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42ad fbb14d868a5d\explorer.exe
[2015/04/02 06:32:38 | 000,353,455 | ---- | M] () MD5=82E88B451E1B2113EB6EE3EFB0A208AB -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4cc7 b16f8214372e\explorer.exe
[2015/01/27 18:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\SysWOW64\explorer.exe
[2015/01/27 18:41:17 | 002,207,488 | ---- | M] (Microsoft Corporation) MD5=91E24273FCA076EA9E65DAFA98901225 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_4ce0 410f82015c67\explorer.exe
[2015/03/10 20:36:42 | 000,298,039 | ---- | M] () MD5=ADB95EFCBC505B5E64F25142628CAAE0 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_429b 47d54d95b691\explorer.exe
[2015/01/27 18:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\explorer.exe
[2015/01/27 18:47:12 | 002,501,368 | ---- | M] (Microsoft Corporation) MD5=C10A66189DC8C090E7C84873EDCEBC88 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17667_none_428b 96bd4da09a6c\explorer.exe
[2015/04/02 06:32:45 | 000,344,818 | ---- | M] () MD5=C90064856B7A90F7EEF367E47F0BD9D5 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16441_none_4cef f22781f6788c\explorer.exe
[2015/04/02 06:33:02 | 000,338,943 | ---- | M] () MD5=E4FD740C3316F1D1C8322471553466C7 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17284_none_4cc7 98c1821453a8\explorer.exe
[2015/04/02 06:32:41 | 000,346,252 | ---- | M] () MD5=E7F88CCF2AC29DE7F85D7BC594408ADD -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16408_none_4d22 33dd81cfba29\explorer.exe
[2015/03/10 20:36:38 | 000,344,258 | ---- | M] () MD5=ED98CDFE7BBC5BD3ACEE947013F8EBAF -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.16384_none_4273 071d4db37533\explorer.exe
[2015/04/02 06:32:55 | 000,351,154 | ---- | M] () MD5=F45843BE025C6647AF1CA6CDA9830118 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17238_none_4d01 a98581e82d4f\explorer.exe

< MD5 for: NETLOGON.DLL >
[2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\Windows\SysNative\netlogon.dll
[2014/10/28 20:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) MD5=02D117FC638B768BD1A15F8000B83EAE -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_eec2 b22a0bb75b53\netlogon.dll
[2015/04/02 09:10:19 | 000,058,552 | ---- | M] () MD5=35048C9600694C3BF01D644D1AAE62BE -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_f8ca c1a04051b0c6\netlogon.dll
[2015/04/28 23:49:55 | 000,125,384 | ---- | M] () MD5=45C2C2EA335BD7FF360C7F006B915766 -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_ee9e 39a60bd3552e\netlogon.dll
[2015/04/29 00:17:29 | 000,105,907 | ---- | M] () MD5=B25E2DE4078511EB1747FA0BDB6E4FC5 -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17041_none_f8f2 e3f840341729\netlogon.dll
[2014/10/28 20:02:34 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\SysWOW64\netlogon.dll
[2014/10/28 20:02:34 | 000,695,296 | ---- | M] (Microsoft Corporation) MD5=CCEC6CB98A00ECE7F5AFB9C0FC9427B3 -- C:\Windows\WinSxS\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.17415_none_f917 5c7c40181d4e\netlogon.dll
[2015/03/10 21:02:54 | 000,108,975 | ---- | M] () MD5=D817ED82C2A0E1CED9B396826F52F7CB -- C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.3.9600.16384_none_ee76 174e0bf0eecb\netlogon.dll

< MD5 for: SERVICES.EXE >
[2015/04/28 23:48:29 | 000,099,046 | ---- | M] () MD5=6B5BDEEB170D0DA2C56753F0347809DD -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17084_none_2fd708 ffd09a6815\services.exe
[2015/03/10 21:00:18 | 000,082,895 | ---- | M] () MD5=892D1838D0C77D4734F7E21F064CD06C -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.16384_none_2fd725 79d09a45e9\services.exe
[2015/05/21 17:42:17 | 000,073,764 | ---- | M] () MD5=AB48952896280CE4CF1048334F6463DC -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17415_none_3023c0 55d060b271\services.exe
[2015/04/08 17:55:21 | 000,410,128 | ---- | M] (Microsoft Corporation) MD5=E0C7813A97CA7947FF5C18A8F3B61A45 -- C:\Windows\SysNative\services.exe
[2015/04/08 17:55:21 | 000,410,128 | ---- | M] (Microsoft Corporation) MD5=E0C7813A97CA7947FF5C18A8F3B61A45 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.3.9600.17794_none_2fcc46 5dd0a27017\services.exe

< MD5 for: SVCHOST.EXE >
[2015/04/29 00:32:14 | 000,007,517 | ---- | M] () MD5=73AA583D4FB0F05C313B38C091D94804 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_4a5b1 e2820e75323\svchost.exe
[2015/04/28 23:50:03 | 000,007,559 | ---- | M] () MD5=CFE97816CBBEF783FD8634109F1877D2 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.16384_none_a679b 9abd944c459\svchost.exe
[2014/10/28 22:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\SysWOW64\svchost.exe
[2014/10/28 22:17:51 | 000,033,088 | ---- | M] (Microsoft Corporation) MD5=D0ABC231C0B3E88C6B612B28ABBF734D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_4aa7b 90420adbfab\svchost.exe
[2014/10/28 23:11:20 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\Windows\SysNative\svchost.exe
[2014/10/28 23:11:20 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=E3A2AD05E24105B35E986CF9CB38EC47 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.3.9600.17415_none_a6c65 487d90b30e1\svchost.exe
[2015/10/05 04:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: USERINIT.EXE >
[2015/04/28 23:54:31 | 000,002,671 | ---- | M] () MD5=061AC3BD7ADC5DCBA6AC0F23895266F8 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_cce7 1a20a5a6fe7f\userinit.exe
[2015/04/29 00:34:21 | 000,004,269 | ---- | M] () MD5=1AE98168631581DE1343C3A87A6CBCA9 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.16384_none_70c8 7e9ced498d49\userinit.exe
[2014/10/28 20:28:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\Windows\SysNative\userinit.exe
[2014/10/28 20:28:08 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=5C131534A3EA4A461A793FB507A8004F -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_cd33 b4fca56d6b07\userinit.exe
[2014/10/28 20:05:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\SysWOW64\userinit.exe
[2014/10/28 20:05:25 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=D10643FC0095434C819316CA6CD748C0 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.3.9600.17415_none_7115 1978ed0ff9d1\userinit.exe

< MD5 for: WINLOGON.EXE >
[2015/12/16 09:42:18 | 000,050,608 | ---- | M] () MD5=139F3E7820BF0640805DE98C32D07B92 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17415_none_60cd fbfda8aeeef1\winlogon.exe
[2015/10/05 13:25:35 | 000,572,928 | ---- | M] (Microsoft Corporation) MD5=3F8645885823692D93765817759BE21C -- C:\Windows\SysNative\winlogon.exe
[2015/10/05 13:25:35 | 000,572,928 | ---- | M] (Microsoft Corporation) MD5=3F8645885823692D93765817759BE21C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.18083_none_6080 2d95a8e9a4df\winlogon.exe
[2015/04/28 23:56:12 | 000,100,951 | ---- | M] () MD5=A176623494AF009927242266EF51DCFB -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.17031_none_60b4 5365a8c2ccdb\winlogon.exe
[2015/04/02 03:59:14 | 000,089,459 | ---- | M] () MD5=E40DC8DF924E02F04F3620DBAC1ACE31 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.3.9600.16384_none_6081 6121a8e88269\winlogon.exe
[2015/10/05 04:48:32 | 000,893,752 | ---- | M] (MalwareBytes) MD5=E9A75E4B409A01E52055CE7CCA7FF925 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2016/01/28 18:47:14 | 000,887,112 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2016/01/28 18:47:15 | 000,393,672 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2016/01/27 12:39:48 | 000,748,872 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2015/11/08 16:15:55 | 000,718,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2015/11/08 16:15:55 | 000,718,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2015/11/08 16:15:55 | 000,718,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinter net\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2015/11/11 16:14:36 | 000,814,256 | ---- | M] (Microsoft Corporation)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 83 bytes -> C:\Users\pauloneill86\Desktop\SwongSim.exe:com.dro pbox.attributes
@Alternate Data Stream - 164 bytes -> C:\Users\pauloneill86\Desktop\Visa statement.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\pauloneill86\Desktop\Letter.jpeg:3or4kl4 x13tuuug3Byamue2s4b

< End of report >

Extras.txt report

OTL Extras logfile created on: 2/1/2016 7:04:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\pauloneill86\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18161)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.91 Gb Total Physical Memory | 12.37 Gb Available Physical Memory | 77.77% Memory free
20.41 Gb Paging File | 13.37 Gb Available in Paging File | 65.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 140.42 Gb Total Space | 34.07 Gb Free Space | 24.26% Space Free | Partition Type: NTFS

Computer Name: PAUL | User Name: pauloneill86 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{059E7838-883C-4838-A4D6-9EF9162070DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{0B97C103-2EE3-4FA3-8F1E-D7F062A24C1C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{163727EB-F186-4ED7-843A-5D580F77E938}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B5EE4B2-7A96-4746-9CA2-C7F629B94FF6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CCF9CFF-CBA1-41E6-AD11-727AB0F4C184}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2CE506B5-1179-4CA8-A5C5-9FF3D8369C9B}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B360DC0-0BC1-4159-9E3B-2CE1E541F658}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{43B759D6-29F8-4BD8-AB6A-A202922FBB3D}" = lport=137 | protocol=17 | dir=in | app=system |
"{4AA955DC-433B-4751-85A9-99FEE8DBAB5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{53C1D495-B127-485B-B7DA-C6E5BA7E7506}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{53EEE2EC-FAF7-419E-B9BF-334DE9CD6B1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{5B62A342-B1C9-4956-BF27-2BE35F5F3AA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{741EEC78-4FEA-49CD-9275-F18D82247C78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77FC87B7-A0D0-46A6-82D2-FF309F4A88C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{7AC388F4-C842-4857-8611-7AA3C0795C75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8EB8F968-A319-49AD-9E3C-26786B2E885E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{90EC87BD-02B3-4C65-8DA8-12D0445D4626}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A027F0D-0347-438A-A838-0C8ACE1D83A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6318A63-CD86-4D9A-B899-D8BC53FBD0F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD81BF44-9EAF-41EB-9FA3-D41434111B0B}" = rport=139 | protocol=6 | dir=out | app=system |
"{C8E81909-E995-4113-B73A-C287932DFFCF}" = rport=137 | protocol=17 | dir=out | app=system |
"{E2D33EC8-BDD5-485C-8CCA-13B93CC7C931}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E48882C0-C397-4096-8036-2C5C3327A893}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FBDA4BF3-2272-4E0D-BBE4-5154B05D66F4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{18A466F7-AF13-43BB-B5DF-07EF9414D4D5}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb 3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{1BFDCD43-513C-4955-A7BD-58E2280E67A2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1E0EA2EE-8E1F-4788-B5F4-28D7D4172249}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20947 _x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{1E8CAFB4-0693-4C3B-A49E-1F42FEC6310A}" = dir=out | name=@{microsoft.zunevideo_2.6.446.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2C3417B6-C3AF-423E-A843-CE1535594113}" = protocol=6 | dir=in | app=c:\users\pauloneill86\appdata\roaming\utorrent \utorrent.exe |
"{32143385-CC02-4A13-BF18-C40FEE70253A}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3 d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{331DEFC0-1E0D-414F-A284-EBEE491AF304}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.96 00.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3B66D146-B966-4329-BD42-E3FFB18810B9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{455F7A41-6D15-4B6A-82F6-6F52BEC7D662}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49BB7973-4ACB-4E45-808A-B3B155877B45}" = dir=out | name=skype |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{55895E0D-E979-40F3-99CE-06061DA3DE30}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{5B6DE473-2BFC-4186-B7B4-40DE76EF4027}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5E5561CD-FE57-421F-BBF0-4FD5AF295A44}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8weky b3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{5F91FD0D-DC0C-4F0C-AE3A-75C72ABF8B26}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{603275E8-7740-4BCA-A33E-66A69C9BD5C5}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{6EEF1EC5-D866-4B25-ABF8-8726AA3B62D4}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{7329C756-2DC5-4EB6-BFFD-B6CFD1D292DF}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20947 _x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{750DD851-198E-4D74-ABD3-2B0D1953305C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{76D2D6D5-7C7C-4394-A723-07282C3A1A31}" = protocol=17 | dir=in | app=c:\users\pauloneill86\appdata\roaming\utorrent \utorrent.exe |
"{77796BD1-8A95-4E4A-A9CC-C1AD5621F462}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8390F5B8-9292-4C8E-B281-B45776373264}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8 bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{83A4C3FB-EC1D-4A5A-8D36-4619F4B96AB9}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{849038E7-DCBB-4217-8997-21FD4AC68B07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8741DF07-5691-4723-9CB3-CC557993E3CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8A7BB873-D59E-41FC-AD21-CC5FBE357FF4}" = dir=in | name=skype |
"{941C1DE3-2D5D-4564-9698-A2771DFF912A}" = protocol=6 | dir=out | app=system |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A3BB3288-7302-4757-B4F3-AEB146057A56}" = dir=out | name=@{microsoft.bingweather_3.0.4.337_x64__8wekyb 3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{A75C3047-FFF6-4A1D-80E5-6CEBCBB6CAFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF47EE36-4DAD-4730-AD94-66CD813BD1EC}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d 8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{B0A478B4-C3B3-4AD9-9557-527E0DB06896}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B1368175-3A4B-475F-AA3C-E6BBEBE7A111}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B16D68C9-0FC8-4283-959C-B3B6C8352B01}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3 d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{B787DD31-FD1D-4866-B48A-0D264836DFFC}" = protocol=6 | dir=in | app=c:\users\pauloneill86\appdata\roaming\dropbox\ bin\dropbox.exe |
"{BD17FFA7-1A49-4C28-8401-C33E0C33F56D}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wek yb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{C300B455-39F4-41C4-9B56-7E7C16E8C5CA}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{CA6F9F8C-88A2-4231-B9FC-908B97BC002C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEE4D7B8-5E7C-42B4-94CD-61DC4F57559D}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.96 00.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D0A75349-6324-4C15-BA15-011944D8E488}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{DA555B94-E7BD-421B-8CE6-BADA6A70D07B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{E1341560-FA5F-4DB7-B1B9-E797089928FC}" = protocol=17 | dir=in | app=c:\users\pauloneill86\appdata\roaming\dropbox\ bin\dropbox.exe |
"{E1A3F9AD-D6D0-4C14-97A1-7D73B5A8FC24}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E5CFE4F2-D5DD-4F7B-880C-CA2ABEB11DEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBEF591B-BE76-4830-9790-806D803BE8A6}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x6 4__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{EC64C270-B8F4-4C14-B241-105192C7760D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F283FD00-5C3C-45A9-839A-F6D9195D7251}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8 wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{F4C5F8F1-5F20-4254-B8C1-CDE1A9EB7A65}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer_service.exe |
"{F51C77A6-5202-444D-A96D-510F9EB59C5E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F64B2929-0DCD-41BA-9ABB-0553CDEE55DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"TCP Query User{3E624A61-F9A5-407F-A6B1-8BCAE791E9FC}C:\program files (x86)\teamviewer\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"TCP Query User{C05903BA-419A-4931-A498-3E0BAB4ADD63}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{C4E77B6E-92D5-4553-9CA1-D422542B8500}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{F4C5BED9-5859-46A9-BF51-AB337E2AC563}C:\users\pauloneill86\appdata\roaming \dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\pauloneill86\appdata\roaming\dropbox\ bin\dropbox.exe |
"UDP Query User{14A68A72-CC05-47DD-A3CA-60E323165E88}C:\users\pauloneill86\appdata\roaming \dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\pauloneill86\appdata\roaming\dropbox\ bin\dropbox.exe |
"UDP Query User{27C79448-8F57-48ED-B893-2CAA99BC66D8}C:\program files (x86)\teamviewer\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\teamviewer.exe |
"UDP Query User{852B78AF-6123-4EA1-8761-B4868CEC9EE2}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{A94463EA-11D9-4021-89C9-4DCDBC25CD4C}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX530_series" = Canon MX530 series MP Drivers
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B9C64CFB-EBF4-41F4-8337-52CCE9A50CD1}" = CardRunnersEV3
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{FA2B2C2A-EA41-495A-9308-60726125D562}" = Boot Camp Services
"159439476E3A00F9FAE49DD6C1A78F2F6288A5B9" = Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0)
"1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC" = Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0)
"1FCF3C93707C46D648F0B00E216A55E96DEB5A17" = Windows Driver Package - Apple Inc. (AppleCamera) Image (11/21/2013 5.0.22.0)
"203795FBE6DF8F5E5F7AFFD457E83797A053787C" = Windows Driver Package - AMD (amdkmafd) System (09/22/2012 9.002.0.0000)
"277F15E06E6EEB458048F41BCB8FB843B3241E95" = Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0)
"3D6DDDCF8961C8C866F6660579A59B5B6CFA281F" = Windows Driver Package - Broadcom (BCM43XX) Net (11/13/2012 5.106.199.1)
"551732BB0872DA97E26385C221B172A5BD4DE93C" = Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0)
"57AFA39B22ADEC4E383572E9331167546EB3C9C7" = Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)
"59EE3461B77229A4F846543766A6EFF2F2BAFC6B" = Windows Driver Package - Broadcom (BCM43XX) Net (12/13/2013 6.30.223.215)
"5BEF08C10896D86DC13394FFA75874564B700368" = Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)
"65D516D0236CD0C531E12B8B4E59E2846D59DD30" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (08/31/2015 6.0.6200.0)
"742CB1BDA52EA9F1BBE482DA6DAA17944652B476" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0)
"75E64992A03EC5E73D33586790CC506561DCC5DB" = Windows Driver Package - Broadcom (b57nd60a) Net (09/04/2012 15.4.0.17)
"880957E47EAAFD2D2B2977D3192A8E52A777838A" = Windows Driver Package - Apple Inc. Apple Keyboard (09/04/2015 6.0.6200.0)
"90F53401DD01030A1D7DFAF3F0F77D3C2BD08B9A" = Windows Driver Package - Apple Inc. Apple Multi-Touch Pro (09/08/2015 6.0.6200.0)
"969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (02/19/2013 6.6001.1.40)
"9EBC96DD99F2C854D540FBF6A16A557BADDBC228" = Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA (10/03/2013 6.6001.3.13)
"ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA" = Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0)
"ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D" = Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (08/14/2012 1.0.0.243)
"CB599752301BCA080D135697FDD05900F5A5CF4C" = Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)
"D088EE4BD2819FBA2B349EF9D55176F223419BE6" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)
"D323E2C0C5E4948B07EE346CF62161281B0A8578" = Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1)
"D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C" = Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)
"EA3C044F6FD39CEC8F4F596836BF4197E97E1D39" = Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)
"F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)
"F71DB41300D30088C8D3716343D1429488E605C1" = Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)
"FC2077892425ED71A137B1CB6D99A9CA7475435D" = Windows Driver Package - Broadcom (B57ports) Net (06/16/2009 1.0.0.1)
"PostgreSQL 9.0" = PostgreSQL 9.0
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.21 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{127BEFB3-24B2-4B44-8E99-AD22C2A5A8ED}" = Full Tilt Poker.Eu
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.7.8
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{6D8C1DB1-A7B8-43E7-906B-D71520CF8208}_is1" = SimplePostflop version 1.06
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 3.2.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D09F48-CDAB-4B4C-8806-F6C16F17935A}" = PokerStrategy.com Equilab
"{9395F41D-0F80-432E-9A59-B8E477E7E163}" = OpenOffice 4.1.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-0804-1033-1959-001824166751}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.18
"Adobe Flash Player NPAPI" = Adobe Flash Player 20 NPAPI
"Google Chrome" = Google Chrome
"lavfilters_is1" = LAV Filters 0.65
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.2.0.1024
"Mozilla Firefox 44.0 (x86 en-US)" = Mozilla Firefox 44.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PokerSnowie_is1" = PokerSnowie
"PokerStars.eu" = PokerStars.eu
"PokerStars.fr" = PokerStars.fr
"PokerTracker4" = PokerTracker 4 (remove only)
"TeamViewer" = TeamViewer 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"2708240952.www.icmpoker.com" = ICMIZER 2
"3123295097.www.icmpoker.com" = ICMIZER
"CoffeeCalcs" = CoffeeCalcs
"Dropbox" = Dropbox
"EasyStreet" = EasyStreet

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

Error - 9/6/2015 2:32:25 PM | Computer Name = Paul | Source = PostgreSQL | ID = 0
Description = could not write to log file: No space left on device

[ System Events ]
Error - 1/29/2016 6:55:49 PM | Computer Name = Paul | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 1/29/2016 6:55:55 PM | Computer Name = Paul | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport Broadcom 802.11ac Network Adapter, {F6836B15-5D13-4867-8C42-A55D367B408F},
had event 74

Error - 1/29/2016 7:16:27 PM | Computer Name = Paul | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 1/30/2016 7:49:15 AM | Computer Name = Paul | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport Broadcom 802.11ac Network Adapter #2, {6F5C273D-3C62-42C8-8C11-925D25049AC2},
had event 74

Error - 1/30/2016 7:44:46 PM | Computer Name = Paul | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 1/31/2016 9:06:51 AM | Computer Name = Paul | Source = Microsoft-Windows-NDIS | ID = 10317
Description = Miniport Broadcom 802.11ac Network Adapter, {F6836B15-5D13-4867-8C42-A55D367B408F},
had event 74

Error - 1/31/2016 11:46:51 AM | Computer Name = Paul | Source = DCOM | ID = 10010
Description =

Error - 1/31/2016 6:25:54 PM | Computer Name = Paul | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 1/31/2016 8:25:53 PM | Computer Name = Paul | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =

Error - 2/1/2016 7:02:19 AM | Computer Name = Paul | Source = Service Control Manager | ID = 7023
Description = The Interactive Services Detection service terminated with the following
error: %%1


< End of report >

Your computer looks mightily clean to me

Can you run an online scanner like ESET ?
Note that this scan takes a LOOOONG time

For sure will do, ran Malwarebytes anti-malware and it came up clean so hopefully shows the same.

Thanks for the response! Huge weight off my shoulders

After running ESET is there anything you recommend I should do to further minimize the risk of something bad happening?

For example use another computer to change my poker site/email passwords? Change some settings on my skype/desktop somewhere or try to find the virus in programs running and delete it?

I think your password got guessed/bruteforced/phished in some way
Change it and see if it happens again

use your brains when browsing - this is your best defense vs malware

Re-scanned with Malwarebytes Anti-Malware and it found 25 threats. I quarantined then deleted them. Will run ESET now and see what it says. Should I be worried? Here is the log from Malwarebytes:


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/1/2016
Scan Time: 12:38 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.01.04
Rootkit Database: v2016.01.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: pauloneill86

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 384144
Time Elapsed: 4 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{47A1D F02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{47A1D F02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\TYPELIB\{1112F282-7099-4624-A439-DB29D6551552}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\INTERFACE\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FA7B2 795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{FA7B2 795-C0C8-4A58-8672-3F8D80CC0270}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1112F28 2-7099-4624-A439-DB29D6551552}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{1112F28 2-7099-4624-A439-DB29D6551552}, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK.1, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\OCComSDK.ComSDK, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\WOW6432NODE\CLASSES\OCComSDK.ComSDK. 1, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\OCComSDK.ComSDK. 1, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}, Quarantined, [5533c596970253e36ffa3dfdfd056898],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.OpenCandy, C:\Users\pauloneill86\AppData\Local\Temp\HYD2348.t mp.1454326981\HTA\install.1454326981.zip, Quarantined, [0484e675a6f300369ccdd5658a785ba5],
PUP.Optional.OpenCandy, C:\Users\pauloneill86\AppData\Local\Temp\HYD2348.t mp.1454326981\HTA\3rdparty\OCComSDK.dll, Quarantined, [5533c596970253e36ffa3dfdfd056898],
PUP.Optional.OpenCandy, C:\Users\pauloneill86\AppData\Local\Temp\HYD2348.t mp.1454326981\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [ef992635a0f936008d7fde07e71d1fe1],
PUP.Optional.OpenCandy, C:\Users\pauloneill86\AppData\Local\Temp\HYDED06.t mp.1454326967\HTA\install.1454326967.zip, Quarantined, [85032a31f8a144f283e6a397ff038977],
PUP.Optional.OpenCandy, C:\Users\pauloneill86\AppData\Local\Temp\HYDED06.t mp.1454326967\HTA\3rdparty\OCComSDK.dll, Quarantined, [088067f415849a9cd6934cee4bb7b050],
PUP.Optional.OpenCandy, C:\Users\pauloneill86\AppData\Local\Temp\HYDED06.t mp.1454326967\HTA\3rdparty\OCSetupHlp.dll, Quarantined, [8206aead22770c2a4ebeda0b61a3b947],

Physical Sectors: 0
(No malicious items detected)


(end)

The ESET scan found some things as well, this was after I quarantined and deleted the files found by Malwarebytes...

C:\Users\pauloneill86\AppData\Local\Microsoft\Wind ows\INetCache\IE\CDA4CM5E\eab380b4b201713263c3[1].htm HTML/Iframe.B trojan deleted
C:\Users\pauloneill86\AppData\Local\Microsoft\Wind ows\INetCache\IE\OLGWPC0G\41ee15e4c9f2e935a867a2ba 8e[1].htm HTML/Iframe.B trojan deleted
C:\Users\pauloneill86\AppData\Local\Microsoft\Wind ows\INetCache\IE\SPBJHP4R\1bd3163bea62be59384f3501 9abf82eb[1].htm HTML/Iframe.B trojan deleted
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.2.1\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.2.5\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.2.6\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.2.8\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.3.0\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.3.1\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.3.2\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting
C:\Users\pauloneill86\Downloads\SpinWiz-2.0.3.3\SpinWiz.exe a variant of MSIL/Packed.Confuser.J suspicious application cleaned by deleting

you are a spin n go grinder ^^

The only things that I found from your posts, OP, are that your name is Paul Oneill, and that you are 19 years old.

Goddammit what gave it away??

Yes I'm a spins grinder, obvs not too concerned about the SpinWiz alert but should I be worried about the trojan after deleting it? Is there something else I should be doing to truly make sure there is no more threat from it?

That virus was a 'downloader' - a very old but still common virus. It would have been hidden inside a (most likely) genuine webpage that you visited. Its only purpose is to download other malware.

Because this virus is so well known and still so prevalent the websites it tries to connect to, to download other malware, are taken down pretty quickly making it pretty worthless. More so now it is deleted.

Not really much you can do to avoid this type of thing except practice good internet safety and run regular scans of your computer.

19? Not 29?

No. He's 19 trying to make himself appear to be 29.