WiredWX Hobby Weather ToolsLog in

 


[INACTIVE] EXTREMELY slow computer with terrible startup

3 posters

description[INACTIVE] EXTREMELY slow computer with terrible startup Empty[INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
Hi Hi, I hope I posted in the right section for this.
For about a month now I've been dealing with a sluggish computer and just recently it stopped loading up on me. It takes too long to click on my account, type the password, and log in. Once it actually does it just stays on black.
I'm currently running on Safe Mode with Networking, seems to be working fine after loading up. My only worry is that it's not a virus causing this, but possibly hardware issues?

Any help is appreciated!

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
Hello there,

Please read this topic and post logs in your next reply: http://www.geekpolice.net/t3821-read-this-before-posting

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
@omicron_persei8 - Do you still need help with this? You have not replied for 3 days, so we want to ensure you still need help.

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
Yes sorry, holiday madness. I've been running FarBar since the first day I posted but the program has been running slow and has frozen up on many twice. It seems to be running fine right now.
I don't actually see the progress bar moving. And it'll say (Not Responding) whenever I try to click the window. I've spent the whole day trying to upload a screen shot and upload it here.

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
Okay, let's try something easier...

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mbam-setup-2.0.0.****.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.


  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.





Please download Malwarebytes' AdwCleaner onto your Desktop.

  • Double click on AdwCleaner_xxxx.exe to run the tool.
  • Click on Scan.
  • After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
  • You can find the logfile at C:\AdwCleaner[Sx].txt as well.





Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.

  • Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.


Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.




In your next reply, please post the following logs:
  • Malwarebytes' Anti-Malware Log
  • AdwCleaner log
  • Junkware Removal Tool log

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
Haven't had access to a better running device to post this, FarBar actually finished after we last interacted, here's the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by user (administrator) on USER-HP (27-11-2016 21:51:29)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user & Danilo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
( ) C:\Windows\System32\lxblcoms.exe
( ) C:\Windows\System32\lxeecoms.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Chicony) C:\Program Files (x86)\Camera Assistant Software for ViewSonic\traybar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
() C:\Program Files (x86)\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Camera Assistant Software for ViewSonic\traybar.exe [774144 2007-08-20] (Chicony)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [AceStream] => C:\Users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-03] (AVAST Software)
Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-07-12]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-07-03]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8D5C3D27-403F-45C6-A3FF-D29F3ACBE4C2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8D08E84-D6B4-4B9B-8D1E-C8A47B5D033C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
www.google.com
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.msn.com/
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
g.msn.com/HPDSK/1
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {866B19C7-65C3-4340-A244-92A88B9FBFC3} URL = hxxp://
www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://
rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://
www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://
rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://
www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://
www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://
rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-18] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF DefaultProfile: fcpzgi7g.default-1395282151623
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 [2016-11-27]
FF NewTab: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> about:home
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF Homepage: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> about:home
FF Extension: (Quick Translator) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2015-05-31]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Greasemonkey) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\searchplugins\google-lavasoft.xml [2016-03-12]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-17] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-11-17] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-11-17] [not signed]
FF HKLM\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-01-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-04-29] ()
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @acestream.net/acestreamplugin,version=3.1.9 -> C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-11-16]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-13]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-05]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-05]
CHR Extension: (Ace Stream Web Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation) [File not signed]
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2011-07-04] (AMD) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34816 2016-10-07] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2016-05-04] (Microsoft Corporation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-03] (AVAST Software)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2016-06-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [145920 2016-06-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [511488 2016-02-02] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1386496 2016-08-22] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-08-15] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2016-09-12] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-10-27] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation) [File not signed]
S2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [566704 2007-04-20] ( )
R2 lxbl_device; C:\Windows\SysWOW64\lxblcoms.exe [537520 2007-04-20] ( )
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-05-04] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-05-04] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-05] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [187904 2016-06-14] (Microsoft Corporation) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [502272 2016-05-12] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [511488 2016-02-02] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2015-08-05] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2016-02-09] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [302592 2011-06-24] (IDT, Inc.) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [263680 2016-09-08] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [208896 2016-09-08] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444928 2016-05-11] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2023424 2016-08-06] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1178112 2016-08-06] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2607104 2016-05-13] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497664 2015-10-13] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9359872 2011-07-04] (ATI Technologies Inc.) [File not signed]
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760 2011-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2016-10-07] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2016-10-05] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [106496 2016-09-08] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-24] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation) [File not signed]
S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-11-17] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-17] (Malwarebytes)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159744 2016-10-10] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328 2016-10-10] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536 2016-10-10] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262144 2016-05-11] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2016-06-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-20] (Microsoft Corporation) [File not signed]
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [464896 2016-08-12] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [405504 2016-08-12] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168960 2016-08-12] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [528384 2011-06-10] (IDT, Inc.) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [118272 2015-10-13] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [99840 2016-08-16] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2016-08-16] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343552 2016-08-16] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2016-08-16] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-02] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2016-08-16] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-25 22:19 - 2016-11-27 21:51 - 00061326 _____ C:\Users\user\Downloads\FRST.txt
2016-11-25 22:07 - 2016-11-25 22:19 - 00000000 ____D C:\FRST
2016-11-25 21:48 - 2016-11-25 21:53 - 02412032 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-23 13:32 - 2016-11-24 13:44 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2016-11-17 16:36 - 2016-11-23 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-17 15:13 - 2016-11-17 15:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.09.3.1001.exe
2016-11-17 14:46 - 2016-11-17 15:25 - 00000000 ____D C:\Users\user\Desktop\mbar
2016-11-16 14:31 - 2016-11-16 14:31 - 03910208 _____ C:\Users\user\Downloads\adwcleaner_6.030.exe
2016-11-15 14:57 - 2016-11-23 13:25 - 00538312 _____ C:\Windows\ntbtlog.txt
2016-11-08 13:20 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 13:20 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 13:20 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 13:20 - 2016-10-27 19:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 19:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 13:20 - 2016-10-27 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 13:20 - 2016-10-27 10:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 13:20 - 2016-10-27 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 13:20 - 2016-10-27 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-27 10:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 13:20 - 2016-10-27 10:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 13:20 - 2016-10-27 10:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 13:20 - 2016-10-27 10:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 13:20 - 2016-10-27 10:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 13:20 - 2016-10-27 10:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 13:20 - 2016-10-27 10:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 13:20 - 2016-10-27 10:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 13:20 - 2016-10-27 10:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 13:20 - 2016-10-27 10:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-27 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 13:20 - 2016-10-27 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 13:20 - 2016-10-27 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 13:20 - 2016-10-27 10:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 13:20 - 2016-10-27 10:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 13:20 - 2016-10-27 09:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 13:20 - 2016-10-27 09:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 13:20 - 2016-10-27 09:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-27 09:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 13:20 - 2016-10-27 09:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 13:20 - 2016-10-27 09:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 13:20 - 2016-10-27 08:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 13:20 - 2016-10-27 07:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 13:20 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 13:20 - 2016-10-22 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 13:20 - 2016-10-22 09:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 13:20 - 2016-10-22 09:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 13:20 - 2016-10-22 09:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 13:20 - 2016-10-22 09:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 13:20 - 2016-10-22 09:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 13:20 - 2016-10-22 09:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 13:20 - 2016-10-22 09:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 13:20 - 2016-10-22 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-22 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 13:20 - 2016-10-22 08:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 13:20 - 2016-10-22 08:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 13:20 - 2016-10-22 08:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 13:20 - 2016-10-22 08:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 13:20 - 2016-10-22 08:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 13:20 - 2016-10-22 08:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 13:20 - 2016-10-22 08:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 13:20 - 2016-10-22 08:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 13:20 - 2016-10-22 08:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-22 08:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 13:20 - 2016-10-22 08:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 13:20 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 13:20 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 13:20 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 13:20 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 13:20 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 13:20 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 13:20 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 13:20 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 13:20 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 13:20 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 13:20 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 13:20 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 13:20 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 13:20 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 13:20 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 13:20 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 13:20 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 13:20 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 13:20 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 13:20 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 13:20 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 13:20 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 13:19 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-06 10:42 - 2016-11-06 10:45 - 574216234 _____ C:\Users\user\Downloads\[HorribleSubs] One Piece - 763 [1080p].mkv
2016-11-06 10:42 - 2016-11-06 10:45 - 559869070 _____ C:\Users\user\Downloads\[HorribleSubs] Dragon Ball Super - 65 [1080p].mkv
2016-11-06 08:29 - 2016-11-06 08:29 - 00000000 ___DL C:\Users\Guest\AppData\LocalLow\PlayReady
2016-11-04 16:19 - 2016-11-04 16:23 - 1715620573 _____ C:\Users\user\Downloads\American Horror Story S06E08 Chapter 8.mkv
2016-10-31 18:46 - 2016-10-31 18:50 - 00000000 ____D C:\Users\user\Downloads\Shameless.US.S07E05.720p.HDTV.X264-DIMENSION[ettv]
2016-10-30 14:00 - 2016-10-30 14:03 - 560689719 _____ C:\Users\user\Downloads\[HorribleSubs] Dragon Ball Super - 64 [1080p].mkv
2016-10-30 14:00 - 2016-10-30 14:02 - 573978094 _____ C:\Users\user\Downloads\[HorribleSubs] One Piece - 762 [1080p].mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-28 18:15 - 2012-02-18 18:31 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2016-11-28 18:14 - 2012-04-26 12:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-28 18:00 - 2014-09-30 20:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-28 17:45 - 2012-11-08 00:38 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
2016-11-28 15:01 - 2014-09-30 20:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-28 14:46 - 2012-11-08 00:38 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
2016-11-28 02:14 - 2014-05-31 15:31 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-11-27 21:51 - 2012-02-18 18:31 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{37A87542-CBDE-4569-8B70-22735BB33C86}
2016-11-27 11:14 - 2015-01-08 18:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-24 18:19 - 2012-02-18 18:31 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForuser
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-24 11:19 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-24 11:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-11-24 11:12 - 2011-08-16 00:18 - 00000000 ____D C:\ProgramData\PDFC
2016-11-24 10:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-24 10:53 - 2014-06-10 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-21 23:07 - 2012-02-26 17:58 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2016-11-21 23:07 - 2012-02-26 17:58 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2016-11-21 22:22 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-21 20:48 - 2014-09-30 20:57 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-17 15:33 - 2014-05-26 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-17 15:25 - 2015-01-08 13:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-17 15:25 - 2015-01-08 13:30 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-16 15:02 - 2014-05-25 23:14 - 00000000 ____D C:\AdwCleaner
2016-11-16 14:19 - 2016-04-24 12:25 - 00000000 ____D C:\Users\user\Desktop\Virus
2016-11-09 16:59 - 2012-11-16 13:23 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2016-11-09 16:59 - 2012-11-16 13:22 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2016-11-09 16:21 - 2016-02-17 18:58 - 00000000 ____D C:\Users\user\Downloads\Downloaded Music
2016-11-09 10:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 09:44 - 2009-07-13 20:45 - 04937152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 01:14 - 2014-07-08 17:26 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 01:06 - 2014-07-08 17:26 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 17:13 - 2012-02-21 01:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 17:13 - 2011-08-16 00:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 17:13 - 2011-08-16 00:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-07 01:14 - 2016-09-12 23:15 - 00000000 ____D C:\Users\user\AppData\Roaming\qBittorrent
2016-11-06 12:13 - 2013-10-05 15:08 - 00003416 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-11-06 06:19 - 2015-12-19 12:21 - 00000000 ____D C:\Users\Guest\AppData\Local\Spotify
2016-11-06 06:19 - 2015-12-19 12:20 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Spotify
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieUserList
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieSiteList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieUserList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2014-05-25 10:49 - 2014-05-25 10:49 - 0000045 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2014-05-24 23:02 - 2014-05-24 23:02 - 0007608 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-03-05 20:40 - 2012-10-07 17:02 - 0036460 _____ () C:\ProgramData\lxeeJSW.log
2012-03-05 20:29 - 2012-10-30 21:36 - 0001516 _____ () C:\ProgramData\lxeescan.log
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-01-09 18:27 - 2013-01-09 18:27 - 0377537 _____ () C:\ProgramData\SPL1C58.tmp
2014-06-05 21:29 - 2014-06-05 21:29 - 0377537 _____ () C:\ProgramData\SPL2888.tmp
2013-03-03 20:38 - 2013-03-03 20:38 - 0377537 _____ () C:\ProgramData\SPL6712.tmp
2014-03-30 22:18 - 2014-03-30 22:18 - 0377537 _____ () C:\ProgramData\SPL76ED.tmp
2012-10-30 21:57 - 2012-10-30 21:57 - 0377537 _____ () C:\ProgramData\SPLACF7.tmp
2012-10-30 21:36 - 2012-10-30 21:36 - 0841298 _____ () C:\ProgramData\SPLB051.tmp
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\Extract.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 10:52] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-11 10:52] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2016-09-13 20:18] - [2016-08-16 09:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-13 20:18] - [2016-08-15 18:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-04 12:56

==================== End of FRST.txt ============================

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
ComboFix scan

Please download ComboFix[INACTIVE] EXTREMELY slow computer with terrible startup Combofix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
ComboFix 16-12-02.01 - user 12/03/2016  16:56:42.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5617.4879
[GMT -8:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated*
{9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1C58.tmp
c:\programdata\SPL2888.tmp
c:\programdata\SPL6712.tmp
c:\programdata\SPL76ED.tmp
c:\programdata\SPLACF7.tmp
c:\programdata\SPLB051.tmp
c:\users\Public\sdelevURL.tmp
c:\windows\msdownld.tmp
c:\windows\msdownld.tmp\AS616E7C.tmp\Apr2006_d3dx9_30_x64.cab
.
.
(((((((((((((((((((((((((   Files Created from 2016-11-04 to
2016-12-04  )))))))))))))))))))))))))))))))
.
.
2016-12-04 07:18 . 2016-12-04
07:18   --------        d-----w-        c:\users\Guest\AppData\Local\temp
2016-12-04 07:18 . 2016-12-04
07:18   --------        d-----w-        c:\users\Default\AppData\Local\temp
2016-11-26 06:07 . 2016-11-29 18:50     --------        d-----w-        C:\FRST
2016-11-08 21:19 . 2016-08-22
16:19   1386496 ----a-w-        c:\windows\system32\diagtrack.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-17 23:25 . 2015-01-08
21:32   192216  ----a-w-        c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-17 23:25 . 2015-01-08
21:30   109272  ----a-w-        c:\windows\system32\drivers\mbamchameleon.sys
2016-11-09 09:06 . 2014-07-09
01:26   141011376       -c--a-w-        c:\windows\system32\MRT.exe
2016-11-09 01:13 . 2012-04-26
20:44   796352  ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-09 01:13 . 2011-08-16
08:16   142528  ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-27 00:29 . 2010-11-21
03:27   485032  ------w-        c:\windows\system32\MpSigStub.exe
2016-10-07 15:12 . 2016-11-08
21:20   44032   ----a-w-        c:\windows\apppatch\acwow64.dll
2016-09-12 21:17 . 2016-10-11
18:52   77032   ----a-w-        c:\windows\system32\CompatTelRunner.exe
2016-09-12 21:08 . 2016-10-11
18:53   107520  ----a-w-        c:\windows\system32\adsmsext.dll
2016-09-12 21:08 . 2016-10-11
18:52   1226752 ----a-w-        c:\windows\system32\aeinv.dll
2016-09-12 20:49 . 2016-10-11
18:53   76800   ----a-w-        c:\windows\SysWow64\adsmsext.dll
2016-09-12 19:08 . 2016-10-11
18:53   1251328 ----a-w-        c:\windows\SysWow64\DWrite.dll
2016-09-12 18:43 . 2016-10-11
18:53   1180160 ----a-w-        c:\windows\system32\FntCache.dll
2016-09-12 18:43 . 2016-10-11
18:53   1648128 ----a-w-        c:\windows\system32\DWrite.dll
2016-09-09 15:54 . 2016-10-11
18:52   586752  ----a-w-        c:\windows\system32\generaltel.dll
2016-09-09 15:54 . 2016-10-11
18:52   314368  ----a-w-        c:\windows\system32\invagent.dll
2016-09-09 15:54 . 2016-10-11
18:52   575488  ----a-w-        c:\windows\system32\devinv.dll
2016-09-09 15:54 . 2016-10-11
18:52   273408  ----a-w-        c:\windows\system32\centel.dll
2016-09-09 15:54 . 2016-10-11
18:52   224256  ----a-w-        c:\windows\system32\aepic.dll
2016-09-09 15:54 . 2016-10-11
18:52   1629184 ----a-w-        c:\windows\system32\appraiser.dll
2016-09-09 15:54 . 2016-10-11
18:52   129024  ----a-w-        c:\windows\system32\acmigration.dll
2016-09-08 20:34 . 2016-10-11
18:53   263680  ----a-w-        c:\windows\system32\WebClnt.dll
2016-09-08 20:34 . 2016-10-11
18:53   108544  ----a-w-        c:\windows\system32\davclnt.dll
2016-09-08 20:34 . 2016-10-11
18:53   208896  ----a-w-        c:\windows\SysWow64\WebClnt.dll
2016-09-08 20:34 . 2016-10-11
18:53   87040   ----a-w-        c:\windows\SysWow64\davclnt.dll
2016-09-08 14:55 . 2016-10-11
18:53   142336  ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2016-09-08 14:55 . 2016-10-11
18:53   106496  ----a-w-        c:\windows\system32\drivers\dfsc.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
[2016-10-28 1431664]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet
Services\iCloudServices.exe" [2014-08-08 43816]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE"
[2012-02-28 283232]
"EPLTarget\P0000000000000002"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE"
[2012-02-28 283232]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE"
[2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-04 336384]
"HP Software Update"="c:\program files (x86)\HP\HP Software
Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe"
[2011-05-05 658424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple
Application Support\APSDaemon.exe" [2016-09-02 67384]
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant
Software for ViewSonic\traybar.exe" [2007-08-20 774144]
"EEventManager"="c:\program files (x86)\Epson Software\Event
Manager\EEventManager.exe" [2012-01-27 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX
Utility\FUFAXRCV.exe" [2012-03-01 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX
Utility\FUFAXSTM.exe" [2012-03-01 863360]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe"
[2009-08-05 1596096]
"SwitchBoard"="c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common
Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09
1073312]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy
2\SDTray.exe" [2014-06-24 4101576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java
Update\jusched.exe" [2016-04-01 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute     REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint
Licensing Service;c:\program files (x86)\Common
Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program
files (x86)\Common
Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
[x]
R2 AESTFilters;Andrea ST Filters Service;c:\program
files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events
Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe
[x]
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program
files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe;c:\program files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
[x]
R2 DiagTrack;Diagnostics Tracking
Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe
[x]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common
Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common
Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program
files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program
files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R2 EpsonScanSvc;Epson Scanner
Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe
[x]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP
Client Services\HPClientServices.exe;c:\program
files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework
Service;c:\program files (x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files
(x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe [x]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe;c:\windows\SYSNATIVE\lxblcoms.exe
[x]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe;c:\windows\SYSNATIVE\lxeecoms.exe
[x]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF
Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R2 RoxioNow Service;RoxioNow Service;c:\program files
(x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files
(x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files
(x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files
(x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files
(x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files
(x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files
(x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files
(x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files
(x86)\Skype\Updater\Updater.exe;c:\program files
(x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent
Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent
Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector
Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
[x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys
[x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys
[x]
R3 Netaapl;Apple Mobile Device Ethernet
Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys
[x]
R3 ose64;Office 64 Source Engine;c:\program files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport
Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
[x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
[x]
R3 TsUsbGD;Remote Desktop Generic USB
Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys
[x]
R3 USBAAPL64;Apple Mobile USB
Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys
[x]
R3 WatAdminSvc;Windows Activation Technologies
Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
[x]
R3 WSDScan;WSD Scan Support via
UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys
[x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program
files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows
Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys
[x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys
[x]
S3 amdhub30;AMD USB 3.0 Hub
Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys
[x]
S3 amdxhc;AMD USB 3.0 Host Controller
Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys
[x]
S3 netr28x;Ralink 802.11n Extensible Wireless
Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
[x]
S3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
[x]
S3 usbfilter;AMD USB Filter
Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys
[x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\svchost]
LocalServiceAndNoImpersonation  REG_MULTI_SZ    SSDPSRV upnphost
SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active
setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-22 04:22        1364072 ----a-w-        c:\program files
(x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[2012-04-26 01:13]
.
2016-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01 22:31]
.
2016-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01 22:31]
.
2016-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-08 03:27]
.
2016-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-08 03:27]
.
2016-11-22 c:\windows\Tasks\HPCeeScheduleForUSER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 17:51]
.
2016-11-29 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 17:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP
odometer\hpsysdrv.exe" [2008-11-20 62768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe"
[2012-11-05 108144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04
446392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-09-09 176440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-AceStream -
c:\users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKLM-RunOnce-20161125 - c:\program files\AVAST
Software\Avast\aswRunDll.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
- c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files
(x86)\InstallShield Installation
Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe
/startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart
Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema
Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft
Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-12-04  10:19:14
ComboFix-quarantined-files.txt  2016-12-04 18:19
.
Pre-Run: 221,569,716,224 bytes free
Post-Run: 222,767,091,712 bytes free
.
- - End Of File - - 65BB05A8C1F666D5C65478EFBF3C408B
A36C5E4F47E84449FF07ED3517B43A31

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
Okay, now please try to run FRST as we were going to do originally, please.

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by user (administrator) on USER-HP (05-12-2016 13:31:07)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user & Danilo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language:
English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed.
The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be
restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe
[37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
[1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP
odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft
Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft
Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392
2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program
Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04]
(Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP
Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF
Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common
Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01]
(Apple Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files
(x86)\Camera Assistant Software for ViewSonic\traybar.exe [774144
2007-08-20] (Chicony)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson
Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO
EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson
Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON
CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson
Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON
CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM
Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe
Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files
(x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
[1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search &
Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files
(x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01]
(Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [Spotify
Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
[1431664 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet
Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[EPLTarget\P0000000000000001] =>
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232
2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[EPLTarget\P0000000000000002] =>
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232
2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[EPLTarget\P0000000000000000] =>
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232
2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] ->
{472083B0-C522-11CF-8763-00608CC02F24} =>  No File
Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-07-12]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files
(x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-07-03]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files
(x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it
will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8D5C3D27-403F-45C6-A3FF-D29F3ACBE4C2}:
[DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8D08E84-D6B4-4B9B-8D1E-C8A47B5D033C}:
[DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
<======= ATTENTION
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Policies\Microsoft\Internet
Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
= www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet
Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet
Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {866B19C7-65C3-4340-A244-92A88B9FBFC3} URL =
hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{85A60A59-D3D8-468F-B598-FB4393789EF4} URL =
hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
-> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Windows Live ID Sign-in Helper ->
{9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21]
(Microsoft Corp.)
BHO: Office Document Cache Handler ->
{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft
Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
-> C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
[2016-07-21] (HP Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} ->
C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
[2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files
(x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04] (Oracle Corporation)
BHO-x32: avast! Online Security ->
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST
Software\Avast\aswWebRepIE.dll => No File
BHO-x32: Windows Live ID Sign-in Helper ->
{9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files
(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler ->
{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files
(x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft
Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper ->
{DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files
(x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04] (Oracle
Corporation)
BHO-x32: HP Network Check Helper ->
{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files
(x86)\Hewlett-Packard\HP Support
Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
[2016-07-21] (HP Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} -  No File
Toolbar: HKLM-x32 - E-Web Print -
{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson
Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON
CORPORATION)
Toolbar: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> No Name
- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF DefaultProfile: fcpzgi7g.default-1395282151623
FF ProfilePath:
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623
[2016-12-05]
FF NewTab: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> about:home
FF DefaultSearchEngine:
Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF DefaultSearchEngine.US:
Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF SelectedSearchEngine:
Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF Homepage: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623
-> about:home
FF Extension: (Quick Translator) -
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2015-05-31]
FF Extension: (Adblock Plus) -
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016-11-23]
FF Extension: (Greasemonkey) -
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016-08-20]
FF SearchPlugin:
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\searchplugins\google-lavasoft.xml
[2016-03-12]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-17]
[not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-11-17]
[not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-11-17]
[not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] -
C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson
Software\E-Web Print\Firefox Add-on [2016-01-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer ->
C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08]
()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program
Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (
Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->
C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft
Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer ->
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08]
()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files
(x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-04]
(Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program
Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-04]
(Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files
(x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->
C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 ->
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 ->
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program
Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28]
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program
Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28]
(Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files
(x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files
(x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0
-> C:\Program Files (x86)\WildTangent
Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-04-29] ()
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@acestream.net/acestreamplugin,version=3.1.9 ->
C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll [No
File]
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@talk.google.com/GoogleTalkPlugin ->
C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
[2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@talk.google.com/O1DPlugin ->
C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08]
(Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@tools.google.com/Google Update;version=3 ->
C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@tools.google.com/Google Update;version=9 ->
C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata:
C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll
[2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata:
C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08]
(Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default [2016-11-16]
CHR Extension: (Google Docs) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Search) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Docs Offline) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-13]
CHR Extension: (AdBlock) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-05]
CHR Extension: (Avast Online Security) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-05]
CHR Extension: (Ace Stream Web Extension) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-10-10]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR Extension: (Chrome Media Router) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[mjbepbhonbojpoaenhckjocchgfiaofo] -
hxxps://clients2.google.com/service/update2/crx

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files
(x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
[759048 2009-05-14] (ABBYY)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29]
(Microsoft Corporation) [File not signed]
S2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600
2009-03-03] (Andrea Electronics Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft
Corporation) [File not signed]
S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
[204288 2011-07-04] (AMD) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34816 2016-10-07]
(Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2016-05-04]
(Microsoft Corporation) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768
2016-08-05] (Apple Inc.)
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680448
2016-06-14] (Microsoft Corporation) [File not signed]
S2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14]
(Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 BITS; C:\Windows\system32\qmgr.dll [849920 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04]
(Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20]
(Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2016-06-14]
(Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [145920 2016-06-14]
(Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [511488 2016-02-02]
(Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20]
(Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1386496 2016-08-22]
(Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-08-15]
(Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft
Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [30720 2016-10-10] (Microsoft
Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12]
(Seiko Epson Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2016-09-12]
(Microsoft Corporation) [File not signed]
S2 gpsvc; C:\Windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft
Corporation) [File not signed]
S3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448
2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904
2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376
2010-11-20] (Microsoft Corporation) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files
(x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15]
(HP Inc.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe
[114688 2016-10-27] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11]
(Microsoft Corporation) [File not signed]
S2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03]
(Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft
Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20]
(Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784
2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 lxbl_device; C:\Windows\system32\lxblcoms.exe [566704 2007-04-20] ( )
S2 lxbl_device; C:\Windows\SysWOW64\lxblcoms.exe [537520 2007-04-20] ( )
S2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft
Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-05-04]
(Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-05-04]
(Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2016-10-10]
(Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-05]
(Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 PcaSvc; C:\Windows\System32\pcasvc.dll [187904 2016-06-14]
(Microsoft Corporation) [File not signed]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe
[1128952 2011-05-05] (PDF Complete Inc)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft
Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24]
(Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [502272 2016-05-12]
(Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft
Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18]
(Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2016-10-10]
(Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20]
(Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13]
(Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [511488 2016-02-02] (Microsoft
Corporation) [File not signed]
S2 SamSs; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft
Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2015-08-05]
(Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy
2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy
2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy
2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 seclogon; C:\Windows\system32\seclogon.dll [30720 2016-02-09]
(Microsoft Corporation) [File not signed]
S2 SENS; C:\Windows\system32\sens.dll [64512 2009-07-13] (Microsoft
Corporation) [File not signed]
S2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688
2010-11-20] (Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192
2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10]
(Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [302592 2011-06-24]
(IDT, Inc.) [File not signed]
S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe
Systems Incorporated) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft
Corporation) [File not signed]
S2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15]
(Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672
2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13]
(Microsoft Corporation) [File not signed]
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048
2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2016-10-10]
(Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [263680 2016-09-08]
(Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [208896 2016-09-08]
(Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712
2013-05-26] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444928
2016-05-11] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2023424 2016-08-06]
(Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1178112 2016-08-06]
(Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe
[1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 wscsvc; C:\Windows\system32\wscsvc.dll [97280 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03]
(Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03]
(Microsoft Corporation) [File not signed]
S2 wuauserv; C:\Windows\system32\wuaueng.dll [2607104 2016-05-13]
(Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25]
(Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27]
(Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888
2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20]
(Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497664 2015-10-13]
(Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9359872
2011-07-04] (ATI Technologies Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760
2011-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2016-10-07]
(Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040
2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10]
(Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848
2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056
2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2016-10-05]
(Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432
2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704
2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720
2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104
2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976
2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720
2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192
2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568
2009-07-13] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912
2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [106496 2016-09-08]
(Microsoft Corporation) [File not signed]
S1 discache; C:\Windows\System32\drivers\discache.sys [40448
2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08]
(Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10]
(Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800
2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304
2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576
2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232
2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208
2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368
2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-24]
(Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472
2009-07-13] (Microsoft Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10]
(Intel Corporation) [File not signed]
S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [62464
2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944
2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys
[109272 2016-11-17] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys
[192216 2016-11-17] (Malwarebytes)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08]
(Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159744 2016-10-10]
(Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328
2016-10-10] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536
2016-10-10] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192
2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168
2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360
2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976
2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064
2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20]
(Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352
2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040
2013-07-25] (Apple Inc.) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262144 2016-05-11]
(Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576
2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832
2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2016-06-14]
(Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104
2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416
2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592
2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416
2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536
2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672
2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13]
(Microsoft Corporation) [File not signed]
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680
2009-07-13] (Microsoft Corporation) [File not signed]
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192
2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys
[19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16]
(Microsoft Corporation) [File not signed]
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696
2010-11-20] (Microsoft Corporation) [File not signed]
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-20]
(Microsoft Corporation) [File not signed]
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10]
(Macrovision Corporation, Macrovision Europe Limited, and Macrovision
Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624
2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824
2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [464896 2016-08-12]
(Microsoft Corporation) [File not signed]
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [405504 2016-08-12]
(Microsoft Corporation) [File not signed]
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168960 2016-08-12]
(Microsoft Corporation) [File not signed]
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [528384 2011-06-10]
(IDT, Inc.) [File not signed]
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080
2016-07-07] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16]
(Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [118272 2015-10-13]
(Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936
2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832
2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23]
(Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20]
(Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20]
(Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784
2015-06-10] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824
2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [99840 2016-08-16]
(Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12]
(Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2016-08-16]
(Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343552 2016-08-16]
(Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2016-08-16]
(Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088
2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-02]
(Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03]
(Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2016-08-16]
(Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344
2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576
2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904
2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20]
(Microsoft Corporation) [File not signed]
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20]
(Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25]
(Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25]
(Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-04 10:19 - 2016-12-04 10:19 - 00022155 _____ C:\ComboFix.txt
2016-12-03 16:06 - 2016-12-01 19:36 - 05659954 ____R (Swearware)
C:\Users\user\Desktop\ComboFix.exe
2016-12-01 20:40 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-01 20:40 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-01 20:40 - 2009-04-19 20:56 - 00060416 _____ (NirSoft)
C:\Windows\NIRCMD.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX)
C:\Windows\SWREG.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX)
C:\Windows\SWSC.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-01 20:25 - 2016-12-04 10:19 - 00000000 ____D C:\Qoobox
2016-12-01 19:51 - 2016-12-04 00:58 - 00000000 ____D C:\Windows\erdnt
2016-12-01 19:36 - 2016-12-01 19:36 - 05659954 ____R (Swearware)
C:\Users\user\Downloads\ComboFix.exe
2016-11-29 00:06 - 2016-11-29 11:31 - 00056382 _____
C:\Users\user\Downloads\Addition.txt
2016-11-25 22:19 - 2016-12-05 21:23 - 00056563 _____
C:\Users\user\Downloads\FRST.txt
2016-11-25 22:07 - 2016-12-05 13:31 - 00000000 ____D C:\FRST
2016-11-25 21:48 - 2016-11-25 21:53 - 02412032 _____ (Farbar)
C:\Users\user\Downloads\FRST64.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software)
C:\Users\user\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software)
C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-23 13:32 - 2016-12-05 08:56 - 00000000 ____D
C:\Users\user\AppData\LocalLow\Mozilla
2016-11-17 16:36 - 2016-12-02 00:00 - 00000000 ____D C:\Program Files
(x86)\Mozilla Firefox
2016-11-17 15:13 - 2016-11-17 15:18 - 16563352 _____ (Malwarebytes
Corp.) C:\Users\user\Downloads\mbar-1.09.3.1001.exe
2016-11-17 14:46 - 2016-11-17 15:25 - 00000000 ____D C:\Users\user\Desktop\mbar
2016-11-16 14:31 - 2016-11-16 14:31 - 03910208 _____
C:\Users\user\Downloads\adwcleaner_6.030.exe
2016-11-15 14:57 - 2016-12-05 13:12 - 00833352 _____ C:\Windows\ntbtlog.txt
2016-11-08 13:20 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems
Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00100864 _____ (Microsoft
Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems)
C:\Windows\system32\atmlib.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00041472 _____ (Microsoft
Corporation) C:\Windows\system32\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00014336 _____ (Microsoft
Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 13:20 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00070656 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00025600 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00010240 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 13:20 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems)
C:\Windows\SysWOW64\atmlib.dll
2016-11-08 13:20 - 2016-10-27 19:59 - 00394440 _____ (Microsoft
Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 19:14 - 00346320 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 11:13 - 02724864 _____ (Microsoft
Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 13:20 - 2016-10-27 11:13 - 00004096 _____ (Microsoft
Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 13:20 - 2016-10-27 10:55 - 00066560 _____ (Microsoft
Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 13:20 - 2016-10-27 10:54 - 00417792 _____ (Microsoft
Corporation) C:\Windows\system32\html.iec
2016-11-08 13:20 - 2016-10-27 10:54 - 00048640 _____ (Microsoft
Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00576000 _____ (Microsoft
Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00088064 _____ (Microsoft
Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-27 10:51 - 02896384 _____ (Microsoft
Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 13:20 - 2016-10-27 10:44 - 00054784 _____ (Microsoft
Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 13:20 - 2016-10-27 10:43 - 00034304 _____ (Microsoft
Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 13:20 - 2016-10-27 10:38 - 00615936 _____ (Microsoft
Corporation) C:\Windows\system32\ieui.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00817664 _____ (Microsoft
Corporation) C:\Windows\system32\jscript.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00814080 _____ (Microsoft
Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00144384 _____ (Microsoft
Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 13:20 - 2016-10-27 10:37 - 00114688 _____ (Microsoft
Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 13:20 - 2016-10-27 10:28 - 25763328 _____ (Microsoft
Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 13:20 - 2016-10-27 10:28 - 00968704 _____ (Microsoft
Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 13:20 - 2016-10-27 10:24 - 00489984 _____ (Microsoft
Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 13:20 - 2016-10-27 10:19 - 06047744 _____ (Microsoft
Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 13:20 - 2016-10-27 10:15 - 00077824 _____ (Microsoft
Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-27 10:13 - 00107520 _____ (Microsoft
Corporation) C:\Windows\system32\inseng.dll
2016-11-08 13:20 - 2016-10-27 10:09 - 00199680 _____ (Microsoft
Corporation) C:\Windows\system32\msrating.dll
2016-11-08 13:20 - 2016-10-27 10:08 - 00092160 _____ (Microsoft
Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 13:20 - 2016-10-27 10:05 - 00315392 _____ (Microsoft
Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 13:20 - 2016-10-27 10:02 - 00152064 _____ (Microsoft
Corporation) C:\Windows\system32\occache.dll
2016-11-08 13:20 - 2016-10-27 09:49 - 00262144 _____ (Microsoft
Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00806912 _____ (Microsoft
Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00725504 _____ (Microsoft
Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 13:20 - 2016-10-27 09:44 - 02131456 _____ (Microsoft
Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 13:20 - 2016-10-27 09:44 - 01359360 _____ (Microsoft
Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-27 09:17 - 15257088 _____ (Microsoft
Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 13:20 - 2016-10-27 09:16 - 02920448 _____ (Microsoft
Corporation) C:\Windows\system32\wininet.dll
2016-11-08 13:20 - 2016-10-27 09:03 - 01543680 _____ (Microsoft
Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 13:20 - 2016-10-27 08:54 - 00800768 _____ (Microsoft
Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 13:20 - 2016-10-27 07:05 - 20304896 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 13:20 - 2016-10-25 07:02 - 03219456 _____ (Microsoft
Corporation) C:\Windows\system32\win32k.sys
2016-11-08 13:20 - 2016-10-22 09:54 - 02724864 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 13:20 - 2016-10-22 09:36 - 00062464 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 13:20 - 2016-10-22 09:36 - 00047616 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00498688 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00341504 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 13:20 - 2016-10-22 09:34 - 00064000 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 02287616 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 00047104 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 13:20 - 2016-10-22 09:26 - 00030720 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 13:20 - 2016-10-22 09:22 - 00476160 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00663552 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00115712 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 13:20 - 2016-10-22 09:20 - 00620032 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 13:20 - 2016-10-22 09:09 - 00416256 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 13:20 - 2016-10-22 09:04 - 00060416 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-22 09:03 - 00091136 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 13:20 - 2016-10-22 08:59 - 00168960 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 13:20 - 2016-10-22 08:58 - 00076288 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 13:20 - 2016-10-22 08:56 - 00279040 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 13:20 - 2016-10-22 08:54 - 00130048 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 13:20 - 2016-10-22 08:46 - 00230400 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 13:20 - 2016-10-22 08:45 - 00693248 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 13:20 - 2016-10-22 08:44 - 04608000 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 13:20 - 2016-10-22 08:43 - 02055680 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 13:20 - 2016-10-22 08:43 - 01155072 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-22 08:30 - 13654016 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 13:20 - 2016-10-22 08:12 - 02444800 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 01312256 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 00710144 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00976896 _____ (Microsoft
Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00084480 _____ (Microsoft
Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00741888 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00084480 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 13:20 - 2016-10-11 07:37 - 00370920 _____ (Microsoft
Corporation) C:\Windows\system32\clfs.sys
2016-11-08 13:20 - 2016-10-11 07:31 - 01148416 _____ (Microsoft
Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:31 - 01068544 _____ (Microsoft
Corporation) C:\Windows\system32\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00878080 _____ (Microsoft
Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:31 - 00457216 _____ (Microsoft
Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00246784 _____ (Microsoft
Corporation) C:\Windows\system32\input.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00176128 _____ (Microsoft
Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\quick.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\phon.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00132608 _____ (Microsoft
Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 01027584 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:18 - 00829952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00701440 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:18 - 00430080 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00202240 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00126976 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00090112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 05:33 - 00187392 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 13:20 - 2016-10-11 05:06 - 00221184 _____ (Microsoft
Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 13:20 - 2016-10-10 07:38 - 00154856 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 13:20 - 2016-10-10 07:38 - 00095464 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 13:20 - 2016-10-10 07:34 - 00210432 _____ (Microsoft
Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00135680 _____ (Microsoft
Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00086528 _____ (Microsoft
Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00028672 _____ (Microsoft
Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01462272 _____ (Microsoft
Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01212928 _____ (Microsoft
Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00730624 _____ (Microsoft
Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00690688 _____ (Microsoft
Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00463872 _____ (Microsoft
Corporation) C:\Windows\system32\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00345600 _____ (Microsoft
Corporation) C:\Windows\system32\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00316928 _____ (Microsoft
Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00312320 _____ (Microsoft
Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00190464 _____ (Microsoft
Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00146432 _____ (Microsoft
Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00060416 _____ (Microsoft
Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00043520 _____ (Microsoft
Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00028160 _____ (Microsoft
Corporation) C:\Windows\system32\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00022016 _____ (Microsoft
Corporation) C:\Windows\system32\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00690688 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00666112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00553472 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00342528 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00261120 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00254464 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00223232 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00172032 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00146432 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00141312 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00096768 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00065536 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00060416 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00022016 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00017408 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:02 - 00064000 _____ (Microsoft
Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:56 - 00159744 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00291328 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00129536 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00030720 _____ (Microsoft
Corporation) C:\Windows\system32\lsass.exe
2016-11-08 13:20 - 2016-10-10 06:54 - 00050176 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:50 - 00036352 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 13:20 - 2016-10-07 07:40 - 00631176 _____ (Microsoft
Corporation) C:\Windows\system32\winresume.efi
2016-11-08 13:20 - 2016-10-07 07:37 - 05547752 _____ (Microsoft
Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:37 - 00706792 _____ (Microsoft
Corporation) C:\Windows\system32\winload.efi
2016-11-08 13:20 - 2016-10-07 07:35 - 01732864 _____ (Microsoft
Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 03649536 _____ (Microsoft
Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 01163264 _____ (Microsoft
Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00880640 _____ (Microsoft
Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00877056 _____ (Microsoft
Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00503808 _____ (Microsoft
Corporation) C:\Windows\system32\srcore.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00419840 _____ (Microsoft
Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00362496 _____ (Microsoft
Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00243712 _____ (Microsoft
Corporation) C:\Windows\system32\wow64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00215552 _____ (Microsoft
Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00084992 _____ (Microsoft
Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00063488 _____ (Microsoft
Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00059904 _____ (Microsoft
Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00050176 _____ (Microsoft
Corporation) C:\Windows\system32\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00044032 _____ (Microsoft
Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00034816 _____ (Microsoft
Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00016384 _____ (Microsoft
Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00013312 _____ (Microsoft
Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006656 _____ (Microsoft
Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006144 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00005120 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:18 - 04000488 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 13:20 - 2016-10-07 07:18 - 03944680 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:15 - 01314112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 02291712 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 01114112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00644096 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00581632 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00275456 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00067584 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00050688 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00043008 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00006656 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004608 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:04 - 00148480 _____ (Microsoft
Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 13:20 - 2016-10-07 07:04 - 00062464 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 13:20 - 2016-10-07 07:04 - 00017920 _____ (Microsoft
Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 13:20 - 2016-10-07 07:01 - 00338432 _____ (Microsoft
Corporation) C:\Windows\system32\conhost.exe
2016-11-08 13:20 - 2016-10-07 07:00 - 00296960 _____ (Microsoft
Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 13:20 - 2016-10-07 06:56 - 00112640 _____ (Microsoft
Corporation) C:\Windows\system32\smss.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00025600 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00014336 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 06:50 - 00007680 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00002048 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 13:20 - 2016-10-07 06:49 - 00006144 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00004608 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-05 06:54 - 00090112 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 13:20 - 2016-09-15 06:56 - 00041984 _____ (Microsoft
Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 13:20 - 2016-09-13 07:37 - 00002048 _____ (Microsoft
Corporation) C:\Windows\system32\tzres.dll
2016-11-08 13:20 - 2016-09-13 07:11 - 00002048 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 13:20 - 2016-09-09 10:20 - 00756736 _____ (Microsoft
Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 13:20 - 2016-09-09 10:00 - 00497152 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 13:19 - 2016-08-22 08:19 - 01386496 _____ (Microsoft
Corporation) C:\Windows\system32\diagtrack.dll
2016-11-06 10:42 - 2016-11-06 10:45 - 574216234 _____
C:\Users\user\Downloads\[HorribleSubs] One Piece - 763 [1080p].mkv
2016-11-06 10:42 - 2016-11-06 10:45 - 559869070 _____
C:\Users\user\Downloads\[HorribleSubs] Dragon Ball Super - 65
[1080p].mkv
2016-11-06 08:29 - 2016-11-06 08:29 - 00000000 ___DL
C:\Users\Guest\AppData\LocalLow\PlayReady

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-05 13:20 - 2009-07-13 21:13 - 00782470 _____
C:\Windows\system32\PerfStringBackup.INI
2016-12-05 13:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-04 00:08 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-12-03 16:07 - 2012-02-22 19:36 - 00000000 ____D
C:\ProgramData\AVAST Software
2016-12-03 15:37 - 2012-02-22 19:36 - 00000000 ____D C:\Program
Files\AVAST Software
2016-12-02 00:22 - 2013-08-05 10:25 - 00000000 ____D C:\Windows\Minidump
2016-12-02 00:22 - 2012-02-18 16:38 - 00270906 ____N
C:\Windows\Minidump\120216-18688-01.dmp
2016-12-01 19:05 - 2014-06-10 19:35 - 00000000 ____D C:\Program Files
(x86)\Mozilla Maintenance Service
2016-12-01 18:31 - 2011-08-16 00:18 - 00000000 ____D C:\ProgramData\PDFC
2016-12-01 18:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-29 22:14 - 2012-04-26 12:44 - 00000830 _____
C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-29 21:55 - 2014-09-30 20:54 - 00000898 _____
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-29 21:45 - 2012-11-08 00:38 - 00000904 _____
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
2016-11-29 21:14 - 2012-02-18 18:31 - 00003918 _____
C:\Windows\System32\Tasks\User_Feed_Synchronization-{37A87542-CBDE-4569-8B70-22735BB33C86}
2016-11-29 16:07 - 2012-11-08 00:38 - 00000852 _____
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
2016-11-29 14:55 - 2014-09-30 20:54 - 00000894 _____
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-29 02:05 - 2014-05-31 15:31 - 00000000 ____D
C:\Users\user\AppData\Local\Adobe
2016-11-29 02:04 - 2012-02-18 18:31 - 00000328 _____
C:\Windows\Tasks\HPCeeScheduleForuser.job
2016-11-29 02:00 - 2012-02-18 18:31 - 00003180 _____
C:\Windows\System32\Tasks\HPCeeScheduleForuser
2016-11-27 11:14 - 2015-01-08 18:07 - 00004182 _____
C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 23:07 - 2012-02-26 17:58 - 00003216 _____
C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2016-11-21 23:07 - 2012-02-26 17:58 - 00000340 _____
C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2016-11-21 22:22 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-21 20:48 - 2014-09-30 20:57 - 00002197 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-17 15:33 - 2014-05-26 10:33 - 00000000 ____D
C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-17 15:25 - 2015-01-08 13:32 - 00192216 _____ (Malwarebytes)
C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-17 15:25 - 2015-01-08 13:30 - 00109272 _____ (Malwarebytes)
C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-16 15:02 - 2014-05-25 23:14 - 00000000 ____D C:\AdwCleaner
2016-11-16 14:19 - 2016-04-24 12:25 - 00000000 ____D C:\Users\user\Desktop\Virus
2016-11-09 16:59 - 2012-11-16 13:23 - 00000000 ____D
C:\Users\user\AppData\Local\Spotify
2016-11-09 16:59 - 2012-11-16 13:22 - 00000000 ____D
C:\Users\user\AppData\Roaming\Spotify
2016-11-09 16:21 - 2016-02-17 18:58 - 00000000 ____D
C:\Users\user\Downloads\Downloaded Music
2016-11-09 10:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 09:44 - 2009-07-13 20:45 - 04937152 _____
C:\Windows\system32\FNTCACHE.DAT
2016-11-09 01:14 - 2014-07-08 17:26 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 01:06 - 2014-07-08 17:26 - 141011376 ____C (Microsoft
Corporation) C:\Windows\system32\MRT.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00796352 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00003768 _____
C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 17:13 - 2012-02-21 01:09 - 00000000 ____D
C:\Windows\system32\Macromed
2016-11-08 17:13 - 2011-08-16 00:16 - 00142528 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 17:13 - 2011-08-16 00:16 - 00000000 ____D
C:\Windows\SysWOW64\Macromed
2016-11-07 01:14 - 2016-09-12 23:15 - 00000000 ____D
C:\Users\user\AppData\Roaming\qBittorrent
2016-11-06 12:13 - 2013-10-05 15:08 - 00003416 _____
C:\Windows\System32\Tasks\Apple Diagnostics
2016-11-06 06:19 - 2015-12-19 12:21 - 00000000 ____D
C:\Users\Guest\AppData\Local\Spotify
2016-11-06 06:19 - 2015-12-19 12:20 - 00000000 ____D
C:\Users\Guest\AppData\Roaming\Spotify
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD
C:\Users\Guest\AppData\LocalLow\EmieUserList
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD
C:\Users\Guest\AppData\LocalLow\EmieSiteList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD
C:\Users\Guest\AppData\Local\EmieUserList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD
C:\Users\Guest\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2014-05-25 10:49 - 2014-05-25 10:49 - 0000045 _____ ()
C:\Users\user\AppData\Roaming\WB.CFG
2014-05-24 23:02 - 2014-05-24 23:02 - 0007608 _____ ()
C:\Users\user\AppData\Local\Resmon.ResmonCfg
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ ()
C:\ProgramData\cmn_upld.log
2012-03-05 20:40 - 2012-10-07 17:02 - 0036460 _____ ()
C:\ProgramData\lxeeJSW.log
2012-03-05 20:29 - 2012-10-30 21:36 - 0001516 _____ ()
C:\ProgramData\lxeescan.log
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ ()
C:\ProgramData\LxWbGwLog.log
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ ()
C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 10:52] - [2016-08-29 07:04] - 3229696 ____A (Microsoft
Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-11 10:52] - [2016-08-29 06:55] - 2972672 ____A (Microsoft
Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2016-09-13 20:18] - [2016-08-16 09:36] - 1009152 ____A (Microsoft
Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-13 20:18] - [2016-08-15 18:48] - 0833024 ____A (Microsoft
Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-04 12:56

==================== End of FRST.txt ============================

description[INACTIVE] EXTREMELY slow computer with terrible startup EmptyRe: [INACTIVE] EXTREMELY slow computer with terrible startup

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum