[INACTIVE] EXTREMELY slow computer with terrible startup

3 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

[INACTIVE] EXTREMELY slow computer with terrible startup23rd November 2016, 11:10 pm

Hi Hi, I hope I posted in the right section for this.
For about a month now I've been dealing with a sluggish computer and just recently it stopped loading up on me. It takes too long to click on my account, type the password, and log in. Once it actually does it just stays on black.
I'm currently running on Safe Mode with Networking, seems to be working fine after loading up. My only worry is that it's not a virus causing this, but possibly hardware issues?

Any help is appreciated!

Re: [INACTIVE] EXTREMELY slow computer with terrible startup23rd November 2016, 11:51 pm

Hello there,

Please read this topic and post logs in your next reply: http://www.geekpolice.net/t3821-read-this-before-posting

Re: [INACTIVE] EXTREMELY slow computer with terrible startup26th November 2016, 9:39 pm

@omicron_persei8 - Do you still need help with this? You have not replied for 3 days, so we want to ensure you still need help.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup29th November 2016, 3:50 am

Yes sorry, holiday madness. I've been running FarBar since the first day I posted but the program has been running slow and has frozen up on many twice. It seems to be running fine right now.
I don't actually see the progress bar moving. And it'll say (Not Responding) whenever I try to click the window. I've spent the whole day trying to upload a screen shot and upload it here.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup29th November 2016, 5:41 am

Okay, let's try something easier...

Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.

Double-click mbam-setup-2.0.0.****.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download Malwarebytes' AdwCleaner onto your Desktop.

Double click on AdwCleaner_xxxx.exe to run the tool.
Click on Scan.
After done scanning, please hit Logfile. Locate the logfile in the Scan tab, double-click on it, copy the information inside of it, and paste it into your next reply.
You can find the logfile at C:\AdwCleaner[Sx].txt as well.

Fix with Junkware Removal Tool

Please download Malwarebytes' Junkware Removal Tool and save the file to your desktop.

Right-click on the JRT.exe or Junkware Removal Tool icon and select Run as Administrator to start the tool.
Follow the prompts and let this process run uninterrupted.
This scan can take a while, depending on your System specs.
Upon completion, a log (JRT.txt) will open on your desktop.

Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.

In your next reply, please post the following logs:

Malwarebytes' Anti-Malware Log
AdwCleaner log
Junkware Removal Tool log

Re: [INACTIVE] EXTREMELY slow computer with terrible startup1st December 2016, 9:47 pm

Haven't had access to a better running device to post this, FarBar actually finished after we last interacted, here's the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by user (administrator) on USER-HP (27-11-2016 21:51:29)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user & Danilo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
( ) C:\Windows\System32\lxblcoms.exe
( ) C:\Windows\System32\lxeecoms.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Chicony) C:\Program Files (x86)\Camera Assistant Software for ViewSonic\traybar.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
() C:\Program Files (x86)\Camera Assistant Software for ViewSonic\CEC_MAIN.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Camera Assistant Software for ViewSonic\traybar.exe [774144 2007-08-20] (Chicony)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7408312 2016-06-27] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [Spotify Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [AceStream] => C:\Users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-06-03] (AVAST Software)
Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-07-12]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-07-03]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8D5C3D27-403F-45C6-A3FF-D29F3ACBE4C2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8D08E84-D6B4-4B9B-8D1E-C8A47B5D033C}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {866B19C7-65C3-4340-A244-92A88B9FBFC3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-18] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-18] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:
========
FF DefaultProfile: fcpzgi7g.default-1395282151623
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 [2016-11-27]
FF NewTab: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> about:home
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF Homepage: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> about:home
FF Extension: (Quick Translator) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2015-05-31]
FF Extension: (Adblock Plus) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Greasemonkey) - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-08-20]
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\searchplugins\google-lavasoft.xml [2016-03-12]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-17] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-11-17] [not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-11-17] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-06-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-06-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-01-14] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-04-29] ()
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @acestream.net/acestreamplugin,version=3.1.9 -> C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-11-16]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-13]
CHR Extension: (AdBlock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-05]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-05]
CHR Extension: (Ace Stream Web Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-10-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29] (Microsoft Corporation) [File not signed]
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [204288 2011-07-04] (AMD) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34816 2016-10-07] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2016-05-04] (Microsoft Corporation) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14] (Microsoft Corporation) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [243296 2016-06-03] (AVAST Software)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R2 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2016-06-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [145920 2016-06-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [511488 2016-02-02] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1386496 2016-08-22] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-08-15] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2016-09-12] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2016-10-27] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation) [File not signed]
S2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lxbl_device; C:\Windows\system32\lxblcoms.exe [566704 2007-04-20] ( )
R2 lxbl_device; C:\Windows\SysWOW64\lxblcoms.exe [537520 2007-04-20] ( )
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-05-04] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-05-04] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-05] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [187904 2016-06-14] (Microsoft Corporation) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [502272 2016-05-12] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [511488 2016-02-02] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2015-08-05] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2016-02-09] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10] (Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [302592 2011-06-24] (IDT, Inc.) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15] (Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [263680 2016-09-08] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [208896 2016-09-08] (Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444928 2016-05-11] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2023424 2016-08-06] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1178112 2016-08-06] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03] (Microsoft Corporation) [File not signed]
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\Windows\system32\wuaueng.dll [2607104 2016-05-13] (Microsoft Corporation) [File not signed]
R3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]

Re: [INACTIVE] EXTREMELY slow computer with terrible startup1st December 2016, 9:48 pm

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497664 2015-10-13] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9359872 2011-07-04] (ATI Technologies Inc.) [File not signed]
R3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760 2011-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2016-10-07] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-06-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-06-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-06-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-06-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-06-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-06-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [465792 2016-06-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [166432 2016-06-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-05] (AVAST Software)
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2016-10-05] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
R4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [106496 2016-09-08] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08] (Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-24] (Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10] (Intel Corporation) [File not signed]
S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2016-11-17] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-17] (Malwarebytes)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159744 2016-10-10] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328 2016-10-10] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536 2016-10-10] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262144 2016-05-11] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2016-06-14] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16] (Microsoft Corporation) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
R3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-20] (Microsoft Corporation) [File not signed]
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [464896 2016-08-12] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [405504 2016-08-12] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168960 2016-08-12] (Microsoft Corporation) [File not signed]
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [528384 2011-06-10] (IDT, Inc.) [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080 2016-07-07] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [118272 2015-10-13] (Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [99840 2016-08-16] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2016-08-16] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343552 2016-08-16] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2016-08-16] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-02] (Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2016-08-16] (Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
R3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Re: [INACTIVE] EXTREMELY slow computer with terrible startup1st December 2016, 9:49 pm

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-25 22:19 - 2016-11-27 21:51 - 00061326 _____ C:\Users\user\Downloads\FRST.txt
2016-11-25 22:07 - 2016-11-25 22:19 - 00000000 ____D C:\FRST
2016-11-25 21:48 - 2016-11-25 21:53 - 02412032 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-23 13:32 - 2016-11-24 13:44 - 00000000 ____D C:\Users\user\AppData\LocalLow\Mozilla
2016-11-17 16:36 - 2016-11-23 13:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-17 15:13 - 2016-11-17 15:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.09.3.1001.exe
2016-11-17 14:46 - 2016-11-17 15:25 - 00000000 ____D C:\Users\user\Desktop\mbar
2016-11-16 14:31 - 2016-11-16 14:31 - 03910208 _____ C:\Users\user\Downloads\adwcleaner_6.030.exe
2016-11-15 14:57 - 2016-11-23 13:25 - 00538312 _____ C:\Windows\ntbtlog.txt
2016-11-08 13:20 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 13:20 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 13:20 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-11-08 13:20 - 2016-10-27 19:59 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 19:14 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 11:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 13:20 - 2016-10-27 11:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 13:20 - 2016-10-27 10:55 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 13:20 - 2016-10-27 10:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-11-08 13:20 - 2016-10-27 10:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-27 10:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 13:20 - 2016-10-27 10:44 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 13:20 - 2016-10-27 10:43 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 13:20 - 2016-10-27 10:38 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 13:20 - 2016-10-27 10:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 13:20 - 2016-10-27 10:28 - 25763328 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 13:20 - 2016-10-27 10:28 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 13:20 - 2016-10-27 10:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 13:20 - 2016-10-27 10:19 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 13:20 - 2016-10-27 10:15 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-27 10:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-11-08 13:20 - 2016-10-27 10:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-11-08 13:20 - 2016-10-27 10:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 13:20 - 2016-10-27 10:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 13:20 - 2016-10-27 10:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-11-08 13:20 - 2016-10-27 09:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 13:20 - 2016-10-27 09:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 13:20 - 2016-10-27 09:44 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-27 09:17 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 13:20 - 2016-10-27 09:16 - 02920448 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-11-08 13:20 - 2016-10-27 09:03 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 13:20 - 2016-10-27 08:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 13:20 - 2016-10-27 07:05 - 20304896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 13:20 - 2016-10-25 07:02 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-11-08 13:20 - 2016-10-22 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 13:20 - 2016-10-22 09:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 13:20 - 2016-10-22 09:36 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 13:20 - 2016-10-22 09:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 13:20 - 2016-10-22 09:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 13:20 - 2016-10-22 09:22 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 13:20 - 2016-10-22 09:20 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 13:20 - 2016-10-22 09:09 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 13:20 - 2016-10-22 09:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-22 09:03 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 13:20 - 2016-10-22 08:59 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 13:20 - 2016-10-22 08:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 13:20 - 2016-10-22 08:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 13:20 - 2016-10-22 08:54 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 13:20 - 2016-10-22 08:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 13:20 - 2016-10-22 08:45 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 13:20 - 2016-10-22 08:44 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 13:20 - 2016-10-22 08:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 13:20 - 2016-10-22 08:43 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-22 08:30 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 13:20 - 2016-10-22 08:12 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 13:20 - 2016-10-11 07:37 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-11-08 13:20 - 2016-10-11 07:31 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:31 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:31 - 00457216 _____ (Microsoft Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\quick.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\phon.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 01027584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:18 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:18 - 00430080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 05:33 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 13:20 - 2016-10-11 05:06 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 13:20 - 2016-10-10 07:38 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 13:20 - 2016-10-10 07:38 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 13:20 - 2016-10-10 07:34 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-08 13:20 - 2016-10-10 06:54 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 13:20 - 2016-10-07 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-08 13:20 - 2016-10-07 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-08 13:20 - 2016-10-07 07:35 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 03649536 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:18 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 13:20 - 2016-10-07 07:18 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:15 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 02291712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:04 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 13:20 - 2016-10-07 07:04 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 13:20 - 2016-10-07 07:04 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 13:20 - 2016-10-07 07:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-11-08 13:20 - 2016-10-07 07:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 13:20 - 2016-10-07 06:56 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 06:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 13:20 - 2016-10-07 06:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-05 06:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 13:20 - 2016-09-15 06:56 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 13:20 - 2016-09-13 07:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-11-08 13:20 - 2016-09-13 07:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 13:20 - 2016-09-09 10:20 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 13:20 - 2016-09-09 10:00 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 13:19 - 2016-08-22 08:19 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-11-06 10:42 - 2016-11-06 10:45 - 574216234 _____ C:\Users\user\Downloads\[HorribleSubs] One Piece - 763 [1080p].mkv
2016-11-06 10:42 - 2016-11-06 10:45 - 559869070 _____ C:\Users\user\Downloads\[HorribleSubs] Dragon Ball Super - 65 [1080p].mkv
2016-11-06 08:29 - 2016-11-06 08:29 - 00000000 ___DL C:\Users\Guest\AppData\LocalLow\PlayReady
2016-11-04 16:19 - 2016-11-04 16:23 - 1715620573 _____ C:\Users\user\Downloads\American Horror Story S06E08 Chapter 8.mkv
2016-10-31 18:46 - 2016-10-31 18:50 - 00000000 ____D C:\Users\user\Downloads\Shameless.US.S07E05.720p.HDTV.X264-DIMENSION[ettv]
2016-10-30 14:00 - 2016-10-30 14:03 - 560689719 _____ C:\Users\user\Downloads\[HorribleSubs] Dragon Ball Super - 64 [1080p].mkv
2016-10-30 14:00 - 2016-10-30 14:02 - 573978094 _____ C:\Users\user\Downloads\[HorribleSubs] One Piece - 762 [1080p].mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-28 18:15 - 2012-02-18 18:31 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForuser.job
2016-11-28 18:14 - 2012-04-26 12:44 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-28 18:00 - 2014-09-30 20:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-28 17:45 - 2012-11-08 00:38 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
2016-11-28 15:01 - 2014-09-30 20:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-28 14:46 - 2012-11-08 00:38 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
2016-11-28 02:14 - 2014-05-31 15:31 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2016-11-27 21:51 - 2012-02-18 18:31 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{37A87542-CBDE-4569-8B70-22735BB33C86}
2016-11-27 11:14 - 2015-01-08 18:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-24 18:19 - 2012-02-18 18:31 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForuser
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-24 11:19 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-24 11:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-11-24 11:12 - 2011-08-16 00:18 - 00000000 ____D C:\ProgramData\PDFC
2016-11-24 10:56 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-24 10:53 - 2014-06-10 19:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-21 23:07 - 2012-02-26 17:58 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2016-11-21 23:07 - 2012-02-26 17:58 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2016-11-21 22:22 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-21 20:48 - 2014-09-30 20:57 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-17 15:33 - 2014-05-26 10:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-17 15:25 - 2015-01-08 13:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-17 15:25 - 2015-01-08 13:30 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-16 15:02 - 2014-05-25 23:14 - 00000000 ____D C:\AdwCleaner
2016-11-16 14:19 - 2016-04-24 12:25 - 00000000 ____D C:\Users\user\Desktop\Virus
2016-11-09 16:59 - 2012-11-16 13:23 - 00000000 ____D C:\Users\user\AppData\Local\Spotify
2016-11-09 16:59 - 2012-11-16 13:22 - 00000000 ____D C:\Users\user\AppData\Roaming\Spotify
2016-11-09 16:21 - 2016-02-17 18:58 - 00000000 ____D C:\Users\user\Downloads\Downloaded Music
2016-11-09 10:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 09:44 - 2009-07-13 20:45 - 04937152 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-09 01:14 - 2014-07-08 17:26 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 01:06 - 2014-07-08 17:26 - 141011376 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 17:13 - 2012-02-21 01:09 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-08 17:13 - 2011-08-16 00:16 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 17:13 - 2011-08-16 00:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-07 01:14 - 2016-09-12 23:15 - 00000000 ____D C:\Users\user\AppData\Roaming\qBittorrent
2016-11-06 12:13 - 2013-10-05 15:08 - 00003416 _____ C:\Windows\System32\Tasks\Apple Diagnostics
2016-11-06 06:19 - 2015-12-19 12:21 - 00000000 ____D C:\Users\Guest\AppData\Local\Spotify
2016-11-06 06:19 - 2015-12-19 12:20 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Spotify
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieUserList
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD C:\Users\Guest\AppData\LocalLow\EmieSiteList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieUserList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD C:\Users\Guest\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2014-05-25 10:49 - 2014-05-25 10:49 - 0000045 _____ () C:\Users\user\AppData\Roaming\WB.CFG
2014-05-24 23:02 - 2014-05-24 23:02 - 0007608 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2012-03-05 20:40 - 2012-10-07 17:02 - 0036460 _____ () C:\ProgramData\lxeeJSW.log
2012-03-05 20:29 - 2012-10-30 21:36 - 0001516 _____ () C:\ProgramData\lxeescan.log
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2013-01-09 18:27 - 2013-01-09 18:27 - 0377537 _____ () C:\ProgramData\SPL1C58.tmp
2014-06-05 21:29 - 2014-06-05 21:29 - 0377537 _____ () C:\ProgramData\SPL2888.tmp
2013-03-03 20:38 - 2013-03-03 20:38 - 0377537 _____ () C:\ProgramData\SPL6712.tmp
2014-03-30 22:18 - 2014-03-30 22:18 - 0377537 _____ () C:\ProgramData\SPL76ED.tmp
2012-10-30 21:57 - 2012-10-30 21:57 - 0377537 _____ () C:\ProgramData\SPLACF7.tmp
2012-10-30 21:36 - 2012-10-30 21:36 - 0841298 _____ () C:\ProgramData\SPLB051.tmp
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 10:52] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-11 10:52] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2016-09-13 20:18] - [2016-08-16 09:36] - 1009152 ____A (Microsoft Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-13 20:18] - [2016-08-15 18:48] - 0833024 ____A (Microsoft Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-04 12:56

==================== End of FRST.txt ============================

Re: [INACTIVE] EXTREMELY slow computer with terrible startup2nd December 2016, 12:55 am

ComboFix scan

Please download ComboFix [INACTIVE] EXTREMELY slow computer with terrible startup Combofix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix

After the download:

Close any open browsers.
Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

Double click on ComboFix.exe & follow the prompts.
When ComboFix finishes, it will produce a report for you.
Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup5th December 2016, 6:02 pm

ComboFix 16-12-02.01 - user 12/03/2016 16:56:42.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5617.4879
[GMT -8:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Disabled/Outdated*
{9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL1C58.tmp
c:\programdata\SPL2888.tmp
c:\programdata\SPL6712.tmp
c:\programdata\SPL76ED.tmp
c:\programdata\SPLACF7.tmp
c:\programdata\SPLB051.tmp
c:\users\Public\sdelevURL.tmp
c:\windows\msdownld.tmp
c:\windows\msdownld.tmp\AS616E7C.tmp\Apr2006_d3dx9_30_x64.cab
.
.
((((((((((((((((((((((((( Files Created from 2016-11-04 to
2016-12-04 )))))))))))))))))))))))))))))))
.
.
2016-12-04 07:18 . 2016-12-04
07:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2016-12-04 07:18 . 2016-12-04
07:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-26 06:07 . 2016-11-29 18:50 -------- d-----w- C:\FRST
2016-11-08 21:19 . 2016-08-22
16:19 1386496 ----a-w- c:\windows\system32\diagtrack.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-17 23:25 . 2015-01-08
21:32 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-11-17 23:25 . 2015-01-08
21:30 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-11-09 09:06 . 2014-07-09
01:26 141011376 -c--a-w- c:\windows\system32\MRT.exe
2016-11-09 01:13 . 2012-04-26
20:44 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-09 01:13 . 2011-08-16
08:16 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-27 00:29 . 2010-11-21
03:27 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-10-07 15:12 . 2016-11-08
21:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-09-12 21:17 . 2016-10-11
18:52 77032 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-09-12 21:08 . 2016-10-11
18:53 107520 ----a-w- c:\windows\system32\adsmsext.dll
2016-09-12 21:08 . 2016-10-11
18:52 1226752 ----a-w- c:\windows\system32\aeinv.dll
2016-09-12 20:49 . 2016-10-11
18:53 76800 ----a-w- c:\windows\SysWow64\adsmsext.dll
2016-09-12 19:08 . 2016-10-11
18:53 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
2016-09-12 18:43 . 2016-10-11
18:53 1180160 ----a-w- c:\windows\system32\FntCache.dll
2016-09-12 18:43 . 2016-10-11
18:53 1648128 ----a-w- c:\windows\system32\DWrite.dll
2016-09-09 15:54 . 2016-10-11
18:52 586752 ----a-w- c:\windows\system32\generaltel.dll
2016-09-09 15:54 . 2016-10-11
18:52 314368 ----a-w- c:\windows\system32\invagent.dll
2016-09-09 15:54 . 2016-10-11
18:52 575488 ----a-w- c:\windows\system32\devinv.dll
2016-09-09 15:54 . 2016-10-11
18:52 273408 ----a-w- c:\windows\system32\centel.dll
2016-09-09 15:54 . 2016-10-11
18:52 224256 ----a-w- c:\windows\system32\aepic.dll
2016-09-09 15:54 . 2016-10-11
18:52 1629184 ----a-w- c:\windows\system32\appraiser.dll
2016-09-09 15:54 . 2016-10-11
18:52 129024 ----a-w- c:\windows\system32\acmigration.dll
2016-09-08 20:34 . 2016-10-11
18:53 263680 ----a-w- c:\windows\system32\WebClnt.dll
2016-09-08 20:34 . 2016-10-11
18:53 108544 ----a-w- c:\windows\system32\davclnt.dll
2016-09-08 20:34 . 2016-10-11
18:53 208896 ----a-w- c:\windows\SysWow64\WebClnt.dll
2016-09-08 20:34 . 2016-10-11
18:53 87040 ----a-w- c:\windows\SysWow64\davclnt.dll
2016-09-08 14:55 . 2016-10-11
18:53 142336 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2016-09-08 14:55 . 2016-10-11
18:53 106496 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
[2016-10-28 1431664]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet
Services\iCloudServices.exe" [2014-08-08 43816]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE"
[2012-02-28 283232]
"EPLTarget\P0000000000000002"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE"
[2012-02-28 283232]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE"
[2012-02-28 283232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-04 336384]
"HP Software Update"="c:\program files (x86)\HP\HP Software
Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe"
[2011-05-05 658424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple
Application Support\APSDaemon.exe" [2016-09-02 67384]
"Camera Assistant Software"="c:\program files (x86)\Camera Assistant
Software for ViewSonic\traybar.exe" [2007-08-20 774144]
"EEventManager"="c:\program files (x86)\Epson Software\Event
Manager\EEventManager.exe" [2012-01-27 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX
Utility\FUFAXRCV.exe" [2012-03-01 502912]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX
Utility\FUFAXSTM.exe" [2012-03-01 863360]
"LTCM Client"="c:\program files (x86)\LTCM Client\ltcmClient.exe"
[2009-08-05 1596096]
"SwitchBoard"="c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common
Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09
1073312]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy
2\SDTray.exe" [2014-06-24 4101576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java
Update\jusched.exe" [2016-04-01 596504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint
Licensing Service;c:\program files (x86)\Common
Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program
files (x86)\Common
Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
[x]
R2 AESTFilters;Andrea ST Filters Service;c:\program
files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events
Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe
[x]
R2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program
files\Common Files\Apple\Mobile Device
Support\AppleMobileDeviceService.exe;c:\program files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN
v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
[x]
R2 DiagTrack;Diagnostics Tracking
Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe
[x]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common
Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE;c:\program files\Common
Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [x]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program
files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program
files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R2 EpsonScanSvc;Epson Scanner
Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe
[x]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP
Client Services\HPClientServices.exe;c:\program
files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework
Service;c:\program files (x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files
(x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe [x]
R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe;c:\windows\SYSNATIVE\lxblcoms.exe
[x]
R2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe;c:\windows\SYSNATIVE\lxeecoms.exe
[x]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF
Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R2 RoxioNow Service;RoxioNow Service;c:\program files
(x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files
(x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files
(x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files
(x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files
(x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files
(x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files
(x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files
(x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files
(x86)\Skype\Updater\Updater.exe;c:\program files
(x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent
Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent
Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector
Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
[x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys
[x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys
[x]
R3 Netaapl;Apple Mobile Device Ethernet
Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys
[x]
R3 ose64;Office 64 Source Engine;c:\program files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common
Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport
Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys
[x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
[x]
R3 TsUsbGD;Remote Desktop Generic USB
Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys
[x]
R3 USBAAPL64;Apple Mobile USB
Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys
[x]
R3 WatAdminSvc;Windows Activation Technologies
Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
[x]
R3 WSDScan;WSD Scan Support via
UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys
[x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program
files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows
Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys
[x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys
[x]
S3 amdhub30;AMD USB 3.0 Hub
Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys
[x]
S3 amdxhc;AMD USB 3.0 Host Controller
Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys
[x]
S3 netr28x;Ralink 802.11n Extensible Wireless
Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys
[x]
S3 RTL8167;Realtek 8167 NT
Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
[x]
S3 usbfilter;AMD USB Filter
Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys
[x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows
nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost
SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active
setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-22 04:22 1364072 ----a-w- c:\program files
(x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[2012-04-26 01:13]
.
2016-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01 22:31]
.
2016-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-10-01 22:31]
.
2016-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-08 03:27]
.
2016-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-08 03:27]
.
2016-11-22 c:\windows\Tasks\HPCeeScheduleForUSER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 17:51]
.
2016-11-29 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 17:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2010-10-21 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-06-24 1128448]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP
odometer\hpsysdrv.exe" [2008-11-20 62768]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe"
[2012-11-05 108144]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04
446392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2016-09-09 176440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{06C7AD57-B655-418D-9AB8-9526A6D2E052} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-AceStream -
c:\users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
Wow6432Node-HKLM-Run- - (no file)
Wow6432Node-HKLM-RunOnce-20161125 - c:\program files\AVAST
Software\Avast\aswRunDll.exe
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mbamchameleon
SafeBoot-MBAMSwissArmy
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App
- c:\program files (x86)\WildTangent Games\App\Uninstall.exe
AddRemove-{79C54A05-F146-4EA0-8A70-D4EFE6181E52} - c:\program files
(x86)\InstallShield Installation
Information\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe
/startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart
Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema
Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft
Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-12-04 10:19:14
ComboFix-quarantined-files.txt 2016-12-04 18:19
.
Pre-Run: 221,569,716,224 bytes free
Post-Run: 222,767,091,712 bytes free
.
- - End Of File - - 65BB05A8C1F666D5C65478EFBF3C408B
A36C5E4F47E84449FF07ED3517B43A31

Re: [INACTIVE] EXTREMELY slow computer with terrible startup5th December 2016, 9:05 pm

Okay, now please try to run FRST as we were going to do originally, please.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:39 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by user (administrator) on USER-HP (05-12-2016 13:31:07)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user & Danilo & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language:
English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed.
The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be
restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe
[37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe
[1128448 2011-06-24] (IDT, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP
odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft
Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft
Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392
2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program
Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-04]
(Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP
Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF
Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common
Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-09-01]
(Apple Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files
(x86)\Camera Assistant Software for ViewSonic\traybar.exe [774144
2007-08-20] (Chicony)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson
Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO
EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson
Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON
CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson
Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON
CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM
Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe
Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files
(x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
[1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search &
Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files
(x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01]
(Oracle Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run: [Spotify
Web Helper] => C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
[1431664 2016-10-28] (Spotify Ltd)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet
Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[EPLTarget\P0000000000000001] =>
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232
2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[EPLTarget\P0000000000000002] =>
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232
2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Run:
[EPLTarget\P0000000000000000] =>
C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232
2012-02-28] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [00avast] ->
{472083B0-C522-11CF-8763-00608CC02F24} => No File
Startup: C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2012-07-12]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files
(x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2013-07-03]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files
(x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it
will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8D5C3D27-403F-45C6-A3FF-D29F3ACBE4C2}:
[DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8D08E84-D6B4-4B9B-8D1E-C8A47B5D033C}:
[DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
<======= ATTENTION
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Policies\Microsoft\Internet
Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
= www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet
Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Software\Microsoft\Internet
Explorer\Main,Search Page =
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {866B19C7-65C3-4340-A244-92A88B9FBFC3} URL =
hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{85A60A59-D3D8-468F-B598-FB4393789EF4} URL =
hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 ->
{D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
-> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll => No File
BHO: Windows Live ID Sign-in Helper ->
{9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21]
(Microsoft Corp.)
BHO: Office Document Cache Handler ->
{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft
Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
-> C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
[2016-07-21] (HP Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} ->
C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
[2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Java(tm) Plug-In SSV Helper ->
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files
(x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04] (Oracle Corporation)
BHO-x32: avast! Online Security ->
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST
Software\Avast\aswWebRepIE.dll => No File
BHO-x32: Windows Live ID Sign-in Helper ->
{9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files
(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
[2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler ->
{B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files
(x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft
Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper ->
{DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files
(x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04] (Oracle
Corporation)
BHO-x32: HP Network Check Helper ->
{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files
(x86)\Hewlett-Packard\HP Support
Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
[2016-07-21] (HP Inc.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
Toolbar: HKLM-x32 - E-Web Print -
{201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson
Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON
CORPORATION)
Toolbar: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000 -> No Name
- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

FireFox:
========
FF DefaultProfile: fcpzgi7g.default-1395282151623
FF ProfilePath:
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623
[2016-12-05]
FF NewTab: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> about:home
FF DefaultSearchEngine:
Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF DefaultSearchEngine.US:
Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF SelectedSearchEngine:
Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623 -> Google
FF Homepage: Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623
-> about:home
FF Extension: (Quick Translator) -
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2015-05-31]
FF Extension: (Adblock Plus) -
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016-11-23]
FF Extension: (Greasemonkey) -
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016-08-20]
FF SearchPlugin:
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\searchplugins\google-lavasoft.xml
[2016-03-12]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-11-17]
[not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-11-17]
[not signed]
FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2016-11-17]
[not signed]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] -
C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson
Software\E-Web Print\Firefox Add-on [2016-01-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer ->
C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08]
()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program
Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (
Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 ->
C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft
Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer ->
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08]
()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files
(x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-04]
(Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program
Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-04]
(Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files
(x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] (
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 ->
C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 ->
C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft
Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 ->
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 ->
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program
Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28]
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program
Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28]
(Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files
(x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files
(x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0
-> C:\Program Files (x86)\WildTangent
Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-04-29] ()
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@acestream.net/acestreamplugin,version=3.1.9 ->
C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll [No
File]
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@talk.google.com/GoogleTalkPlugin ->
C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
[2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@talk.google.com/O1DPlugin ->
C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08]
(Google)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@tools.google.com/Google Update;version=3 ->
C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-2324025828-1623389042-2555509162-1000:
@tools.google.com/Google Update;version=9 ->
C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll
[2016-07-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata:
C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll
[2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata:
C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08]
(Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default [2016-11-16]
CHR Extension: (Google Docs) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-29]
CHR Extension: (Google Search) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-11]
CHR Extension: (Google Docs Offline) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-13]
CHR Extension: (AdBlock) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-05]
CHR Extension: (Avast Online Security) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-05]
CHR Extension: (Ace Stream Web Extension) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-10-10]
CHR Extension: (Chrome Web Store Payments) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-26]
CHR Extension: (Gmail) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-26]
CHR Extension: (Chrome Media Router) -
C:\Users\user\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension:
[mjbepbhonbojpoaenhckjocchgfiaofo] -
hxxps://clients2.google.com/service/update2/crx

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:40 am

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files
(x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
[759048 2009-05-14] (ABBYY)
S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2015-10-29]
(Microsoft Corporation) [File not signed]
S2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600
2009-03-03] (Andrea Electronics Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft
Corporation) [File not signed]
S2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe
[204288 2011-07-04] (AMD) [File not signed]
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [34816 2016-10-07]
(Microsoft Corporation) [File not signed]
S3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2016-05-04]
(Microsoft Corporation) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common
Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768
2016-08-05] (Apple Inc.)
S2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [680448
2016-06-14] (Microsoft Corporation) [File not signed]
S2 AudioSrv; C:\Windows\System32\Audiosrv.dll [680448 2016-06-14]
(Microsoft Corporation) [File not signed]
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 BITS; C:\Windows\system32\qmgr.dll [849920 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04]
(Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20]
(Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [190976 2016-06-14]
(Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [145920 2016-06-14]
(Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [511488 2016-02-02]
(Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20]
(Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 DiagTrack; C:\Windows\system32\diagtrack.dll [1386496 2016-08-22]
(Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-08-15]
(Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft
Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 EFS; C:\Windows\System32\lsass.exe [30720 2016-10-10] (Microsoft
Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12]
(Seiko Epson Corporation)
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 FontCache; C:\Windows\system32\FntCache.dll [1180160 2016-09-12]
(Microsoft Corporation) [File not signed]
S2 gpsvc; C:\Windows\System32\gpsvc.dll [794624 2016-05-12] (Microsoft
Corporation) [File not signed]
S3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448
2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904
2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376
2010-11-20] (Microsoft Corporation) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files
(x86)\Hewlett-Packard\HP Support
Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15]
(HP Inc.)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe
[114688 2016-10-27] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11]
(Microsoft Corporation) [File not signed]
S2 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03]
(Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft
Corporation) [File not signed]
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-11-20]
(Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784
2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 lxbl_device; C:\Windows\system32\lxblcoms.exe [566704 2007-04-20] ( )
S2 lxbl_device; C:\Windows\SysWOW64\lxblcoms.exe [537520 2007-04-20] ( )
S2 lxee_device; C:\Windows\system32\lxeecoms.exe [1052328 2010-04-14] ( )
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft
Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128512 2016-05-04]
(Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2016-05-04]
(Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2016-10-10]
(Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303616 2014-12-05]
(Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 PcaSvc; C:\Windows\System32\pcasvc.dll [187904 2016-06-14]
(Microsoft Corporation) [File not signed]
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe
[1128952 2011-05-05] (PDF Complete Inc)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft
Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24]
(Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [502272 2016-05-12]
(Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft
Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [210432 2014-12-18]
(Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2016-10-10]
(Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 QWAVE; C:\Windows\SysWOW64\qwave.dll [210944 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20]
(Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13]
(Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13]
(Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [511488 2016-02-02] (Microsoft
Corporation) [File not signed]
S2 SamSs; C:\Windows\system32\lsass.exe [30720 2016-10-10] (Microsoft
Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2015-08-05]
(Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy
2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy
2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy
2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 seclogon; C:\Windows\system32\seclogon.dll [30720 2016-02-09]
(Microsoft Corporation) [File not signed]
S2 SENS; C:\Windows\system32\sens.dll [64512 2009-07-13] (Microsoft
Corporation) [File not signed]
S2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688
2010-11-20] (Microsoft Corporation) [File not signed]
S2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192
2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-10]
(Microsoft Corporation) [File not signed]
S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [302592 2011-06-24]
(IDT, Inc.) [File not signed]
S2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common
Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe
Systems Incorporated) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft
Corporation) [File not signed]
S2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2015-07-15]
(Microsoft Corporation) [File not signed]
S3 TabletInputService; C:\Windows\System32\TabSvc.dll [92672
2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [683520 2014-10-13]
(Microsoft Corporation) [File not signed]
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048
2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft
Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2016-10-10]
(Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft
Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [91136 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [91136 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76800 2015-01-08]
(Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [263680 2016-09-08]
(Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [208896 2016-09-08]
(Microsoft Corporation) [File not signed]
S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712
2013-05-26] (Microsoft Corporation) [File not signed]
S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444928
2016-05-11] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2023424 2016-08-06]
(Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1178112 2016-08-06]
(Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe
[1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20]
(Microsoft Corporation) [File not signed]
S2 wscsvc; C:\Windows\system32\wscsvc.dll [97280 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-03]
(Microsoft Corporation) [File not signed]
S2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-03]
(Microsoft Corporation) [File not signed]
S2 wuauserv; C:\Windows\system32\wuaueng.dll [2607104 2016-05-13]
(Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25]
(Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27]
(Microsoft Corporation) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888
2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20]
(Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497664 2015-10-13]
(Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [9359872
2011-07-04] (ATI Technologies Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [309760
2011-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 AppID; C:\Windows\system32\drivers\appid.sys [62464 2016-10-07]
(Microsoft Corporation) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040
2009-07-13] (Microsoft Corporation) [File not signed]
S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10]
(Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848
2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [45056
2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90112 2016-10-05]
(Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432
2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704
2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720
2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104
2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976
2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720
2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\drivers\bthmodem.sys [72192
2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\system32\drivers\cdrom.sys [147456 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568
2009-07-13] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\system32\drivers\CmBatt.sys [17664 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912
2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [106496 2016-09-08]
(Microsoft Corporation) [File not signed]
S1 discache; C:\Windows\System32\drivers\discache.sys [40448
2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2015-12-08]
(Microsoft Corporation) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10]
(Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800
2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304
2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576
2009-07-13] (Microsoft Corporation) [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232
2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208
2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\system32\drivers\HDAudBus.sys [122368
2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 HTTP; C:\Windows\System32\drivers\HTTP.sys [754688 2015-02-24]
(Microsoft Corporation) [File not signed]
S3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472
2009-07-13] (Microsoft Corporation) [File not signed]
S3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [6108416 2009-06-10]
(Intel Corporation) [File not signed]
S3 intelppm; C:\Windows\system32\drivers\intelppm.sys [62464
2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944
2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys
[109272 2016-11-17] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys
[192216 2016-11-17] (Malwarebytes)
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [142336 2016-09-08]
(Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [159744 2016-10-10]
(Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [291328
2016-10-10] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [129536
2016-10-10] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192
2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168
2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360
2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976
2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064
2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20]
(Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352
2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040
2013-07-25] (Apple Inc.) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [262144 2016-05-11]
(Microsoft Corporation) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576
2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832
2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-13]
(Microsoft Corporation) [File not signed]
S2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [663552 2016-06-14]
(Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104
2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\drivers\processr.sys [60416
2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592
2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416
2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536
2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672
2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-13]
(Microsoft Corporation) [File not signed]
S1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680
2009-07-13] (Microsoft Corporation) [File not signed]
S1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192
2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys
[19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [212480 2014-07-16]
(Microsoft Corporation) [File not signed]
S2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696
2010-11-20] (Microsoft Corporation) [File not signed]
S3 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [109056 2010-11-20]
(Microsoft Corporation) [File not signed]
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10]
(Macrovision Corporation, Macrovision Europe Limited, and Macrovision
Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624
2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824
2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 srv; C:\Windows\System32\DRIVERS\srv.sys [464896 2016-08-12]
(Microsoft Corporation) [File not signed]
S3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [405504 2016-08-12]
(Microsoft Corporation) [File not signed]
S3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168960 2016-08-12]
(Microsoft Corporation) [File not signed]
S3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [528384 2011-06-10]
(IDT, Inc.) [File not signed]
S2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [46080
2016-07-07] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-16]
(Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [118272 2015-10-13]
(Microsoft Corporation) [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936
2014-07-16] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832
2013-10-01] (Microsoft Corporation) [File not signed]
S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [30208 2012-08-23]
(Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20]
(Microsoft Corporation) [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20]
(Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784
2015-06-10] (Apple, Inc.) [File not signed]
S3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109824
2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [99840 2016-08-16]
(Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12]
(Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [56320 2016-08-16]
(Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\system32\drivers\usbhub.sys [343552 2016-08-16]
(Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2016-08-16]
(Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088
2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [42496 2013-07-02]
(Microsoft Corporation) [File not signed]
R3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2016-02-03]
(Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2016-08-16]
(Microsoft Corporation) [File not signed]
S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344
2013-07-12] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13]
(Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576
2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904
2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20]
(Microsoft Corporation) [File not signed]
S1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20]
(Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20]
(Microsoft Corporation) [File not signed]
S3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13]
(Microsoft Corporation) [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WSDPrintDevice; C:\Windows\System32\DRIVERS\WSDPrint.sys [23040
2009-07-13] (Microsoft Corporation) [File not signed]
S3 WSDScan; C:\Windows\System32\DRIVERS\WSDScan.sys [25088 2009-07-13]
(Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25]
(Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25]
(Microsoft Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:41 am

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-04 10:19 - 2016-12-04 10:19 - 00022155 _____ C:\ComboFix.txt
2016-12-03 16:06 - 2016-12-01 19:36 - 05659954 ____R (Swearware)
C:\Users\user\Desktop\ComboFix.exe
2016-12-01 20:40 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-01 20:40 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-01 20:40 - 2009-04-19 20:56 - 00060416 _____ (NirSoft)
C:\Windows\NIRCMD.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX)
C:\Windows\SWREG.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX)
C:\Windows\SWSC.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-01 20:40 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-01 20:25 - 2016-12-04 10:19 - 00000000 ____D C:\Qoobox
2016-12-01 19:51 - 2016-12-04 00:58 - 00000000 ____D C:\Windows\erdnt
2016-12-01 19:36 - 2016-12-01 19:36 - 05659954 ____R (Swearware)
C:\Users\user\Downloads\ComboFix.exe
2016-11-29 00:06 - 2016-11-29 11:31 - 00056382 _____
C:\Users\user\Downloads\Addition.txt
2016-11-25 22:19 - 2016-12-05 21:23 - 00056563 _____
C:\Users\user\Downloads\FRST.txt
2016-11-25 22:07 - 2016-12-05 13:31 - 00000000 ____D C:\FRST
2016-11-25 21:48 - 2016-11-25 21:53 - 02412032 _____ (Farbar)
C:\Users\user\Downloads\FRST64.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software)
C:\Users\user\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-25 21:11 - 2016-11-25 21:17 - 06253640 _____ (AVAST Software)
C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-23 13:32 - 2016-12-05 08:56 - 00000000 ____D
C:\Users\user\AppData\LocalLow\Mozilla
2016-11-17 16:36 - 2016-12-02 00:00 - 00000000 ____D C:\Program Files
(x86)\Mozilla Firefox
2016-11-17 15:13 - 2016-11-17 15:18 - 16563352 _____ (Malwarebytes
Corp.) C:\Users\user\Downloads\mbar-1.09.3.1001.exe
2016-11-17 14:46 - 2016-11-17 15:25 - 00000000 ____D C:\Users\user\Desktop\mbar
2016-11-16 14:31 - 2016-11-16 14:31 - 03910208 _____
C:\Users\user\Downloads\adwcleaner_6.030.exe
2016-11-15 14:57 - 2016-12-05 13:12 - 00833352 _____ C:\Windows\ntbtlog.txt
2016-11-08 13:20 - 2016-11-02 07:36 - 00382696 _____ (Adobe Systems
Incorporated) C:\Windows\system32\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00100864 _____ (Microsoft
Corporation) C:\Windows\system32\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00046080 _____ (Adobe Systems)
C:\Windows\system32\atmlib.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00041472 _____ (Microsoft
Corporation) C:\Windows\system32\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:32 - 00014336 _____ (Microsoft
Corporation) C:\Windows\system32\dciman32.dll
2016-11-08 13:20 - 2016-11-02 07:22 - 00308456 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00070656 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00025600 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\lpk.dll
2016-11-08 13:20 - 2016-11-02 07:16 - 00010240 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-11-08 13:20 - 2016-11-02 06:53 - 00034304 _____ (Adobe Systems)
C:\Windows\SysWOW64\atmlib.dll
2016-11-08 13:20 - 2016-10-27 19:59 - 00394440 _____ (Microsoft
Corporation) C:\Windows\system32\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 19:14 - 00346320 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-11-08 13:20 - 2016-10-27 11:13 - 02724864 _____ (Microsoft
Corporation) C:\Windows\system32\mshtml.tlb
2016-11-08 13:20 - 2016-10-27 11:13 - 00004096 _____ (Microsoft
Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-11-08 13:20 - 2016-10-27 10:55 - 00066560 _____ (Microsoft
Corporation) C:\Windows\system32\iesetup.dll
2016-11-08 13:20 - 2016-10-27 10:54 - 00417792 _____ (Microsoft
Corporation) C:\Windows\system32\html.iec
2016-11-08 13:20 - 2016-10-27 10:54 - 00048640 _____ (Microsoft
Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00576000 _____ (Microsoft
Corporation) C:\Windows\system32\vbscript.dll
2016-11-08 13:20 - 2016-10-27 10:53 - 00088064 _____ (Microsoft
Corporation) C:\Windows\system32\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-27 10:51 - 02896384 _____ (Microsoft
Corporation) C:\Windows\system32\iertutil.dll
2016-11-08 13:20 - 2016-10-27 10:44 - 00054784 _____ (Microsoft
Corporation) C:\Windows\system32\jsproxy.dll
2016-11-08 13:20 - 2016-10-27 10:43 - 00034304 _____ (Microsoft
Corporation) C:\Windows\system32\iernonce.dll
2016-11-08 13:20 - 2016-10-27 10:38 - 00615936 _____ (Microsoft
Corporation) C:\Windows\system32\ieui.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00817664 _____ (Microsoft
Corporation) C:\Windows\system32\jscript.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00814080 _____ (Microsoft
Corporation) C:\Windows\system32\jscript9diag.dll
2016-11-08 13:20 - 2016-10-27 10:37 - 00144384 _____ (Microsoft
Corporation) C:\Windows\system32\ieUnatt.exe
2016-11-08 13:20 - 2016-10-27 10:37 - 00114688 _____ (Microsoft
Corporation) C:\Windows\system32\ieetwcollector.exe
2016-11-08 13:20 - 2016-10-27 10:28 - 25763328 _____ (Microsoft
Corporation) C:\Windows\system32\mshtml.dll
2016-11-08 13:20 - 2016-10-27 10:28 - 00968704 _____ (Microsoft
Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-11-08 13:20 - 2016-10-27 10:24 - 00489984 _____ (Microsoft
Corporation) C:\Windows\system32\dxtmsft.dll
2016-11-08 13:20 - 2016-10-27 10:19 - 06047744 _____ (Microsoft
Corporation) C:\Windows\system32\jscript9.dll
2016-11-08 13:20 - 2016-10-27 10:15 - 00077824 _____ (Microsoft
Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-27 10:13 - 00107520 _____ (Microsoft
Corporation) C:\Windows\system32\inseng.dll
2016-11-08 13:20 - 2016-10-27 10:09 - 00199680 _____ (Microsoft
Corporation) C:\Windows\system32\msrating.dll
2016-11-08 13:20 - 2016-10-27 10:08 - 00092160 _____ (Microsoft
Corporation) C:\Windows\system32\mshtmled.dll
2016-11-08 13:20 - 2016-10-27 10:05 - 00315392 _____ (Microsoft
Corporation) C:\Windows\system32\dxtrans.dll
2016-11-08 13:20 - 2016-10-27 10:02 - 00152064 _____ (Microsoft
Corporation) C:\Windows\system32\occache.dll
2016-11-08 13:20 - 2016-10-27 09:49 - 00262144 _____ (Microsoft
Corporation) C:\Windows\system32\webcheck.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00806912 _____ (Microsoft
Corporation) C:\Windows\system32\msfeeds.dll
2016-11-08 13:20 - 2016-10-27 09:46 - 00725504 _____ (Microsoft
Corporation) C:\Windows\system32\ie4uinit.exe
2016-11-08 13:20 - 2016-10-27 09:44 - 02131456 _____ (Microsoft
Corporation) C:\Windows\system32\inetcpl.cpl
2016-11-08 13:20 - 2016-10-27 09:44 - 01359360 _____ (Microsoft
Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-27 09:17 - 15257088 _____ (Microsoft
Corporation) C:\Windows\system32\ieframe.dll
2016-11-08 13:20 - 2016-10-27 09:16 - 02920448 _____ (Microsoft
Corporation) C:\Windows\system32\wininet.dll
2016-11-08 13:20 - 2016-10-27 09:03 - 01543680 _____ (Microsoft
Corporation) C:\Windows\system32\urlmon.dll
2016-11-08 13:20 - 2016-10-27 08:54 - 00800768 _____ (Microsoft
Corporation) C:\Windows\system32\ieapfltr.dll
2016-11-08 13:20 - 2016-10-27 07:05 - 20304896 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-11-08 13:20 - 2016-10-25 07:02 - 03219456 _____ (Microsoft
Corporation) C:\Windows\system32\win32k.sys
2016-11-08 13:20 - 2016-10-22 09:54 - 02724864 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-11-08 13:20 - 2016-10-22 09:36 - 00062464 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-11-08 13:20 - 2016-10-22 09:36 - 00047616 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00498688 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-11-08 13:20 - 2016-10-22 09:35 - 00341504 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\html.iec
2016-11-08 13:20 - 2016-10-22 09:34 - 00064000 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 02287616 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-11-08 13:20 - 2016-10-22 09:27 - 00047104 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-11-08 13:20 - 2016-10-22 09:26 - 00030720 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-11-08 13:20 - 2016-10-22 09:22 - 00476160 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieui.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00663552 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jscript.dll
2016-11-08 13:20 - 2016-10-22 09:21 - 00115712 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-11-08 13:20 - 2016-10-22 09:20 - 00620032 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-11-08 13:20 - 2016-10-22 09:09 - 00416256 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-11-08 13:20 - 2016-10-22 09:04 - 00060416 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-11-08 13:20 - 2016-10-22 09:03 - 00091136 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\inseng.dll
2016-11-08 13:20 - 2016-10-22 08:59 - 00168960 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msrating.dll
2016-11-08 13:20 - 2016-10-22 08:58 - 00076288 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-11-08 13:20 - 2016-10-22 08:56 - 00279040 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-11-08 13:20 - 2016-10-22 08:54 - 00130048 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\occache.dll
2016-11-08 13:20 - 2016-10-22 08:46 - 00230400 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-11-08 13:20 - 2016-10-22 08:45 - 00693248 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-11-08 13:20 - 2016-10-22 08:44 - 04608000 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-11-08 13:20 - 2016-10-22 08:43 - 02055680 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-11-08 13:20 - 2016-10-22 08:43 - 01155072 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-11-08 13:20 - 2016-10-22 08:30 - 13654016 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-11-08 13:20 - 2016-10-22 08:12 - 02444800 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\wininet.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 01312256 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-11-08 13:20 - 2016-10-22 08:09 - 00710144 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00976896 _____ (Microsoft
Corporation) C:\Windows\system32\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:31 - 00084480 _____ (Microsoft
Corporation) C:\Windows\system32\INETRES.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00741888 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-11-08 13:20 - 2016-10-15 07:13 - 00084480 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-11-08 13:20 - 2016-10-11 07:37 - 00370920 _____ (Microsoft
Corporation) C:\Windows\system32\clfs.sys
2016-11-08 13:20 - 2016-10-11 07:31 - 01148416 _____ (Microsoft
Corporation) C:\Windows\system32\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:31 - 01068544 _____ (Microsoft
Corporation) C:\Windows\system32\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00878080 _____ (Microsoft
Corporation) C:\Windows\system32\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:31 - 00457216 _____ (Microsoft
Corporation) C:\Windows\system32\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00246784 _____ (Microsoft
Corporation) C:\Windows\system32\input.dll
2016-11-08 13:20 - 2016-10-11 07:31 - 00176128 _____ (Microsoft
Corporation) C:\Windows\system32\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\quick.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\phon.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00175104 _____ (Microsoft
Corporation) C:\Windows\system32\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:31 - 00132608 _____ (Microsoft
Corporation) C:\Windows\system32\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 01027584 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\IMJP10.IME
2016-11-08 13:20 - 2016-10-11 07:18 - 00829952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msctf.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00701440 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2016-11-08 13:20 - 2016-10-11 07:18 - 00430080 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\imkr80.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00202240 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\input.dll
2016-11-08 13:20 - 2016-10-11 07:18 - 00126976 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\tintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\quick.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\qintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\phon.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\cintlgnt.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00125952 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\chajei.ime
2016-11-08 13:20 - 2016-10-11 07:18 - 00090112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\pintlgnt.ime
2016-11-08 13:20 - 2016-10-11 05:33 - 00187392 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2016-11-08 13:20 - 2016-10-11 05:06 - 00221184 _____ (Microsoft
Corporation) C:\Windows\system32\UIAnimation.dll
2016-11-08 13:20 - 2016-10-10 07:38 - 00154856 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-08 13:20 - 2016-10-10 07:38 - 00095464 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-08 13:20 - 2016-10-10 07:34 - 00210432 _____ (Microsoft
Corporation) C:\Windows\system32\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00135680 _____ (Microsoft
Corporation) C:\Windows\system32\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00086528 _____ (Microsoft
Corporation) C:\Windows\system32\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:34 - 00028672 _____ (Microsoft
Corporation) C:\Windows\system32\sspisrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01462272 _____ (Microsoft
Corporation) C:\Windows\system32\lsasrv.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 01212928 _____ (Microsoft
Corporation) C:\Windows\system32\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00730624 _____ (Microsoft
Corporation) C:\Windows\system32\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00690688 _____ (Microsoft
Corporation) C:\Windows\system32\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00463872 _____ (Microsoft
Corporation) C:\Windows\system32\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00345600 _____ (Microsoft
Corporation) C:\Windows\system32\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00316928 _____ (Microsoft
Corporation) C:\Windows\system32\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00312320 _____ (Microsoft
Corporation) C:\Windows\system32\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00190464 _____ (Microsoft
Corporation) C:\Windows\system32\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00146432 _____ (Microsoft
Corporation) C:\Windows\system32\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00060416 _____ (Microsoft
Corporation) C:\Windows\system32\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00043520 _____ (Microsoft
Corporation) C:\Windows\system32\cryptbase.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00028160 _____ (Microsoft
Corporation) C:\Windows\system32\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:33 - 00022016 _____ (Microsoft
Corporation) C:\Windows\system32\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00690688 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00666112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00553472 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00342528 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\certcli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00261120 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00254464 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00223232 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00172032 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00146432 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00141312 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00096768 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00065536 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00060416 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00022016 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-08 13:20 - 2016-10-10 07:16 - 00017408 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-08 13:20 - 2016-10-10 07:02 - 00064000 _____ (Microsoft
Corporation) C:\Windows\system32\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:56 - 00159744 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00291328 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00129536 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-11-08 13:20 - 2016-10-10 06:55 - 00030720 _____ (Microsoft
Corporation) C:\Windows\system32\lsass.exe
2016-11-08 13:20 - 2016-10-10 06:54 - 00050176 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-08 13:20 - 2016-10-10 06:50 - 00036352 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-11-08 13:20 - 2016-10-07 07:40 - 00631176 _____ (Microsoft
Corporation) C:\Windows\system32\winresume.efi
2016-11-08 13:20 - 2016-10-07 07:37 - 05547752 _____ (Microsoft
Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:37 - 00706792 _____ (Microsoft
Corporation) C:\Windows\system32\winload.efi
2016-11-08 13:20 - 2016-10-07 07:35 - 01732864 _____ (Microsoft
Corporation) C:\Windows\system32\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 03649536 _____ (Microsoft
Corporation) C:\Windows\system32\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 01163264 _____ (Microsoft
Corporation) C:\Windows\system32\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00880640 _____ (Microsoft
Corporation) C:\Windows\system32\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00877056 _____ (Microsoft
Corporation) C:\Windows\system32\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00503808 _____ (Microsoft
Corporation) C:\Windows\system32\srcore.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00419840 _____ (Microsoft
Corporation) C:\Windows\system32\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00362496 _____ (Microsoft
Corporation) C:\Windows\system32\wow64win.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00243712 _____ (Microsoft
Corporation) C:\Windows\system32\wow64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00215552 _____ (Microsoft
Corporation) C:\Windows\system32\winsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00084992 _____ (Microsoft
Corporation) C:\Windows\system32\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00063488 _____ (Microsoft
Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00059904 _____ (Microsoft
Corporation) C:\Windows\system32\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00050176 _____ (Microsoft
Corporation) C:\Windows\system32\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00044032 _____ (Microsoft
Corporation) C:\Windows\system32\csrsrv.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00034816 _____ (Microsoft
Corporation) C:\Windows\system32\appidsvc.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00016384 _____ (Microsoft
Corporation) C:\Windows\system32\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00013312 _____ (Microsoft
Corporation) C:\Windows\system32\wow64cpu.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006656 _____ (Microsoft
Corporation) C:\Windows\system32\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00006144 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00005120 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004608 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00004096 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003584 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:32 - 00003072 ____H (Microsoft
Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:18 - 04000488 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-08 13:20 - 2016-10-07 07:18 - 03944680 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-08 13:20 - 2016-10-07 07:15 - 01314112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 02291712 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 01114112 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00644096 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00581632 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00275456 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00067584 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00050688 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00043008 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00006656 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00005120 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\wow32.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004608 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00004096 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:12 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 07:04 - 00148480 _____ (Microsoft
Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-08 13:20 - 2016-10-07 07:04 - 00062464 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-08 13:20 - 2016-10-07 07:04 - 00017920 _____ (Microsoft
Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-08 13:20 - 2016-10-07 07:01 - 00338432 _____ (Microsoft
Corporation) C:\Windows\system32\conhost.exe
2016-11-08 13:20 - 2016-10-07 07:00 - 00296960 _____ (Microsoft
Corporation) C:\Windows\system32\rstrui.exe
2016-11-08 13:20 - 2016-10-07 06:56 - 00112640 _____ (Microsoft
Corporation) C:\Windows\system32\smss.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00025600 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\setup16.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00014336 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-11-08 13:20 - 2016-10-07 06:50 - 00007680 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\instnm.exe
2016-11-08 13:20 - 2016-10-07 06:50 - 00002048 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\user.exe
2016-11-08 13:20 - 2016-10-07 06:49 - 00006144 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00004608 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003584 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-11-08 13:20 - 2016-10-07 06:49 - 00003072 ____H (Microsoft
Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-11-08 13:20 - 2016-10-05 06:54 - 00090112 _____ (Microsoft
Corporation) C:\Windows\system32\Drivers\bowser.sys
2016-11-08 13:20 - 2016-09-15 06:56 - 00041984 _____ (Microsoft
Corporation) C:\Windows\system32\UtcResources.dll
2016-11-08 13:20 - 2016-09-13 07:37 - 00002048 _____ (Microsoft
Corporation) C:\Windows\system32\tzres.dll
2016-11-08 13:20 - 2016-09-13 07:11 - 00002048 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\tzres.dll
2016-11-08 13:20 - 2016-09-09 10:20 - 00756736 _____ (Microsoft
Corporation) C:\Windows\system32\win32spl.dll
2016-11-08 13:20 - 2016-09-09 10:00 - 00497152 _____ (Microsoft
Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-11-08 13:19 - 2016-08-22 08:19 - 01386496 _____ (Microsoft
Corporation) C:\Windows\system32\diagtrack.dll
2016-11-06 10:42 - 2016-11-06 10:45 - 574216234 _____
C:\Users\user\Downloads\[HorribleSubs] One Piece - 763 [1080p].mkv
2016-11-06 10:42 - 2016-11-06 10:45 - 559869070 _____
C:\Users\user\Downloads\[HorribleSubs] Dragon Ball Super - 65
[1080p].mkv
2016-11-06 08:29 - 2016-11-06 08:29 - 00000000 ___DL
C:\Users\Guest\AppData\LocalLow\PlayReady

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:42 am

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-05 13:20 - 2009-07-13 21:13 - 00782470 _____
C:\Windows\system32\PerfStringBackup.INI
2016-12-05 13:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2016-12-04 00:08 - 2009-07-13 18:34 - 00000215 _____ C:\Windows\system.ini
2016-12-03 16:07 - 2012-02-22 19:36 - 00000000 ____D
C:\ProgramData\AVAST Software
2016-12-03 15:37 - 2012-02-22 19:36 - 00000000 ____D C:\Program
Files\AVAST Software
2016-12-02 00:22 - 2013-08-05 10:25 - 00000000 ____D C:\Windows\Minidump
2016-12-02 00:22 - 2012-02-18 16:38 - 00270906 ____N
C:\Windows\Minidump\120216-18688-01.dmp
2016-12-01 19:05 - 2014-06-10 19:35 - 00000000 ____D C:\Program Files
(x86)\Mozilla Maintenance Service
2016-12-01 18:31 - 2011-08-16 00:18 - 00000000 ____D C:\ProgramData\PDFC
2016-12-01 18:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-29 22:14 - 2012-04-26 12:44 - 00000830 _____
C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-29 21:55 - 2014-09-30 20:54 - 00000898 _____
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-29 21:45 - 2012-11-08 00:38 - 00000904 _____
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
2016-11-29 21:14 - 2012-02-18 18:31 - 00003918 _____
C:\Windows\System32\Tasks\User_Feed_Synchronization-{37A87542-CBDE-4569-8B70-22735BB33C86}
2016-11-29 16:07 - 2012-11-08 00:38 - 00000852 _____
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
2016-11-29 14:55 - 2014-09-30 20:54 - 00000894 _____
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-29 02:05 - 2014-05-31 15:31 - 00000000 ____D
C:\Users\user\AppData\Local\Adobe
2016-11-29 02:04 - 2012-02-18 18:31 - 00000328 _____
C:\Windows\Tasks\HPCeeScheduleForuser.job
2016-11-29 02:00 - 2012-02-18 18:31 - 00003180 _____
C:\Windows\System32\Tasks\HPCeeScheduleForuser
2016-11-27 11:14 - 2015-01-08 18:07 - 00004182 _____
C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:59 - 2009-07-13 20:45 - 00024608 ____H
C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-21 23:07 - 2012-02-26 17:58 - 00003216 _____
C:\Windows\System32\Tasks\HPCeeScheduleForUSER-HP$
2016-11-21 23:07 - 2012-02-26 17:58 - 00000340 _____
C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job
2016-11-21 22:22 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-11-21 20:48 - 2014-09-30 20:57 - 00002197 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-17 15:33 - 2014-05-26 10:33 - 00000000 ____D
C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-17 15:25 - 2015-01-08 13:32 - 00192216 _____ (Malwarebytes)
C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-17 15:25 - 2015-01-08 13:30 - 00109272 _____ (Malwarebytes)
C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-16 15:02 - 2014-05-25 23:14 - 00000000 ____D C:\AdwCleaner
2016-11-16 14:19 - 2016-04-24 12:25 - 00000000 ____D C:\Users\user\Desktop\Virus
2016-11-09 16:59 - 2012-11-16 13:23 - 00000000 ____D
C:\Users\user\AppData\Local\Spotify
2016-11-09 16:59 - 2012-11-16 13:22 - 00000000 ____D
C:\Users\user\AppData\Roaming\Spotify
2016-11-09 16:21 - 2016-02-17 18:58 - 00000000 ____D
C:\Users\user\Downloads\Downloaded Music
2016-11-09 10:23 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-11-09 09:44 - 2009-07-13 20:45 - 04937152 _____
C:\Windows\system32\FNTCACHE.DAT
2016-11-09 01:14 - 2014-07-08 17:26 - 00000000 ____D C:\Windows\system32\MRT
2016-11-09 01:06 - 2014-07-08 17:26 - 141011376 ____C (Microsoft
Corporation) C:\Windows\system32\MRT.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00796352 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 17:13 - 2012-04-26 12:44 - 00003768 _____
C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 17:13 - 2012-02-21 01:09 - 00000000 ____D
C:\Windows\system32\Macromed
2016-11-08 17:13 - 2011-08-16 00:16 - 00142528 _____ (Adobe Systems
Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 17:13 - 2011-08-16 00:16 - 00000000 ____D
C:\Windows\SysWOW64\Macromed
2016-11-07 01:14 - 2016-09-12 23:15 - 00000000 ____D
C:\Users\user\AppData\Roaming\qBittorrent
2016-11-06 12:13 - 2013-10-05 15:08 - 00003416 _____
C:\Windows\System32\Tasks\Apple Diagnostics
2016-11-06 06:19 - 2015-12-19 12:21 - 00000000 ____D
C:\Users\Guest\AppData\Local\Spotify
2016-11-06 06:19 - 2015-12-19 12:20 - 00000000 ____D
C:\Users\Guest\AppData\Roaming\Spotify
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD
C:\Users\Guest\AppData\LocalLow\EmieUserList
2016-11-06 06:18 - 2014-06-04 19:20 - 00000000 __SHD
C:\Users\Guest\AppData\LocalLow\EmieSiteList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD
C:\Users\Guest\AppData\Local\EmieUserList
2016-11-06 06:18 - 2014-05-03 15:26 - 00000000 __SHD
C:\Users\Guest\AppData\Local\EmieSiteList

==================== Files in the root of some directories =======

2014-05-25 10:49 - 2014-05-25 10:49 - 0000045 _____ ()
C:\Users\user\AppData\Roaming\WB.CFG
2014-05-24 23:02 - 2014-05-24 23:02 - 0007608 _____ ()
C:\Users\user\AppData\Local\Resmon.ResmonCfg
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ ()
C:\ProgramData\cmn_upld.log
2012-03-05 20:40 - 2012-10-07 17:02 - 0036460 _____ ()
C:\ProgramData\lxeeJSW.log
2012-03-05 20:29 - 2012-10-30 21:36 - 0001516 _____ ()
C:\ProgramData\lxeescan.log
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ ()
C:\ProgramData\LxWbGwLog.log
2012-10-07 17:09 - 2012-10-07 17:09 - 0000000 _____ ()
C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2016-10-11 10:52] - [2016-08-29 07:04] - 3229696 ____A (Microsoft
Corporation) 38AE1B3C38FAEF56FE4907922F0385BA

C:\Windows\SysWOW64\explorer.exe
[2016-10-11 10:52] - [2016-08-29 06:55] - 2972672 ____A (Microsoft
Corporation) 6DDCA324434FFA506CF7DC4E51DB7935

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2016-09-13 20:18] - [2016-08-16 09:36] - 1009152 ____A (Microsoft
Corporation) 8F4B991E7837E8E0F90C856659456652

C:\Windows\SysWOW64\User32.dll
[2016-09-13 20:18] - [2016-08-15 18:48] - 0833024 ____A (Microsoft
Corporation) 0FBC0E335B65EE5A0175631237817510

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-04 12:56

==================== End of FRST.txt ============================

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:44 am

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by user (05-12-2016 22:08:40)
Running from C:\Users\user\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-19 02:23:59)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2324025828-1623389042-2555509162-500 -
Administrator - Disabled)
Danilo (S-1-5-21-2324025828-1623389042-2555509162-1001 - Limited -
Enabled) => C:\Users\Danilo
Guest (S-1-5-21-2324025828-1623389042-2555509162-501 - Limited -
Enabled) => C:\Users\Guest
user (S-1-5-21-2324025828-1623389042-2555509162-1000 - Administrator -
Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date)
{17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date)
{9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Disabled - Up to date)
{ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the
fixlist to unhide them. The adware programs should be uninstalled
manually.)

µTorrent (HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\uTorrent)
(Version: 3.4.6.42094 - BitTorrent Inc.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint)
(Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 -
Adobe Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe
Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player
ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI)
(Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Photoshop CS6
(HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 -
Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 -
WildTangent) Hidden
Apple Application Support (32-bit)
(HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1
- Apple Inc.)
Apple Application Support (64-bit)
(HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 -
Apple Inc.)
Apple Mobile Device Support
(HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18
- Apple Inc.)
Apple Software Update
(HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version:
2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager
(HKLM\...\{F580D12E-01E5-31A6-A321-7C8E6D5361A5}) (Version: 3.0.829.0
- ATI Technologies, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Blio (HKLM-x32\...\{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}) (Version:
2.2.6699 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version:
3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camera Assistant Software for ViewSonic
(HKLM-x32\...\{C33F3EF6-3625-4FE5-BCBA-41361C99AF1D}) (Version:
1.7.054.0820 - Chicony Electronics Co.,Ltd.)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy
Software S.A.R.L.)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Combined Community Codec Pack 2014-07-13 (HKLM-x32\...\Combined
Community Codec Pack_is1) (Version: 2014.07.13.0 - CCCP Project)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined
Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Epson Connect Printer Setup
(HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.4.0
- Seiko Epson Corporation)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version:
1.0 - Epson America Inc.) <==== ATTENTION
Epson Customer Participation
(HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 -
SEIKO EPSON CORPORATION)
Epson Event Manager
(HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version:
3.01.0003 - Seiko Epson Corporation)
Epson E-Web Print
(HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version:
1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility
(HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version:
1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Finder
(HKLM-x32\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0
- SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson Software Updater
(HKLM-x32\...\{C7AA3D65-1F84-4590-AFAA-0777A04B6687}) (Version: 4.4.1
- SEIKO EPSON CORPORATION)
EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series)
(Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799})
(Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521
(HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version:
3.1.521 - Skype Limited)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Free MKV Player version 1.0
(HKLM-x32\...\{138FE2EF-B1A5-40E1-A385-B771BF75E86D}_is1) (Version:
1.0 - mkvcodec.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk Plugin
(HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version:
5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 -
Hewlett-Packard Company) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version:
1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{DB3147AB-4024-4773-8EC0-A1FE5B44933D})
(Version: 2.01.028 - Hewlett-Packard)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA})
(Version: 2.0 - Hewlett-Packard Company)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562})
(Version: 2.10.0000 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{D35B72B6-F0E4-462B-BDEB-E08032B3B681})
(Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C})
(Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP Support Assistant
(HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version:
8.3.34.7 - Hewlett-Packard Company)
HP Support Information
(HKLM-x32\...\{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}) (Version:
10.1.1000 - Hewlett-Packard)
HP Support Solutions Framework
(HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version:
12.5.32.37 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40})
(Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics
(HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.9.0.0 -
Hewlett-Packard)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version:
4.0.3.56 - Apple Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001})
(Version: 1.0.6349.0 - IDT)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version:
12.5.1.21 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0})
(Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0})
(Version: 8.0.910.14 - Oracle Corporation)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version:
2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft
Corporation) Hidden
Kobo (HKLM-x32\...\Kobo) (Version: 1.6 - Kobo Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243})
(Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Lexmark Z700-P700 Series (HKLM\...\Lexmark Z700-P700 Series) (Version:
- Lexmark International, Inc.)
LTCM Client (HKLM-x32\...\LTCM Client) (Version: - Leader Technologies Inc.)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043
(HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 -
Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1
(HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version:
4.6.01055 - Microsoft Corporation)
Microsoft Mathematics
(HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 -
Microsoft Corporation)
Microsoft PowerPoint 2010 (HKLM\...\Office14.POWERPOINT) (Version:
14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight
(HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version:
5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU]
(HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version:
3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version:
8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336
- Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000
- Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729
- Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
(HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version:
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
(HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version:
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
(HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version:
9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
(HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version:
9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
(HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version:
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version:
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
(HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219
- Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version:
10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
(HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64))
(Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000
- Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872})
(Version: 1.0.3.0 - Mojang)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox
50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService)
(Version: 50.0.2.6177 - Mozilla)
MPC-HC 1.7.10 (64-bit)
(HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10
- MPC-HC Team)
MSXML 4.0 SP2 (KB954430)
(HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version:
4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688)
(HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version:
4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Office Suite X 3.3 (HKLM-x32\...\Office Suite X 3.3) (Version: - )
OpenOffice.org 3.3
(HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version:
3.3.9567 - OpenOffice.org)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5350) (Version: - )
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version:
4.0.54 - PDF Complete, Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 -
WildTangent) Hidden
PlayReady PC Runtime amd64
(HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 -
Microsoft Corporation)
PlayReady PC Runtime x86
(HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0
- Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658})
(Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765})
(Version: 5.10.1217.0 - NewspaperDirect Inc.)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727})
(Version: 1.6 - Project64)
qBittorrent 3.3.7 (HKLM-x32\...\qBittorrent) (Version: 3.3.7 - The
qBittorrent project)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C})
(Version: 7.79.80.95 - Apple Inc.)
Ralink 802.11n Wireless LAN Card
(HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version:
4.0.3.0 - Ralink)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver
(HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5
- Hewlett-Packard)
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55})
(Version: 1.9.5.103 - RoxioNow)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
(HKLM\...\{90140000-0018-0000-1000-0000000FF1CE}_Office14.POWERPOINT_{A3364707-2F53-4C83-8F68-C9877A9080C7})
(Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
(HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7})
(Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
(Version: - Microsoft) Hidden
SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0})
(Version: 15.3.331 - Trimble Navigation Limited)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6})
(Version: 7.29.102 - Skype Technologies S.A.)
Slingo Supreme (x32 Version: 2.2.0.97 - WildTangent) Hidden
Spotify (HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\Spotify)
(Version: 1.0.41.375.g040056ca - Spotify AB)
Spybot - Search & Destroy
(HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version:
2.4.40 - Safer-Networking Ltd.)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 -
WildTangent) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3
- VideoLAN)
VSFilter 2.41.322 (0c3a1ea) Nightly (HKLM-x32\...\vsfilter_is1)
(Version: 2.41.322 - MPC-HC Team)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version:
15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections
(HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version:
15.4.5722.2 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinZip 16.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC})
(Version: 16.0.9715 - WinZip Computing, S.L. )
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll
(Google Inc.)
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll
=> No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll
=> No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll =>
No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll
=> No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll
=> No File
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll
(Google Inc.)
CustomCLSID: HKU\S-1-5-21-2324025828-1623389042-2555509162-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32
-> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll =>
No File

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:45 am

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

Task: {0B9632AA-4000-4352-ADE6-D0E2CDF2CC7A} - System32\Tasks\avast!
Emergency Update => C:\Program Files\AVAST
Software\Avast\AvastEmUpdate.exe
Task: {0D6978BA-8744-4F9B-AF07-1C98ED5744A3} -
System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker =>
C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12]
(HP Inc.)
Task: {24446ADE-2911-4121-82D4-0D5A7E8AE4D0} - System32\Tasks\AVAST
Software\Avast settings backup => C:\Program Files\Common
Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {29FB01B7-5D95-4D7B-9F67-EEC4392F9AE4} - System32\Tasks\SafeZone
scheduled Autoupdate 1461091127 => C:\Program Files\AVAST
Software\SZBrowser\launcher.exe
Task: {4444B025-B756-4B7C-957E-024DCE8CE1DA} -
System32\Tasks\HPCeeScheduleForUSER-HP$ => C:\Program Files
(x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16]
(Hewlett-Packard)
Task: {4C4E22C0-0E2D-44D3-A357-14FC0CF097A6} - System32\Tasks\Apple
Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet
Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {5716DFF1-49C0-465A-902C-70A0F23CD8DD} -
System32\Tasks\AdobeAAMUpdater-1.0-user-HP-user => C:\Program Files
(x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
[2012-04-04] (Adobe Systems Incorporated)
Task: {69657C43-79CD-4BE1-B9C3-4FCF95963022} - \Speedial -> No File
<==== ATTENTION
Task: {6C86EB10-7C29-4B0D-9CA1-839E915D777E} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {778AA53E-568C-4679-A591-FCEE26F0136D} -
System32\Tasks\{A1894CDE-D00E-4F91-BF4E-EA13569ED700} => pcalua.exe -a
C:\Users\user\Downloads\jxpiinstall(1).exe -d C:\Users\user\Downloads
Task: {7A22195C-0D6F-416B-B915-BE8164ED9153} -
System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh
immunization => C:\Program Files (x86)\Spybot - Search & Destroy
2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8602E0C6-7AAD-459F-AE27-3CD493DE1D93} -
System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis
=> C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {86B9C762-8C14-4AB6-9975-035C0DA916F3} -
System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support
Solutions Framework Report => C:\Program Files
(x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe
[2016-05-09] (Hewlett-Packard)
Task: {AAC81BFD-3292-4B92-B689-D2C30DF3A14B} -
System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the
system => C:\Program Files (x86)\Spybot - Search & Destroy
2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B5A2775C-90D1-4B77-8F12-D62E523D6D5A} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core
=> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
[2015-08-30] (Google Inc.)
Task: {B661F2D9-8F06-4571-BB20-138FE9F913FF} -
System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA
=> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
[2015-08-30] (Google Inc.)
Task: {B9E48006-39FF-4D3D-A48E-61FAA3DE6692} -
System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support
Solutions Framework Updater => C:\Program Files
(x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe
[2016-08-03] (HP Inc.)
Task: {C05F2CAB-836A-46C1-9DE9-5A2A231A01F0} -
System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan
(HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP
Inc.)
Task: {C094DE56-9132-4D88-B307-C34615AD8C26} -
System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files
(x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple
Inc.)
Task: {C92195A2-F864-4CA9-A165-9F6EC6C54A9B} -
System32\Tasks\Registration => C:\Program Files
(x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {D1569325-C211-426A-9F98-A9745320805E} - System32\Tasks\Adobe
Flash Player Updater =>
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
[2016-11-08] (Adobe Systems Incorporated)
Task: {D2FFE436-CAE2-44E6-9A80-0CB70F707043} -
System32\Tasks\{FC9A82A7-0042-45A4-9EF3-B3D63DEBF64D} => C:\Program
Files (x86)\Camera Assistant Software for ViewSonic\traybar.exe
[2007-08-20] (Chicony)
Task: {D40CD51D-8C55-46AD-B8EF-3F0023583696} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {D92C4764-53EC-4EB3-A15E-2779996D76AC} -
System32\Tasks\HPCeeScheduleForuser => C:\Program Files
(x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16]
(Hewlett-Packard)
Task: {DEF6E5A9-DCBA-4583-9A0C-12C3420250EB} -
System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for
updates => C:\Program Files (x86)\Spybot - Search & Destroy
2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {E5F7D25B-D55C-495F-8E3A-590D2EE3965E} -
System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support
Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\HPSF.exe [2016-08-23] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be
moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job =>
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program
Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program
Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
=> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
=> C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForUSER-HP$.job => C:\Program
Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files
(x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams:
C:\Users\Danilo\Desktop\Danilo.jpg: 3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams:
C:\Users\Danilo\Desktop\Danilo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the
registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
e"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be
restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site:
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\...\localhost ->
localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2016-12-04 00:01 - 00000027 ____A
C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\Control
Panel\Desktop\\Wallpaper ->
C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3)
(EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the
registry. The file will not be moved unless listed separately.)

FirewallRules: [{18AED543-2950-41D3-923D-5AB010D2BE0D}] => (Allow)
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{60DBFC41-F9D1-46B8-BAF3-389C323C359F}] => (Allow)
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowShell.exe
FirewallRules: [{5159912B-E329-476E-BBB9-48B1B89EF16F}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{E5D0D150-FDA9-4190-855E-9343E5B017F4}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\MediaSmart\RoxioNow\RNow.exe
FirewallRules: [{3F6B3D96-CC15-4DC0-9907-A4104DFCEEEB}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\Remote Graphics
Receiver\rgreceiver.exe
FirewallRules: [{04928767-7255-4326-8A37-1EEE5153B945}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\Remote Graphics
Receiver\rgreceiver.exe
FirewallRules: [{ADDE7ECD-5ED1-468F-AB51-5ADDF2AA1DAC}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{0E474077-7176-40F7-ADC5-9B0E0B313DE9}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe
FirewallRules: [{F849AEDC-6FA9-4D75-9F84-17B815E495E0}] => (Allow)
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CAD07812-1B76-48D6-B8BF-DF12D4CBD08D}] => (Allow) LPort=2869
FirewallRules: [{5E0F1344-EF56-4D46-A8F3-98F78C25B4AD}] => (Allow) LPort=1900
FirewallRules: [{E8F43D79-BBB9-4ACB-9D39-22CD0E2119EA}] => (Allow)
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3BFD9CC4-6266-4204-A688-3ACB732FD8AC}] => (Allow)
C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F8CFDFD0-2482-4508-9006-96E53464D74B}] => (Allow)
C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{84FCB8AF-EED1-4461-9C40-7B6B22E75574}] => (Allow)
C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D3A79EC2-B37A-450A-9373-AC641A5DC005}] => (Allow)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ED2B9E6A-D8B0-4FF7-85F6-FFA332D2306A}] => (Allow)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EDAAA742-3FD2-417F-9E1A-84F20326A59A}] => (Allow)
C:\Windows\system32\lxeecoms.exe
FirewallRules: [TCP Query
User{0FB1A18E-527E-409E-8BF9-55188B9DA5FE}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe]
=> (Block) C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [UDP Query
User{B905EF65-7EE2-469E-BED1-4D1CA0A40766}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe]
=> (Block) C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe
FirewallRules: [{FF9D7CEB-8A64-49F2-B6DF-D0C8834B7ADC}] => (Allow)
C:\Windows\SysWOW64\lxblcoms.exe
FirewallRules: [{599E3819-EF12-4FE9-9549-14B2A71FDCC3}] => (Allow)
C:\Windows\SysWOW64\lxblcoms.exe
FirewallRules: [{E48EAB46-256D-4746-A7AA-7729C55C4B7E}] => (Allow)
C:\Windows\System32\lxblcoms.exe
FirewallRules: [{D2609B49-2FCC-497E-B847-96461FE7E412}] => (Allow)
C:\Windows\System32\lxblcoms.exe
FirewallRules: [TCP Query
User{8C3B322E-9D58-43A0-A940-7CF9BC845287}C:\users\user\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query
User{68DE2661-9F2B-45A0-B2EF-9844E9A67211}C:\users\user\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [{32E10518-702D-464F-AA77-DA11D412ADBE}] => (Allow)
E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{58429B1B-CCA3-4BAF-8CC0-D88EB676289A}] => (Allow)
E:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [TCP Query
User{34FC9910-726C-4F73-837B-0CF7E3F1FF6F}C:\program files (x86)\epson
software\event manager\eeventmanager.exe] => (Allow) C:\program files
(x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query
User{1534ADAD-8142-4334-A99D-FFCA812233B3}C:\program files (x86)\epson
software\event manager\eeventmanager.exe] => (Allow) C:\program files
(x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query
User{9EED4216-E86E-4AAA-BB77-40D7AE17D6FE}C:\windows\syswow64\javaw.exe]
=> (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query
User{0A14E1BE-1A71-4D84-99E2-B8830AB049FC}C:\windows\syswow64\javaw.exe]
=> (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [{8B208778-860E-4EF6-BBA2-9EBDB7DFD226}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
FirewallRules: [TCP Query
User{370B9B87-458F-428D-8056-21B5A5464E5B}C:\program files
(x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files
(x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query
User{49C85F11-559C-4F5B-BDC9-39BD8CA17A09}C:\program files
(x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files
(x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query
User{56E6EB59-4577-4F99-A8D5-62834E49447E}C:\program files
(x86)\java\jre7\bin\java.exe] => (Block) C:\program files
(x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query
User{DCB1E1D0-ABC3-4DF2-ACCE-083AF042150B}C:\program files
(x86)\java\jre7\bin\java.exe] => (Block) C:\program files
(x86)\java\jre7\bin\java.exe
FirewallRules: [{ED9B777E-B43F-42FE-A3FF-6F0DC0ECB482}] => (Allow)
C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5254B2D3-3A59-4B96-9018-BCE358863479}] => (Allow)
C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DB088B72-0B58-49EC-BB25-677C27039895}] => (Allow)
C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{252AC2EB-8C28-4C57-8916-8D367A3930F0}] => (Allow)
C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8A65207B-7B43-4F94-B446-EDE149EAB740}] => (Allow)
C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{385AFE49-E3C4-4C3C-9E6C-3A0D94C1830A}] => (Allow)
C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F3998E2-A4C2-4EAD-886F-222A75305DF1}] => (Allow)
C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{63E10791-2126-4002-91DE-F7180DE482A6}] => (Allow)
C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{13A09811-A8E7-4117-9092-975560935178}] => (Allow)
C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{3D858FC4-C699-457A-A8D1-CFE79BA38E4F}] => (Allow)
C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query
User{A780B10E-4424-41A1-AF65-ED9727DF026A}C:\program files (x86)\epson
software\event manager\eeventmanager.exe] => (Allow) C:\program files
(x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query
User{205A5CCE-7C3E-449E-9AAD-6F58F94E884A}C:\program files (x86)\epson
software\event manager\eeventmanager.exe] => (Allow) C:\program files
(x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query
User{C79A47D2-9747-442E-8504-23A94174790A}C:\program files
(x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files
(x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query
User{3A7D5BA4-12C3-4BCA-8942-C8471DC17140}C:\program files
(x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files
(x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query
User{A1DD7821-DFE9-4137-AC8A-6F06E20DEACD}C:\users\user\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query
User{D1B17AF2-79B5-4C55-B85C-7232F746668E}C:\users\user\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\user\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query
User{198B965A-405C-4093-B944-F9AB154A047A}C:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe]
=> (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe
FirewallRules: [UDP Query
User{106FBA5F-DFD5-4BFB-B2CB-3AC0F47A4780}C:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe]
=> (Allow) C:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe
FirewallRules: [{5361E01E-8BED-4E73-8B9D-B044874AF0F8}] => (Allow)
C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E10EC5DE-317C-4FE3-9610-98336659DCBE}] => (Allow)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7D4B3ADD-D416-456C-BAB5-4EA7B6A80566}] => (Allow)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DE0FD889-DC2F-42C7-928C-DF8DD0454408}] => (Allow)
C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D71F2BE7-FD57-4105-839E-293AE4F12835}] => (Allow)
C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query
User{CBD196EA-23BD-4148-BF20-30216E8D24B6}C:\program files
(x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files
(x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query
User{B8D67BDE-2DD0-46B9-B7D9-4B9A18876408}C:\program files
(x86)\java\jre1.8.0_31\bin\javaw.exe] => (Block) C:\program files
(x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{8473836D-0245-4C97-9C86-ECDD4692C57E}] => (Allow)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A23EAB65-0F41-40F1-A65E-3AD358B47CF3}] => (Allow)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC93B914-858A-4E4A-B84E-A6C741E0BD84}] => (Allow)
C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2AAFEC93-47FB-4A91-ADD0-E46C1A7151BF}] => (Allow)
C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2EC6774C-5971-4579-ADCE-341AF872A863}] => (Allow)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{03181888-5EBB-40DA-9738-81967F31F22F}] => (Allow)
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DA13E45-1C20-4792-87DD-E0EE4C3A237E}] => (Allow)
C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query
User{73A883FC-54E5-42A1-A469-851EC66EA414}C:\users\guest\appdata\roaming\spotify\spotify.exe]
=> (Block) C:\users\guest\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query
User{9E1AD300-0544-47A8-9C87-DE245A0F72F8}C:\users\guest\appdata\roaming\spotify\spotify.exe]
=> (Block) C:\users\guest\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query
User{8F7C7376-6C80-42FC-845C-DE0665140724}C:\users\guest\appdata\roaming\spotify\spotify.exe]
=> (Block) C:\users\guest\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query
User{F956F9E0-5470-4BF0-9735-A55A253D3287}C:\users\guest\appdata\roaming\spotify\spotify.exe]
=> (Block) C:\users\guest\appdata\roaming\spotify\spotify.exe
FirewallRules: [{26C7E964-39B7-4313-B65F-C5E564A8E375}] => (Allow)
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{B3795538-29BA-4D06-9AA6-913D92A212D4}] => (Allow)
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{51153FB8-ED84-4993-8541-5411A50F3462}] => (Allow)
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2B42B3C6-067B-4A32-88AB-7568B8BD62A5}] => (Allow)
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{437BC1B4-B947-4702-8028-4A0E495074D7}] => (Allow)
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4083A5A2-CCFC-4310-BA3A-21B6C798490F}] => (Allow)
C:\Users\user\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query
User{48DDA238-5D70-4378-B520-82D863C9B9B1}C:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe]
=> (Block) C:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [UDP Query
User{8B04A807-9876-45DF-8181-B4F06E91F8C3}C:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe]
=> (Block) C:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe
FirewallRules: [TCP Query
User{2E23EEC0-2920-4442-B36D-DA63CBE39A3F}C:\users\theta\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\theta\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query
User{0C70A534-324B-4E6A-99F7-9E0685E381EB}C:\users\theta\appdata\roaming\spotify\spotify.exe]
=> (Allow) C:\users\theta\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query
User{BEBEC6DF-C65C-4D44-BF58-36AD319276CA}C:\users\roger
xo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roger
xo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query
User{E6DFD8DD-E6D1-4C10-870D-B3091612429D}C:\users\roger
xo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\roger
xo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query
User{8861E5F7-72AB-4488-A203-336693D5C469}C:\program files
(x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow)
C:\program files
(x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query
User{A1FAAAE0-768E-4D74-8797-269F2CE1DDE1}C:\program files
(x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow)
C:\program files
(x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{607AE373-8F31-40BB-A4FE-0452844BBE36}] => (Allow)
C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{8EE604D8-B82A-479E-AFFD-AFE4759D698F}] => (Allow)
C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{11A8D8F1-C400-41F1-9B5D-73B2D84D4DED}] => (Allow)
C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{132D5BD1-6BAE-407A-887C-3978DF757BFB}] => (Allow)
C:\Users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{5F52F37A-DA47-42F2-BA44-BC687E57FF44}] => (Allow)
C:\Users\user\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{83CDE3BC-B09F-48FC-BF21-B3AEC1A8D19A}] => (Allow)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy
tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner
Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot
- Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background
update service

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or
does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be
a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device,
and this error should be resolved.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:46 am

==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2016 10:08:39 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 10:05:28 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 10:02:38 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 09:59:27 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 09:56:28 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 09:25:36 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 09:22:33 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 09:19:21 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 09:16:11 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

Error: (12/05/2016 09:13:04 PM) (Source: Microsoft-Windows-CAPI2)
(EventID: 256) (User: )
Description: The Cryptographic Services service failed to initialize
the Catalog Database. The error was: 1117 (0x45d) : The request could
not be performed because of an I/O device error.
.

System errors:
=============
Error: (12/05/2016 10:22:51 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:22:51 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:22:51 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:21:35 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:21:35 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:21:35 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:20:39 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:20:39 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:20:39 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (12/05/2016 10:19:39 PM) (Source: Service Control Manager)
(EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server
service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================
Date: 2016-12-03 23:05:52.486
Description: Windows is unable to verify the image integrity of the
file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash
could not be found on the system. A recent hardware or software change
might have installed a file that is signed incorrectly or damaged, or
that might be malicious software from an unknown source.

Date: 2016-12-03 23:03:14.255
Description: Windows is unable to verify the image integrity of the
file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash
could not be found on the system. A recent hardware or software change
might have installed a file that is signed incorrectly or damaged, or
that might be malicious software from an unknown source.

Date: 2016-11-16 15:21:47.080
Description: Code Integrity is unable to verify the image integrity
of the file \Device\HarddiskVolume2\Windows\System32\crypt32.dll
because the set of per-page image hashes could not be found on the
system.

Date: 2016-11-10 06:06:29.824
Description: Code Integrity is unable to verify the image integrity
of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe
because the set of per-page image hashes could not be found on the
system.

Date: 2016-11-10 04:02:15.569
Description: Code Integrity is unable to verify the image integrity
of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe
because the set of per-page image hashes could not be found on the
system.

Date: 2016-11-09 23:05:44.026
Description: Code Integrity is unable to verify the image integrity
of the file \Device\HarddiskVolume2\Windows\System32\audiodg.exe
because the set of per-page image hashes could not be found on the
system.

Date: 2016-11-09 22:28:51.475
Description: Windows is unable to verify the image integrity of the
file \Device\HarddiskVolume2\Windows\System32\drivers\dfsc.sys because
file hash could not be found on the system. A recent hardware or
software change might have installed a file that is signed incorrectly
or damaged, or that might be malicious software from an unknown
source.

Date: 2016-11-09 22:21:19.074
Description: Windows is unable to verify the image integrity of the
file \Device\HarddiskVolume2\Windows\System32\drivers\netbt.sys
because file hash could not be found on the system. A recent hardware
or software change might have installed a file that is signed
incorrectly or damaged, or that might be malicious software from an
unknown source.

Date: 2016-11-09 22:15:58.212
Description: Windows is unable to verify the image integrity of the
file \Device\HarddiskVolume2\Windows\System32\drivers\netbt.sys
because file hash could not be found on the system. A recent hardware
or software change might have installed a file that is signed
incorrectly or damaged, or that might be malicious software from an
unknown source.

Date: 2016-11-09 22:10:45.837
Description: Windows is unable to verify the image integrity of the
file \Device\HarddiskVolume2\Windows\System32\drivers\afd.sys because
file hash could not be found on the system. A recent hardware or
software change might have installed a file that is signed incorrectly
or damaged, or that might be malicious software from an unknown
source.

==================== Memory info ===========================

Processor: AMD A4-3400 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 14%
Total physical RAM: 5616.61 MB
Available physical RAM: 4820.32 MB
Total Virtual: 11231.4 MB
Available Virtual: 10484.12 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.87 GB) (Free:207.58 GB) NTFS
==>[system with boot components (obtained from drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.54 GB) (Free:1.38 GB) NTFS
==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BB217DD7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 5:13 pm

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

Right-click on FRST icon and select Run as Administrator to start the tool.
Press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.

Re-running FRST to search for any leftovers:

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

Right-click on FRST icon and select Run as Administrator to start the tool.
Make sure that Addition option is checked.
Press Scan button and wait.
The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content into your next reply.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 8:40 pm

I just downloaded the TSSKiller tool, but I haven't ran it yet. When I hit fix on FarBar under admin, it pops up with this message:

"No fixlist.txt found.

The fixlist.txt should be in the same folder/directory the tool is located."

I've only ran this program twice. The first time we scanned and just this second time with the Additional log. Both FRST and Additional logs are in the same Downloads folder with the program.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup7th December 2016, 12:12 am

Please ensure the fixlist.txt is in the same folder as FRST. If it is not, then it will fail to fix anything.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 6:18 pm

Because FarBar takes days to finish, I'm going to post the fixlog.txt first, and post the others separately. Just so you know I'm still here. I will now be starting TDSSKiller.

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by user (08-12-2016 19:03:21) Run:1
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user & Danilo & Guest)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
emptytemp:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
<======= ATTENTION
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Policies\Microsoft\Internet
Explorer: Restriction <======= ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
AlternateDataStreams:
C:\Users\Danilo\Desktop\Danilo.jpg: 3or4kl4x13tuuug3Byamue2s4b [93]
AlternateDataStreams:
C:\Users\Danilo\Desktop\Danilo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[0]
Toolbar: HKLM-x32 - No Name - {06C7AD57-B655-418D-9AB8-9526A6D2E052} - No File
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
<======= ATTENTION => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2324025828-1623389042-2555509162-1000\SOFTWARE\Policies\Microsoft\Internet => Error: No automatic fix found for this entry.
Explorer: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`26hfm" ADS removed successfully.
AlternateDataStreams: => Error: No automatic fix found for this entry.
"C:\Users\Danilo\Desktop\Danilo.jpg: 3or4kl4x13tuuug3Byamue2s4b [93]" => not found.
AlternateDataStreams: => Error: No automatic fix found for this entry.
Could not move "C:\Users\Danilo\Desktop\Danilo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" => Scheduled to move on reboot.
[0] => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => value removed successfully
HKCR\Wow6432Node\CLSID\{06C7AD57-B655-418D-9AB8-9526A6D2E052} => key not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 93744561 B
Java, Flash, Steam htmlcache => 136032 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 729593918 B
Firefox => 200747348 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 24652585 B
systemprofile32 => 13531249 B
LocalService => 16384 B
NetworkService => 1474262 B
user => 15369799 B
Danilo => 625360 B
Guest => 78638418 B

RecycleBin => 97082 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 10-12-2016 09:38:40)

"C:\Users\Danilo\Desktop\Danilo.jpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" => Could not move

==== End of Fixlog 09:38:41 ====

Re: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 7:00 pm

Here's the TDSSKiller report, has to be split up:

10:21:25.0561 0x06c4 TDSS rootkit removing tool 3.1.0.12 Nov 7 2016 07:10:01
10:21:29.0258 0x06c4 ============================================================
10:21:29.0258 0x06c4 Current date / time: 2016/12/10 10:21:29.0258
10:21:29.0258 0x06c4 SystemInfo:
10:21:29.0258 0x06c4
10:21:29.0258 0x06c4 OS Version: 6.1.7601 ServicePack: 1.0
10:21:29.0258 0x06c4 Product type: Workstation
10:21:29.0258 0x06c4 ComputerName: USER-HP
10:21:29.0258 0x06c4 UserName: user
10:21:29.0258 0x06c4 Windows directory: C:\Windows
10:21:29.0258 0x06c4 System windows directory: C:\Windows
10:21:29.0258 0x06c4 Running under WOW64
10:21:29.0258 0x06c4 Processor architecture: Intel x64
10:21:29.0258 0x06c4 Number of processors: 2
10:21:29.0258 0x06c4 Page size: 0x1000
10:21:29.0258 0x06c4 Boot type: Safe boot with network
10:21:29.0258 0x06c4 CodeIntegrityOptions = 0x00000001
10:21:29.0258 0x06c4 ============================================================
10:21:29.0851 0x06c4 KLMD registered as C:\Windows\system32\drivers\82304321.sys
10:21:29.0851 0x06c4 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23569, osProperties = 0x1
10:21:30.0179 0x06c4 System UUID: {677CAC7E-1CFB-099B-7683-66A34B733A05}
10:21:30.0694 0x06c4 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:21:30.0709 0x06c4 ============================================================
10:21:30.0709 0x06c4 \Device\Harddisk0\DR0:
10:21:30.0709 0x06c4 MBR partitions:
10:21:30.0709 0x06c4 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:21:30.0709 0x06c4 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72FBE9C1
10:21:30.0709 0x06c4 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x72FF11C1, BlocksNum 0x1714800
10:21:30.0709 0x06c4 ============================================================
10:21:30.0725 0x06c4 C: <-> \Device\Harddisk0\DR0\Partition2
10:21:30.0772 0x06c4 D: <-> \Device\Harddisk0\DR0\Partition3
10:21:30.0772 0x06c4 ============================================================
10:21:30.0772 0x06c4 Initialize success
10:21:30.0772 0x06c4 ============================================================
10:21:44.0437 0x0aa4 ============================================================
10:21:44.0437 0x0aa4 Scan started
10:21:44.0437 0x0aa4 Mode: Manual;
10:21:44.0437 0x0aa4 ============================================================
10:21:44.0437 0x0aa4 KSN ping started
10:21:44.0780 0x0aa4 KSN ping finished: true
10:21:45.0623 0x0aa4 ================ Scan system memory ========================
10:21:45.0623 0x0aa4 System memory - ok
10:21:45.0623 0x0aa4 ================ Scan services =============================
10:21:45.0748 0x0aa4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:21:45.0794 0x0aa4 1394ohci - ok
10:21:45.0966 0x0aa4 [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
10:21:45.0997 0x0aa4 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
10:21:46.0028 0x0aa4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:21:46.0044 0x0aa4 ACPI - ok
10:21:46.0060 0x0aa4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
10:21:46.0060 0x0aa4 AcpiPmi - ok
10:21:46.0169 0x0aa4 [ 9BAF21BA600EC4E5FD9A66AD3E4FF5A6, 5E02E5E80557F6EC870EB7CC2DE95169D4225B87A2FE7E796736205F51C15816 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:21:46.0169 0x0aa4 AdobeFlashPlayerUpdateSvc - ok
10:21:46.0200 0x0aa4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
10:21:46.0216 0x0aa4 adp94xx - ok
10:21:46.0262 0x0aa4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
10:21:46.0278 0x0aa4 adpahci - ok
10:21:46.0309 0x0aa4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
10:21:46.0309 0x0aa4 adpu320 - ok
10:21:46.0356 0x0aa4 [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
10:21:46.0356 0x0aa4 AeLookupSvc - ok
10:21:46.0403 0x0aa4 [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
10:21:46.0403 0x0aa4 AESTFilters - ok
10:21:46.0481 0x0aa4 [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
10:21:46.0496 0x0aa4 AFD - ok
10:21:46.0528 0x0aa4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
10:21:46.0528 0x0aa4 agp440 - ok
10:21:46.0559 0x0aa4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
10:21:46.0574 0x0aa4 ALG - ok
10:21:46.0606 0x0aa4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:21:46.0606 0x0aa4 aliide - ok
10:21:46.0637 0x0aa4 [ 9A75FD4D9A1B9152CFC920D6A9E2B61A, 50A46298358260255041B1321C05BF596CDDC7CF4D29E851E793A6BC0D47D1B6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:21:46.0637 0x0aa4 AMD External Events Utility - ok
10:21:46.0684 0x0aa4 [ 30BFEEE0DFFD5BD79D29157CF080DEED, D3176AA5CFD43CAE7180E9E51A2C76DC2AC02897CA730391A54F647D263ED4E0 ] amdhub30        C:\Windows\system32\drivers\amdhub30.sys
10:21:46.0684 0x0aa4 amdhub30 - ok
10:21:46.0730 0x0aa4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
10:21:46.0730 0x0aa4 amdide - ok
10:21:46.0730 0x0aa4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
10:21:46.0746 0x0aa4 AmdK8 - ok
10:21:47.0011 0x0aa4 [ F937254A1C63B6BB6DDBB41BF69967BB, A665D8EED3D2DEE0E61478314F1A35DA1378AFFECCE55EDDACAC0F5E067E0C7E ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:47.0261 0x0aa4 amdkmdag - ok
10:21:47.0323 0x0aa4 [ 5E709520B37733331D4CEA35A9E9483E, 17FD128E5DD0EEA95B355F1BF387DBA585EEF1295B56A4EC9566DE15A4892949 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
10:21:47.0339 0x0aa4 amdkmdap - ok
10:21:47.0354 0x0aa4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:21:47.0354 0x0aa4 AmdPPM - ok
10:21:47.0370 0x0aa4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
10:21:47.0386 0x0aa4 amdsata - ok
10:21:47.0386 0x0aa4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:21:47.0401 0x0aa4 amdsbs - ok
10:21:47.0417 0x0aa4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
10:21:47.0417 0x0aa4 amdxata - ok
10:21:47.0432 0x0aa4 [ 321533578132C811EC834A1B741C994C, 82B62C52018655B8A596E1E503CB31F0FA581780425A9FF44BE1248C0F3D4B3E ] amdxhc          C:\Windows\system32\drivers\amdxhc.sys
10:21:47.0432 0x0aa4 amdxhc - ok
10:21:47.0448 0x0aa4 [ 2FBB00A7616106B95104574C6CD640C2, 06DE79B42EBBBBA01DAB289D4280E131D780066CD7E4499229CD5EB1E597A017 ] amd_sata        C:\Windows\system32\drivers\amd_sata.sys
10:21:47.0448 0x0aa4 amd_sata - ok
10:21:47.0464 0x0aa4 [ 87D0D7645CB0D53220649BD5FE15D93E, 195B25BC640BE5D802F530FAA68D3325A6C076DE8A7E56833372C3B2B53B673B ] amd_xata        C:\Windows\system32\drivers\amd_xata.sys
10:21:47.0464 0x0aa4 amd_xata - ok
10:21:47.0510 0x0aa4 [ 0CD7BFDE151223C6976C5D1B3D49EB84, A16FAB4F77D03C0664CCE8082E40A7673BC7FA4E89854F9027D478CD99EB2088 ] AppID           C:\Windows\system32\drivers\appid.sys
10:21:47.0526 0x0aa4 AppID - ok
10:21:47.0526 0x0aa4 [ F9842669B31F20B8B157D33CCC457820, AC8FA65F0A3C479D3CFE10EFE9B3EC5BAE48059F57A12D8C2D7963A22EB043B8 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:21:47.0526 0x0aa4 AppIDSvc - ok
10:21:47.0573 0x0aa4 [ B46099A534B7989D80330EA82D9092D6, 0CAC09732FAFAE805E55428B6BE001DCC39EBC599539FADE7AA68571A8A554E5 ] Appinfo         C:\Windows\System32\appinfo.dll
10:21:47.0573 0x0aa4 Appinfo - ok
10:21:47.0651 0x0aa4 [ 885888F8AAD89108A5EE2D0174690220, 9B148C117EBE400F40BF7F32B66B20AA4628BA9E233D707DFA2EB4A8A65E7C52 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:21:47.0666 0x0aa4 Apple Mobile Device Service - ok
10:21:47.0682 0x0aa4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
10:21:47.0698 0x0aa4 arc - ok
10:21:47.0713 0x0aa4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:21:47.0713 0x0aa4 arcsas - ok
10:21:47.0807 0x0aa4 [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:21:47.0885 0x0aa4 aspnet_state - ok
10:21:47.0916 0x0aa4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:47.0916 0x0aa4 AsyncMac - ok
10:21:47.0932 0x0aa4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
10:21:47.0932 0x0aa4 atapi - ok
10:21:47.0994 0x0aa4 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:21:48.0010 0x0aa4 AudioEndpointBuilder - ok
10:21:48.0041 0x0aa4 [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:21:48.0056 0x0aa4 AudioSrv - ok
10:21:48.0088 0x0aa4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:21:48.0088 0x0aa4 AxInstSV - ok
10:21:48.0134 0x0aa4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
10:21:48.0150 0x0aa4 b06bdrv - ok
10:21:48.0166 0x0aa4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:21:48.0181 0x0aa4 b57nd60a - ok
10:21:48.0197 0x0aa4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:21:48.0197 0x0aa4 BDESVC - ok
10:21:48.0212 0x0aa4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:21:48.0212 0x0aa4 Beep - ok
10:21:48.0244 0x0aa4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
10:21:48.0259 0x0aa4 BFE - ok
10:21:48.0306 0x0aa4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
10:21:48.0384 0x0aa4 BITS - ok
10:21:48.0384 0x0aa4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:21:48.0384 0x0aa4 blbdrive - ok
10:21:48.0446 0x0aa4 [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:21:48.0462 0x0aa4 Bonjour Service - ok
10:21:48.0509 0x0aa4 [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:21:48.0509 0x0aa4 bowser - ok
10:21:48.0524 0x0aa4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:21:48.0524 0x0aa4 BrFiltLo - ok
10:21:48.0540 0x0aa4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:21:48.0540 0x0aa4 BrFiltUp - ok
10:21:48.0556 0x0aa4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:21:48.0556 0x0aa4 BridgeMP - ok
10:21:48.0587 0x0aa4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
10:21:48.0587 0x0aa4 Browser - ok
10:21:48.0602 0x0aa4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
10:21:48.0618 0x0aa4 Brserid - ok
10:21:48.0634 0x0aa4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:48.0634 0x0aa4 BrSerWdm - ok
10:21:48.0634 0x0aa4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:48.0634 0x0aa4 BrUsbMdm - ok
10:21:48.0649 0x0aa4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:48.0649 0x0aa4 BrUsbSer - ok
10:21:48.0665 0x0aa4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:21:48.0665 0x0aa4 BTHMODEM - ok
10:21:48.0680 0x0aa4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
10:21:48.0696 0x0aa4 bthserv - ok
10:21:48.0727 0x0aa4 catchme - ok
10:21:48.0743 0x0aa4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:21:48.0743 0x0aa4 cdfs - ok
10:21:48.0758 0x0aa4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
10:21:48.0774 0x0aa4 cdrom - ok
10:21:48.0790 0x0aa4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
10:21:48.0790 0x0aa4 CertPropSvc - ok
10:21:48.0805 0x0aa4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
10:21:48.0805 0x0aa4 circlass - ok
10:21:48.0836 0x0aa4 [ 3891EA60B84EFE115CE070311FA83BBB, 2A30FB15C8D0C69289C087DFE1F822AB4F9C3F091DBB3FD2E99DC5B562E90DFB ] CLFS            C:\Windows\system32\CLFS.sys
10:21:48.0836 0x0aa4 CLFS - ok
10:21:48.0914 0x0aa4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:21:48.0930 0x0aa4 clr_optimization_v2.0.50727_32 - ok
10:21:48.0977 0x0aa4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:21:48.0977 0x0aa4 clr_optimization_v2.0.50727_64 - ok
10:21:49.0039 0x0aa4 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:21:49.0211 0x0aa4 clr_optimization_v4.0.30319_32 - ok
10:21:49.0242 0x0aa4 [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:21:49.0273 0x0aa4 clr_optimization_v4.0.30319_64 - ok
10:21:49.0304 0x0aa4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:21:49.0304 0x0aa4 CmBatt - ok
10:21:49.0351 0x0aa4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:21:49.0367 0x0aa4 cmdide - ok
10:21:49.0414 0x0aa4 [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
10:21:49.0429 0x0aa4 CNG - ok
10:21:49.0445 0x0aa4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:21:49.0460 0x0aa4 Compbatt - ok
10:21:49.0476 0x0aa4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:21:49.0476 0x0aa4 CompositeBus - ok
10:21:49.0476 0x0aa4 COMSysApp - ok
10:21:49.0492 0x0aa4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
10:21:49.0492 0x0aa4 crcdisk - ok
10:21:49.0554 0x0aa4 [ BB724567892383010B8436DCC0A84628, 2768F5FD7A096CB1CEA33F8818EF16F9F5E3E07BB8442949A49A9CF24B62C6E6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:21:49.0554 0x0aa4 CryptSvc - ok
10:21:49.0616 0x0aa4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:21:49.0632 0x0aa4 DcomLaunch - ok
10:21:49.0663 0x0aa4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
10:21:49.0663 0x0aa4 defragsvc - ok
10:21:49.0726 0x0aa4 [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:21:49.0726 0x0aa4 DfsC - ok
10:21:49.0741 0x0aa4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:21:49.0741 0x0aa4 Dhcp - ok
10:21:49.0850 0x0aa4 [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
10:21:49.0882 0x0aa4 DiagTrack - ok
10:21:49.0913 0x0aa4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
10:21:49.0913 0x0aa4 discache - ok
10:21:49.0944 0x0aa4 [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
10:21:49.0944 0x0aa4 Disk - ok
10:21:49.0975 0x0aa4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:21:49.0975 0x0aa4 Dnscache - ok
10:21:49.0991 0x0aa4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
10:21:50.0006 0x0aa4 dot3svc - ok
10:21:50.0022 0x0aa4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
10:21:50.0022 0x0aa4 DPS - ok
10:21:50.0084 0x0aa4 [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
10:21:50.0084 0x0aa4 drmkaud - ok
10:21:50.0147 0x0aa4 [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
10:21:50.0162 0x0aa4 DXGKrnl - ok
10:21:50.0194 0x0aa4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
10:21:50.0194 0x0aa4 EapHost - ok
10:21:50.0287 0x0aa4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
10:21:50.0381 0x0aa4 ebdrv - ok
10:21:50.0443 0x0aa4 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] EFS             C:\Windows\System32\lsass.exe
10:21:50.0443 0x0aa4 EFS - ok
10:21:50.0506 0x0aa4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
10:21:50.0521 0x0aa4 ehRecvr - ok
10:21:50.0537 0x0aa4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
10:21:50.0537 0x0aa4 ehSched - ok
10:21:50.0568 0x0aa4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
10:21:50.0584 0x0aa4 elxstor - ok
10:21:50.0662 0x0aa4 [ 4F7E75A08DBF89423C2EF9DC89BD923B, 79F849704225CE8F3FF501888BEE0FBC1308FF6F590B9CD67015C9CFA0A708E3 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
10:21:50.0677 0x0aa4 EpsonCustomerParticipation - ok
10:21:50.0724 0x0aa4 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
10:21:50.0724 0x0aa4 EpsonScanSvc - ok
10:21:50.0771 0x0aa4 [ A7E8186E04F38E836C19AC147F8B2ED0, 329639595F02060C215A6334FCE1651FB9B9B5679BA9052A487B57265608D162 ] EPSON_PM_RPCV4_05 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
10:21:50.0786 0x0aa4 EPSON_PM_RPCV4_05 - ok
10:21:50.0786 0x0aa4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:21:50.0786 0x0aa4 ErrDev - ok
10:21:50.0833 0x0aa4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
10:21:50.0833 0x0aa4 EventSystem - ok
10:21:50.0849 0x0aa4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
10:21:50.0864 0x0aa4 exfat - ok
10:21:50.0880 0x0aa4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
10:21:50.0880 0x0aa4 fastfat - ok
10:21:50.0927 0x0aa4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
10:21:50.0942 0x0aa4 Fax - ok
10:21:50.0974 0x0aa4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
10:21:50.0974 0x0aa4 fdc - ok
10:21:50.0989 0x0aa4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
10:21:50.0989 0x0aa4 fdPHost - ok
10:21:51.0005 0x0aa4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:21:51.0020 0x0aa4 FDResPub - ok
10:21:51.0020 0x0aa4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:21:51.0020 0x0aa4 FileInfo - ok
10:21:51.0036 0x0aa4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
10:21:51.0036 0x0aa4 Filetrace - ok
10:21:51.0052 0x0aa4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:21:51.0052 0x0aa4 flpydisk - ok
10:21:51.0067 0x0aa4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:21:51.0083 0x0aa4 FltMgr - ok
10:21:51.0176 0x0aa4 [ 700A5373FA66F1DAAECBD2CFB88C73ED, D6C1C4C846BC24EB6539ECC701A456FA53BB6679C79391F5B70580D47B6CE395 ] FontCache       C:\Windows\system32\FntCache.dll
10:21:51.0208 0x0aa4 FontCache - ok
10:21:51.0239 0x0aa4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:21:51.0239 0x0aa4 FontCache3.0.0.0 - ok
10:21:51.0254 0x0aa4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
10:21:51.0254 0x0aa4 FsDepends - ok
10:21:51.0270 0x0aa4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:21:51.0270 0x0aa4 Fs_Rec - ok
10:21:51.0317 0x0aa4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:21:51.0332 0x0aa4 fvevol - ok
10:21:51.0332 0x0aa4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:21:51.0348 0x0aa4 gagp30kx - ok
10:21:51.0395 0x0aa4 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:21:51.0395 0x0aa4 GamesAppService - ok
10:21:51.0457 0x0aa4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:51.0457 0x0aa4 GEARAspiWDM - ok
10:21:51.0520 0x0aa4 [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
10:21:51.0535 0x0aa4 gpsvc - ok
10:21:51.0644 0x0aa4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:51.0644 0x0aa4 gupdate - ok
10:21:51.0660 0x0aa4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:21:51.0660 0x0aa4 gupdatem - ok
10:21:51.0676 0x0aa4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:21:51.0676 0x0aa4 hcw85cir - ok
10:21:51.0691 0x0aa4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:21:51.0707 0x0aa4 HdAudAddService - ok
10:21:51.0738 0x0aa4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
10:21:51.0738 0x0aa4 HDAudBus - ok
10:21:51.0754 0x0aa4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
10:21:51.0754 0x0aa4 HidBatt - ok
10:21:51.0769 0x0aa4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:21:51.0769 0x0aa4 HidBth - ok
10:21:51.0785 0x0aa4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
10:21:51.0785 0x0aa4 HidIr - ok
10:21:51.0816 0x0aa4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
10:21:51.0816 0x0aa4 hidserv - ok
10:21:51.0863 0x0aa4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:21:51.0863 0x0aa4 HidUsb - ok
10:21:51.0878 0x0aa4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:21:51.0878 0x0aa4 hkmsvc - ok
10:21:51.0894 0x0aa4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:21:51.0910 0x0aa4 HomeGroupListener - ok
10:21:51.0941 0x0aa4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:21:51.0941 0x0aa4 HomeGroupProvider - ok
10:21:51.0972 0x0aa4 [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
10:21:51.0988 0x0aa4 HPClientSvc - ok
10:21:52.0066 0x0aa4 [ 7B7DE6B3DC30F3246958F42C67A6F7BB, 4B66B90CFEC2231B905B21DECC4EC7C6500E546F080A452EF67E724EDF37ADD9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:21:52.0097 0x0aa4 hpqwmiex - ok
10:21:52.0112 0x0aa4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:21:52.0112 0x0aa4 HpSAMD - ok
10:21:52.0159 0x0aa4 [ 02F1253476B7F5F818364443DFED3264, 645F51A6781E9DEB381694718EDEF38B02F5345ADCE8860EC2D9483F7C1C7CC2 ] HPSupportSolutionsFrameworkService C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
10:21:52.0159 0x0aa4 HPSupportSolutionsFrameworkService - ok
10:21:52.0222 0x0aa4 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:21:52.0237 0x0aa4 HTTP - ok
10:21:52.0268 0x0aa4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:21:52.0268 0x0aa4 hwpolicy - ok
10:21:52.0284 0x0aa4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:21:52.0284 0x0aa4 i8042prt - ok
10:21:52.0393 0x0aa4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
10:21:52.0409 0x0aa4 iaStorV - ok
10:21:52.0518 0x0aa4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:21:52.0534 0x0aa4 idsvc - ok
10:21:52.0596 0x0aa4 IEEtwCollectorService - ok
10:21:52.0970 0x0aa4 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
10:21:53.0173 0x0aa4 igfx - ok
10:21:53.0220 0x0aa4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
10:21:53.0220 0x0aa4 iirsp - ok
10:21:53.0282 0x0aa4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
10:21:53.0314 0x0aa4 IKEEXT - ok
10:21:53.0345 0x0aa4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
10:21:53.0360 0x0aa4 intelide - ok
10:21:53.0407 0x0aa4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
10:21:53.0407 0x0aa4 intelppm - ok
10:21:53.0470 0x0aa4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
10:21:53.0470 0x0aa4 IPBusEnum - ok
10:21:53.0501 0x0aa4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:53.0501 0x0aa4 IpFilterDriver - ok
10:21:53.0563 0x0aa4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:21:53.0579 0x0aa4 iphlpsvc - ok
10:21:53.0641 0x0aa4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
10:21:53.0641 0x0aa4 IPMIDRV - ok
10:21:53.0688 0x0aa4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
10:21:53.0688 0x0aa4 IPNAT - ok
10:21:53.0828 0x0aa4 [ 16A6D49E7698FC6F1730D3FF9F5561A8, 860D2601BA3A71C81A6B21F4D92A5E9C47772C9DE0F047D49000FA4A484D7932 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
10:21:53.0844 0x0aa4 iPod Service - ok
10:21:53.0906 0x0aa4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:21:53.0906 0x0aa4 IRENUM - ok
10:21:53.0953 0x0aa4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:21:53.0953 0x0aa4 isapnp - ok
10:21:54.0031 0x0aa4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:21:54.0047 0x0aa4 iScsiPrt - ok
10:21:54.0140 0x0aa4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:54.0140 0x0aa4 kbdclass - ok
10:21:54.0203 0x0aa4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
10:21:54.0203 0x0aa4 kbdhid - ok
10:21:54.0234 0x0aa4 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] KeyIso          C:\Windows\system32\lsass.exe
10:21:54.0234 0x0aa4 KeyIso - ok
10:21:54.0296 0x0aa4 [ 1F4B52A496A43C65AB0F26169650FAF2, 6D6F3505997A7DDEE6F127B3FB537AFFDE687D4F34489679674DC12FB12B842C ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:21:54.0296 0x0aa4 KSecDD - ok
10:21:54.0343 0x0aa4 [ E4A599EDFAAB66C2BC17FB1593DC129B, 13098694B649E9146214D320FB14C3D305FCA155438CB531A8BAA4A70231D1A7 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
10:21:54.0359 0x0aa4 KSecPkg - ok
10:21:54.0374 0x0aa4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
10:21:54.0374 0x0aa4 ksthunk - ok
10:21:54.0452 0x0aa4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
10:21:54.0468 0x0aa4 KtmRm - ok
10:21:54.0562 0x0aa4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:21:54.0562 0x0aa4 LanmanServer - ok
10:21:54.0640 0x0aa4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:21:54.0640 0x0aa4 LanmanWorkstation - ok
10:21:54.0733 0x0aa4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:21:54.0733 0x0aa4 lltdio - ok
10:21:54.0796 0x0aa4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
10:21:54.0796 0x0aa4 lltdsvc - ok
10:21:54.0843 0x0aa4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
10:21:54.0843 0x0aa4 lmhosts - ok
10:21:54.0889 0x0aa4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:21:54.0889 0x0aa4 LSI_FC - ok
10:21:54.0921 0x0aa4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
10:21:54.0936 0x0aa4 LSI_SAS - ok
10:21:54.0952 0x0aa4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:21:54.0967 0x0aa4 LSI_SAS2 - ok
10:21:54.0999 0x0aa4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:21:54.0999 0x0aa4 LSI_SCSI - ok
10:21:55.0045 0x0aa4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
10:21:55.0045 0x0aa4 luafv - ok
10:21:55.0108 0x0aa4 lxbl_device - ok
10:21:55.0201 0x0aa4 lxee_device - ok
10:21:55.0326 0x0aa4 [ 47701ECA633574E122687693B5C5D35C, 1DB12767462347504956450FAD0D90B6E682E2E8959A6C5DF3792C3C3DA289B1 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
10:21:55.0326 0x0aa4 mbamchameleon - ok
10:21:55.0435 0x0aa4 [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
10:21:55.0451 0x0aa4 MBAMSwissArmy - ok
10:21:55.0451 0x0aa4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
10:21:55.0467 0x0aa4 Mcx2Svc - ok
10:21:55.0498 0x0aa4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
10:21:55.0498 0x0aa4 megasas - ok
10:21:55.0560 0x0aa4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:21:55.0576 0x0aa4 MegaSR - ok
10:21:55.0638 0x0aa4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
10:21:55.0638 0x0aa4 MMCSS - ok
10:21:55.0669 0x0aa4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
10:21:55.0685 0x0aa4 Modem - ok
10:21:55.0779 0x0aa4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
10:21:55.0779 0x0aa4 monitor - ok
10:21:55.0841 0x0aa4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:21:55.0841 0x0aa4 mouclass - ok
10:21:55.0888 0x0aa4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:21:55.0888 0x0aa4 mouhid - ok
10:21:55.0935 0x0aa4 [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:21:55.0950 0x0aa4 mountmgr - ok
10:21:56.0075 0x0aa4 [ 7AAFF443581F9B6F86CDF761ED0A437D, 6E159C875F5666E6D17C58628EEAF79818697355AFE213CE778BD3FEA04248C0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:21:56.0091 0x0aa4 MozillaMaintenance - ok
10:21:56.0106 0x0aa4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:21:56.0122 0x0aa4 mpio - ok
10:21:56.0153 0x0aa4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:21:56.0153 0x0aa4 mpsdrv - ok
10:21:56.0231 0x0aa4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:21:56.0262 0x0aa4 MpsSvc - ok
10:21:56.0325 0x0aa4 [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:21:56.0325 0x0aa4 MRxDAV - ok
10:21:56.0371 0x0aa4 [ 25F918BB5D57C99FFEB0255143D0DF9A, E4BB656C3AEE19094B0F87828828DC73F248B45B30B678AA759DBAB3087399A2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:56.0371 0x0aa4 mrxsmb - ok
10:21:56.0418 0x0aa4 [ 8DF2B80510F438CFEC479181BD29C794, ECA5BC17D1DB92B887D468B0FF1D6302518DBD7C3607B14FA291ECDA204D5E85 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:56.0434 0x0aa4 mrxsmb10 - ok
10:21:56.0481 0x0aa4 [ F7622CFE3402A9BF10227BB124901E54, 3EE6BA42E712505AED9D3920163814719FAC591FB5CFF589E230C7005CB598AF ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:56.0481 0x0aa4 mrxsmb20 - ok
10:21:56.0527 0x0aa4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
10:21:56.0527 0x0aa4 msahci - ok
10:21:56.0574 0x0aa4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
10:21:56.0574 0x0aa4 msdsm - ok
10:21:56.0605 0x0aa4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
10:21:56.0605 0x0aa4 MSDTC - ok
10:21:56.0637 0x0aa4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:21:56.0652 0x0aa4 Msfs - ok
10:21:56.0668 0x0aa4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
10:21:56.0683 0x0aa4 mshidkmdf - ok
10:21:56.0730 0x0aa4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:21:56.0730 0x0aa4 msisadrv - ok
10:21:56.0839 0x0aa4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
10:21:56.0839 0x0aa4 MSiSCSI - ok
10:21:56.0839 0x0aa4 msiserver - ok
10:21:56.0917 0x0aa4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
10:21:56.0917 0x0aa4 MSKSSRV - ok
10:21:56.0949 0x0aa4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:56.0964 0x0aa4 MSPCLOCK - ok
10:21:56.0995 0x0aa4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
10:21:57.0011 0x0aa4 MSPQM - ok
10:21:57.0058 0x0aa4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
10:21:57.0058 0x0aa4 MsRPC - ok
10:21:57.0089 0x0aa4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:21:57.0089 0x0aa4 mssmbios - ok
10:21:57.0120 0x0aa4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
10:21:57.0120 0x0aa4 MSTEE - ok
10:21:57.0167 0x0aa4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:21:57.0167 0x0aa4 MTConfig - ok
10:21:57.0198 0x0aa4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
10:21:57.0198 0x0aa4 Mup - ok
10:21:57.0276 0x0aa4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
10:21:57.0292 0x0aa4 napagent - ok
10:21:57.0401 0x0aa4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
10:21:57.0401 0x0aa4 NativeWifiP - ok
10:21:57.0526 0x0aa4 [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:21:57.0541 0x0aa4 NDIS - ok
10:21:57.0619 0x0aa4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:57.0619 0x0aa4 NdisCap - ok
10:21:57.0713 0x0aa4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:57.0713 0x0aa4 NdisTapi - ok
10:21:57.0744 0x0aa4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:57.0744 0x0aa4 Ndisuio - ok
10:21:57.0807 0x0aa4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:57.0807 0x0aa4 NdisWan - ok
10:21:57.0838 0x0aa4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
10:21:57.0838 0x0aa4 NDProxy - ok
10:21:57.0978 0x0aa4 [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
10:21:57.0978 0x0aa4 Netaapl - ok
10:21:58.0009 0x0aa4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
10:21:58.0025 0x0aa4 NetBIOS - ok
10:21:58.0087 0x0aa4 [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
10:21:58.0103 0x0aa4 NetBT - ok
10:21:58.0119 0x0aa4 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] Netlogon        C:\Windows\system32\lsass.exe
10:21:58.0119 0x0aa4 Netlogon - ok
10:21:58.0212 0x0aa4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
10:21:58.0212 0x0aa4 Netman - ok
10:21:58.0306 0x0aa4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:21:58.0337 0x0aa4 NetMsmqActivator - ok
10:21:58.0353 0x0aa4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:21:58.0368 0x0aa4 NetPipeActivator - ok
10:21:58.0399 0x0aa4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
10:21:58.0399 0x0aa4 netprofm - ok
10:21:58.0540 0x0aa4 [ 3B7DE4C730202F6F5B0CB202990AA6EF, 468A3E1C76120624951CC626FE8EC4189C6B7A39584F58DDE9A92490D35C55B5 ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
10:21:58.0571 0x0aa4 netr28x - ok
10:21:58.0587 0x0aa4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:21:58.0602 0x0aa4 NetTcpActivator - ok
10:21:58.0602 0x0aa4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:21:58.0602 0x0aa4 NetTcpPortSharing - ok
10:21:58.0649 0x0aa4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
10:21:58.0649 0x0aa4 nfrd960 - ok
10:21:58.0696 0x0aa4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:21:58.0711 0x0aa4 NlaSvc - ok
10:21:58.0743 0x0aa4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:21:58.0743 0x0aa4 Npfs - ok
10:21:58.0821 0x0aa4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
10:21:58.0821 0x0aa4 nsi - ok
10:21:58.0867 0x0aa4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:21:58.0867 0x0aa4 nsiproxy - ok
10:21:58.0945 0x0aa4 [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:21:59.0008 0x0aa4 Ntfs - ok
10:21:59.0008 0x0aa4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
10:21:59.0008 0x0aa4 Null - ok
10:21:59.0039 0x0aa4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:21:59.0055 0x0aa4 nvraid - ok
10:21:59.0070 0x0aa4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:21:59.0070 0x0aa4 nvstor - ok
10:21:59.0086 0x0aa4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp

Re: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 7:02 pm

C:\Windows\system32\drivers\nv_agp.sys
10:21:59.0086 0x0aa4 nv_agp - ok
10:21:59.0101 0x0aa4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:21:59.0101 0x0aa4 ohci1394 - ok
10:21:59.0195 0x0aa4 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:21:59.0195 0x0aa4 ose64 - ok
10:21:59.0663 0x0aa4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:21:59.0819 0x0aa4 osppsvc - ok
10:21:59.0850 0x0aa4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:21:59.0866 0x0aa4 p2pimsvc - ok
10:21:59.0881 0x0aa4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
10:21:59.0897 0x0aa4 p2psvc - ok
10:21:59.0913 0x0aa4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
10:21:59.0913 0x0aa4 Parport - ok
10:21:59.0975 0x0aa4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
10:21:59.0975 0x0aa4 partmgr - ok
10:22:00.0022 0x0aa4 [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:22:00.0022 0x0aa4 PcaSvc - ok
10:22:00.0037 0x0aa4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
10:22:00.0037 0x0aa4 pci - ok
10:22:00.0053 0x0aa4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
10:22:00.0053 0x0aa4 pciide - ok
10:22:00.0084 0x0aa4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:22:00.0084 0x0aa4 pcmcia - ok
10:22:00.0115 0x0aa4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
10:22:00.0115 0x0aa4 pcw - ok
10:22:00.0131 0x0aa4 pdfcDispatcher - ok
10:22:00.0162 0x0aa4 [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:22:00.0178 0x0aa4 PEAUTH - ok
10:22:00.0240 0x0aa4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:22:00.0271 0x0aa4 PerfHost - ok
10:22:00.0334 0x0aa4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
10:22:00.0381 0x0aa4 pla - ok
10:22:00.0412 0x0aa4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:22:00.0427 0x0aa4 PlugPlay - ok
10:22:00.0443 0x0aa4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
10:22:00.0443 0x0aa4 PNRPAutoReg - ok
10:22:00.0459 0x0aa4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
10:22:00.0459 0x0aa4 PNRPsvc - ok
10:22:00.0505 0x0aa4 [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
10:22:00.0521 0x0aa4 PolicyAgent - ok
10:22:00.0552 0x0aa4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
10:22:00.0552 0x0aa4 Power - ok
10:22:00.0583 0x0aa4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:22:00.0583 0x0aa4 PptpMiniport - ok
10:22:00.0599 0x0aa4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
10:22:00.0599 0x0aa4 Processor - ok
10:22:00.0630 0x0aa4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
10:22:00.0630 0x0aa4 ProfSvc - ok
10:22:00.0646 0x0aa4 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] ProtectedStorage C:\Windows\system32\lsass.exe
10:22:00.0646 0x0aa4 ProtectedStorage - ok
10:22:00.0661 0x0aa4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:22:00.0661 0x0aa4 Psched - ok
10:22:00.0724 0x0aa4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:22:00.0771 0x0aa4 ql2300 - ok
10:22:00.0802 0x0aa4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:22:00.0802 0x0aa4 ql40xx - ok
10:22:00.0817 0x0aa4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
10:22:00.0833 0x0aa4 QWAVE - ok
10:22:00.0833 0x0aa4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:22:00.0833 0x0aa4 QWAVEdrv - ok
10:22:00.0849 0x0aa4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:22:00.0864 0x0aa4 RasAcd - ok
10:22:00.0880 0x0aa4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
10:22:00.0880 0x0aa4 RasAgileVpn - ok
10:22:00.0895 0x0aa4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
10:22:00.0895 0x0aa4 RasAuto - ok
10:22:00.0911 0x0aa4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
10:22:00.0911 0x0aa4 Rasl2tp - ok
10:22:00.0942 0x0aa4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
10:22:00.0942 0x0aa4 RasMan - ok
10:22:00.0958 0x0aa4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:22:00.0973 0x0aa4 RasPppoe - ok
10:22:00.0973 0x0aa4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
10:22:00.0989 0x0aa4 RasSstp - ok
10:22:01.0005 0x0aa4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
10:22:01.0020 0x0aa4 rdbss - ok
10:22:01.0036 0x0aa4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:22:01.0036 0x0aa4 rdpbus - ok
10:22:01.0051 0x0aa4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:22:01.0051 0x0aa4 RDPCDD - ok
10:22:01.0067 0x0aa4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:22:01.0067 0x0aa4 RDPENCDD - ok
10:22:01.0083 0x0aa4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:22:01.0083 0x0aa4 RDPREFMP - ok
10:22:01.0192 0x0aa4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:22:01.0192 0x0aa4 RdpVideoMiniport - ok
10:22:01.0270 0x0aa4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
10:22:01.0270 0x0aa4 RDPWD - ok
10:22:01.0301 0x0aa4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:22:01.0301 0x0aa4 rdyboost - ok
10:22:01.0317 0x0aa4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:22:01.0317 0x0aa4 RemoteAccess - ok
10:22:01.0332 0x0aa4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:22:01.0348 0x0aa4 RemoteRegistry - ok
10:22:01.0395 0x0aa4 [ 085D18C71AB2611A3D61528132B6501E, 2AD2DD88EBD8C498E3043CDAA37E83C69F7FE2FD6B65524F631527555B80C112 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
10:22:01.0410 0x0aa4 RoxioNow Service - ok
10:22:01.0426 0x0aa4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:22:01.0441 0x0aa4 RpcEptMapper - ok
10:22:01.0441 0x0aa4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
10:22:01.0457 0x0aa4 RpcLocator - ok
10:22:01.0504 0x0aa4 [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
10:22:01.0519 0x0aa4 RpcSs - ok
10:22:01.0535 0x0aa4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:22:01.0535 0x0aa4 rspndr - ok
10:22:01.0566 0x0aa4 [ F4C374B1C46DE294B573BB43723AC3F6, 9B8A40BF54262A1949661596CB753D0B591E94577470ED44D498042BD3EA7C10 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
10:22:01.0566 0x0aa4 RTL8167 - ok
10:22:01.0597 0x0aa4 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] SamSs           C:\Windows\system32\lsass.exe
10:22:01.0597 0x0aa4 SamSs - ok
10:22:01.0629 0x0aa4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:22:01.0629 0x0aa4 sbp2port - ok
10:22:01.0675 0x0aa4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:22:01.0675 0x0aa4 SCardSvr - ok
10:22:01.0691 0x0aa4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:22:01.0691 0x0aa4 scfilter - ok
10:22:01.0769 0x0aa4 [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
10:22:01.0800 0x0aa4 Schedule - ok
10:22:01.0816 0x0aa4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
10:22:01.0816 0x0aa4 SCPolicySvc - ok
10:22:01.0863 0x0aa4 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
10:22:01.0863 0x0aa4 sdbus - ok
10:22:01.0878 0x0aa4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:22:01.0878 0x0aa4 SDRSVC - ok
10:22:01.0972 0x0aa4 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:22:02.0050 0x0aa4 SDScannerService - ok
10:22:02.0143 0x0aa4 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:22:02.0237 0x0aa4 SDUpdateService - ok
10:22:02.0268 0x0aa4 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:22:02.0284 0x0aa4 SDWSCService - ok
10:22:02.0299 0x0aa4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:22:02.0299 0x0aa4 secdrv - ok
10:22:02.0346 0x0aa4 [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
10:22:02.0346 0x0aa4 seclogon - ok
10:22:02.0362 0x0aa4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
10:22:02.0362 0x0aa4 SENS - ok
10:22:02.0377 0x0aa4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:22:02.0377 0x0aa4 SensrSvc - ok
10:22:02.0409 0x0aa4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
10:22:02.0409 0x0aa4 Serenum - ok
10:22:02.0424 0x0aa4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
10:22:02.0424 0x0aa4 Serial - ok
10:22:02.0440 0x0aa4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:22:02.0455 0x0aa4 sermouse - ok
10:22:02.0471 0x0aa4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
10:22:02.0471 0x0aa4 SessionEnv - ok
10:22:02.0487 0x0aa4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
10:22:02.0487 0x0aa4 sffdisk - ok
10:22:02.0502 0x0aa4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:22:02.0502 0x0aa4 sffp_mmc - ok
10:22:02.0502 0x0aa4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
10:22:02.0502 0x0aa4 sffp_sd - ok
10:22:02.0518 0x0aa4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
10:22:02.0518 0x0aa4 sfloppy - ok
10:22:02.0549 0x0aa4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:22:02.0565 0x0aa4 SharedAccess - ok
10:22:02.0596 0x0aa4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:22:02.0596 0x0aa4 ShellHWDetection - ok
10:22:02.0611 0x0aa4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:22:02.0627 0x0aa4 SiSRaid2 - ok
10:22:02.0643 0x0aa4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:22:02.0643 0x0aa4 SiSRaid4 - ok
10:22:02.0721 0x0aa4 [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
10:22:02.0736 0x0aa4 SkypeUpdate - ok
10:22:02.0752 0x0aa4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
10:22:02.0752 0x0aa4 Smb - ok
10:22:02.0783 0x0aa4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:22:02.0783 0x0aa4 SNMPTRAP - ok
10:22:02.0783 0x0aa4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
10:22:02.0783 0x0aa4 spldr - ok
10:22:02.0845 0x0aa4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
10:22:02.0861 0x0aa4 Spooler - ok
10:22:02.0970 0x0aa4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
10:22:03.0064 0x0aa4 sppsvc - ok
10:22:03.0079 0x0aa4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
10:22:03.0079 0x0aa4 sppuinotify - ok
10:22:03.0142 0x0aa4 [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
10:22:03.0157 0x0aa4 srv - ok
10:22:03.0173 0x0aa4 [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:22:03.0189 0x0aa4 srv2 - ok
10:22:03.0204 0x0aa4 [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:22:03.0204 0x0aa4 srvnet - ok
10:22:03.0220 0x0aa4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
10:22:03.0220 0x0aa4 SSDPSRV - ok
10:22:03.0235 0x0aa4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
10:22:03.0235 0x0aa4 SstpSvc - ok
10:22:03.0267 0x0aa4 [ E942412186178B1331F8335E30FA076F, 000CA0F392A1CEA4F7843364A3639CF2ADB66BE48A6850C6AD61DD252E7727B3 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
10:22:03.0282 0x0aa4 STacSV - ok
10:22:03.0298 0x0aa4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:22:03.0298 0x0aa4 stexstor - ok
10:22:03.0329 0x0aa4 [ DCC8845692DEA3477BCF6CE9D06C711F, 22EFA0620B99E73FE9296540DB3A7AFC8E39E0ADCEE6419084218B504A550FBE ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
10:22:03.0345 0x0aa4 STHDA - ok
10:22:03.0376 0x0aa4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
10:22:03.0391 0x0aa4 stisvc - ok
10:22:03.0407 0x0aa4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:22:03.0407 0x0aa4 swenum - ok
10:22:03.0547 0x0aa4 [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:22:03.0563 0x0aa4 SwitchBoard - ok
10:22:03.0610 0x0aa4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
10:22:03.0625 0x0aa4 swprv - ok
10:22:03.0719 0x0aa4 [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
10:22:03.0797 0x0aa4 SysMain - ok
10:22:03.0828 0x0aa4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:22:03.0828 0x0aa4 TabletInputService - ok
10:22:03.0844 0x0aa4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
10:22:03.0859 0x0aa4 TapiSrv - ok
10:22:03.0953 0x0aa4 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
10:22:04.0015 0x0aa4 Tcpip - ok
10:22:04.0078 0x0aa4 [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:22:04.0125 0x0aa4 TCPIP6 - ok
10:22:04.0156 0x0aa4 [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:22:04.0156 0x0aa4 tcpipreg - ok
10:22:04.0171 0x0aa4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:22:04.0171 0x0aa4 TDPIPE - ok
10:22:04.0203 0x0aa4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
10:22:04.0218 0x0aa4 TDTCP - ok
10:22:04.0249 0x0aa4 [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
10:22:04.0265 0x0aa4 tdx - ok
10:22:04.0265 0x0aa4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:22:04.0265 0x0aa4 TermDD - ok
10:22:04.0327 0x0aa4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
10:22:04.0343 0x0aa4 TermService - ok
10:22:04.0374 0x0aa4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
10:22:04.0374 0x0aa4 Themes - ok
10:22:04.0405 0x0aa4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
10:22:04.0405 0x0aa4 THREADORDER - ok
10:22:04.0421 0x0aa4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
10:22:04.0437 0x0aa4 TrkWks - ok
10:22:04.0483 0x0aa4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:22:04.0483 0x0aa4 TrustedInstaller - ok
10:22:04.0530 0x0aa4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:22:04.0546 0x0aa4 tssecsrv - ok
10:22:04.0593 0x0aa4 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:22:04.0593 0x0aa4 TsUsbFlt - ok
10:22:04.0639 0x0aa4 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
10:22:04.0639 0x0aa4 TsUsbGD - ok
10:22:04.0671 0x0aa4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:22:04.0671 0x0aa4 tunnel - ok
10:22:04.0686 0x0aa4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:22:04.0686 0x0aa4 uagp35 - ok
10:22:04.0717 0x0aa4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:22:04.0717 0x0aa4 udfs - ok
10:22:04.0733 0x0aa4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
10:22:04.0749 0x0aa4 UI0Detect - ok
10:22:04.0749 0x0aa4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:22:04.0764 0x0aa4 uliagpkx - ok
10:22:04.0764 0x0aa4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
10:22:04.0780 0x0aa4 umbus - ok
10:22:04.0780 0x0aa4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:22:04.0780 0x0aa4 UmPass - ok
10:22:04.0811 0x0aa4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
10:22:04.0811 0x0aa4 upnphost - ok
10:22:04.0873 0x0aa4 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
10:22:04.0873 0x0aa4 USBAAPL64 - ok
10:22:04.0920 0x0aa4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:22:04.0920 0x0aa4 usbaudio - ok
10:22:04.0967 0x0aa4 [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
10:22:04.0967 0x0aa4 usbccgp - ok
10:22:05.0014 0x0aa4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:22:05.0014 0x0aa4 usbcir - ok
10:22:05.0029 0x0aa4 [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
10:22:05.0029 0x0aa4 usbehci - ok
10:22:05.0045 0x0aa4 [ 573D192E268F0C5B486B7E96F661E538, 0F32BD82CA7B5D4DE234EFC6527EF4C854BD15B3057FE4A0151C70115493FFDC ] usbfilter       C:\Windows\system32\drivers\usbfilter.sys
10:22:05.0061 0x0aa4 usbfilter - ok
10:22:05.0076 0x0aa4 [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
10:22:05.0092 0x0aa4 usbhub - ok
10:22:05.0092 0x0aa4 [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
10:22:05.0092 0x0aa4 usbohci - ok
10:22:05.0107 0x0aa4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
10:22:05.0107 0x0aa4 usbprint - ok
10:22:05.0123 0x0aa4 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
10:22:05.0123 0x0aa4 usbscan - ok
10:22:05.0170 0x0aa4 [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:22:05.0170 0x0aa4 USBSTOR - ok
10:22:05.0217 0x0aa4 [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
10:22:05.0217 0x0aa4 usbuhci - ok
10:22:05.0263 0x0aa4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:22:05.0279 0x0aa4 usbvideo - ok
10:22:05.0295 0x0aa4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
10:22:05.0295 0x0aa4 UxSms - ok
10:22:05.0310 0x0aa4 [ 92DAF7D21711117B007608CB50FBD2E2, 6C1FBCE3699C76BDACAC37C04002C85A6AF38BF610F579F6FFEC95302D449CDC ] VaultSvc        C:\Windows\system32\lsass.exe
10:22:05.0310 0x0aa4 VaultSvc - ok
10:22:05.0310 0x0aa4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:22:05.0326 0x0aa4 vdrvroot - ok
10:22:05.0341 0x0aa4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
10:22:05.0357 0x0aa4 vds - ok
10:22:05.0373 0x0aa4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
10:22:05.0373 0x0aa4 vga - ok
10:22:05.0388 0x0aa4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
10:22:05.0388 0x0aa4 VgaSave - ok
10:22:05.0404 0x0aa4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
10:22:05.0419 0x0aa4 vhdmp - ok
10:22:05.0466 0x0aa4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:22:05.0466 0x0aa4 viaide - ok
10:22:05.0482 0x0aa4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:22:05.0497 0x0aa4 volmgr - ok
10:22:05.0513 0x0aa4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
10:22:05.0529 0x0aa4 volmgrx - ok
10:22:05.0575 0x0aa4 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
10:22:05.0591 0x0aa4 volsnap - ok
10:22:05.0607 0x0aa4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
10:22:05.0607 0x0aa4 vsmraid - ok
10:22:05.0669 0x0aa4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
10:22:05.0716 0x0aa4 VSS - ok
10:22:05.0731 0x0aa4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:22:05.0731 0x0aa4 vwifibus - ok
10:22:05.0747 0x0aa4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:22:05.0747 0x0aa4 vwififlt - ok
10:22:05.0763 0x0aa4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
10:22:05.0778 0x0aa4 vwifimp - ok
10:22:05.0794 0x0aa4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
10:22:05.0809 0x0aa4 W32Time - ok
10:22:05.0841 0x0aa4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:22:05.0841 0x0aa4 WacomPen - ok
10:22:05.0872 0x0aa4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:22:05.0872 0x0aa4 WANARP - ok
10:22:05.0872 0x0aa4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:22:05.0872 0x0aa4 Wanarpv6 - ok
10:22:05.0950 0x0aa4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
10:22:05.0997 0x0aa4 WatAdminSvc - ok
10:22:06.0137 0x0aa4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
10:22:06.0199 0x0aa4 wbengine - ok
10:22:06.0215 0x0aa4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:22:06.0215 0x0aa4 WbioSrvc - ok
10:22:06.0231 0x0aa4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
10:22:06.0246 0x0aa4 wcncsvc - ok
10:22:06.0262 0x0aa4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:22:06.0262 0x0aa4 WcsPlugInService - ok
10:22:06.0277 0x0aa4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
10:22:06.0277 0x0aa4 Wd - ok
10:22:06.0340 0x0aa4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:22:06.0355 0x0aa4 Wdf01000 - ok
10:22:06.0402 0x0aa4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:22:06.0402 0x0aa4 WdiServiceHost - ok
10:22:06.0402 0x0aa4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
10:22:06.0418 0x0aa4 WdiSystemHost - ok
10:22:06.0465 0x0aa4 [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
10:22:06.0465 0x0aa4 WebClient - ok
10:22:06.0480 0x0aa4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:22:06.0496 0x0aa4 Wecsvc - ok
10:22:06.0511 0x0aa4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
10:22:06.0511 0x0aa4 wercplsupport - ok
10:22:06.0527 0x0aa4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:22:06.0543 0x0aa4 WerSvc - ok
10:22:06.0543 0x0aa4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:22:06.0543 0x0aa4 WfpLwf - ok
10:22:06.0574 0x0aa4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:22:06.0574 0x0aa4 WIMMount - ok
10:22:06.0589 0x0aa4 WinDefend - ok
10:22:06.0605 0x0aa4 WinHttpAutoProxySvc - ok
10:22:06.0636 0x0aa4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
10:22:06.0652 0x0aa4 Winmgmt - ok
10:22:06.0714 0x0aa4 [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
10:22:06.0777 0x0aa4 WinRM - ok
10:22:06.0808 0x0aa4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
10:22:06.0808 0x0aa4 WinUsb - ok
10:22:06.0855 0x0aa4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
10:22:06.0870 0x0aa4 Wlansvc - ok
10:22:06.0917 0x0aa4 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:22:06.0933 0x0aa4 wlcrasvc - ok
10:22:07.0011 0x0aa4 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:22:07.0073 0x0aa4 wlidsvc - ok
10:22:07.0089 0x0aa4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
10:22:07.0089 0x0aa4 WmiAcpi - ok
10:22:07.0120 0x0aa4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:22:07.0120 0x0aa4 wmiApSrv - ok
10:22:07.0120 0x0aa4 WMPNetworkSvc - ok
10:22:07.0135 0x0aa4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:22:07.0135 0x0aa4 WPCSvc - ok
10:22:07.0151 0x0aa4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:22:07.0151 0x0aa4 WPDBusEnum - ok
10:22:07.0167 0x0aa4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
10:22:07.0167 0x0aa4 ws2ifsl - ok
10:22:07.0182 0x0aa4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
10:22:07.0198 0x0aa4 wscsvc - ok
10:22:07.0245 0x0aa4 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
10:22:07.0245 0x0aa4 WSDPrintDevice - ok
10:22:07.0260 0x0aa4 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
10:22:07.0260 0x0aa4 WSDScan - ok
10:22:07.0260 0x0aa4 WSearch - ok
10:22:07.0369 0x0aa4 [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:22:07.0463 0x0aa4 wuauserv - ok
10:22:07.0525 0x0aa4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:22:07.0525 0x0aa4 WudfPf - ok
10:22:07.0541 0x0aa4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:22:07.0557 0x0aa4 WUDFRd - ok
10:22:07.0603 0x0aa4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
10:22:07.0603 0x0aa4 wudfsvc - ok
10:22:07.0650 0x0aa4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
10:22:07.0666 0x0aa4 WwanSvc - ok
10:22:07.0681 0x0aa4 ================ Scan global ===============================
10:22:07.0713 0x0aa4 [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
10:22:07.0759 0x0aa4 [ A5794B1E3ACEF48E716F0A89C83C1AEA, B904C861CBDAF00341F8697BD05C2E66C23CF4D6C94E19AF464D898436F34D73 ] C:\Windows\system32\winsrv.dll
10:22:07.0775 0x0aa4 [ A5794B1E3ACEF48E716F0A89C83C1AEA, B904C861CBDAF00341F8697BD05C2E66C23CF4D6C94E19AF464D898436F34D73 ] C:\Windows\system32\winsrv.dll
10:22:07.0806 0x0aa4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
10:22:07.0853 0x0aa4 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
10:22:07.0853 0x0aa4 [ Global ] - ok
10:22:07.0853 0x0aa4 ================ Scan MBR ==================================
10:22:07.0900 0x0aa4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:22:08.0118 0x0aa4 \Device\Harddisk0\DR0 - ok
10:22:08.0118 0x0aa4 ================ Scan VBR ==================================
10:22:08.0118 0x0aa4 [ 01FD6FEA6919A8051DFA9BAB900AC690 ] \Device\Harddisk0\DR0\Partition1
10:22:08.0118 0x0aa4 \Device\Harddisk0\DR0\Partition1 - ok
10:22:08.0118 0x0aa4 [ 5EFD4EC073263DA504B50C19F71D66C0 ] \Device\Harddisk0\DR0\Partition2
10:22:08.0118 0x0aa4 \Device\Harddisk0\DR0\Partition2 - ok
10:22:08.0118 0x0aa4 [ 2E08117F65FD2DB0B3C1337551A32C3E ] \Device\Harddisk0\DR0\Partition3
10:22:08.0134 0x0aa4 \Device\Harddisk0\DR0\Partition3 - ok
10:22:08.0134 0x0aa4 ================ Scan generic autorun ======================
10:22:08.0149 0x0aa4 [ 13392E518730835DC9584C60B04E77C2, E4CF50A5D0777A51CACFBA144CD41621BDE2C4CBB5678C8C2624F7612F9DEE11 ] C:\Program Files\IDT\WDM\beats64.exe
10:22:08.0149 0x0aa4 BeatsOSDApp - ok
10:22:08.0196 0x0aa4 [ 0899CF4DED834760397AA8C5DDD264F4, 00AB9C5A588473571A6FB42E03956B07FAA65B57945048AE0583BACE2A22C236 ] C:\Program Files\IDT\WDM\sttray64.exe
10:22:08.0227 0x0aa4 SysTrayApp - ok
10:22:08.0259 0x0aa4 [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
10:22:08.0259 0x0aa4 hpsysdrv - ok
10:22:08.0337 0x0aa4 [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
10:22:08.0352 0x0aa4 BCSSync - ok
10:22:08.0430 0x0aa4 [ 1315C5C5C54CE2AA37A155F97027DB59, 70CDA6AE7FF4FD08FAD931477C524957952EDC89985696FD988B9786A349C565 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
10:22:08.0430 0x0aa4 AdobeAAMUpdater-1.0 - ok
10:22:08.0508 0x0aa4 [ 9C3F26DCA9142F16ED3D7EE8AB4E417D, 867AD96CB5738266E5BC93E424EA1673881C5F5FBF19C7B699F800C7206CA929 ] C:\Program Files\iTunes\iTunesHelper.exe
10:22:08.0524 0x0aa4 iTunesHelper - ok
10:22:08.0571 0x0aa4 [ 4E3B81812B7C95F06A6E535E10EAA4DB, BC099ED5412907227BDCF487D89E1F16A01CA476524E86E8AB0FB4AA118059F9 ] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
10:22:08.0602 0x0aa4 StartCCC - ok
10:22:08.0617 0x0aa4 [ 5516C26A6AF8EB4E2CAB48EC98A74398, 2BF161DE944090B3B3792AE8F5985FCB09744B3EE626E8253A3861D86284652D ] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
10:22:08.0617 0x0aa4 HP Software Update - ok
10:22:08.0727 0x0aa4 [ D871A58A7DB7B8D4E78D844BADF6931B, 41C34B1322D54F11DD99BF9B64B2BD9FCFB2916017A0EE4BD1025EC6FF7F969E ] C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe
10:22:08.0773 0x0aa4 Spotify Web Helper - ok
10:22:08.0851 0x0aa4 [ CA595FA53E6C797EC1AB43AFB4B4F183, A0A7DDD2ECA97D6533DF908861C000B69C327184F4FFC7C4D971AE4651AD337F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
10:22:08.0851 0x0aa4 iCloudServices - ok
10:22:08.0945 0x0aa4 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
10:22:08.0945 0x0aa4 EPLTarget\P0000000000000001 - ok
10:22:08.0961 0x0aa4 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
10:22:08.0976 0x0aa4 EPLTarget\P0000000000000002 - ok
10:22:08.0976 0x0aa4 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
10:22:08.0992 0x0aa4 EPLTarget\P0000000000000000 - ok
10:22:09.0007 0x0aa4 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
10:22:09.0007 0x0aa4 EPLTarget\P0000000000000002 - ok
10:22:09.0023 0x0aa4 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
10:22:09.0039 0x0aa4 EPLTarget\P0000000000000001 - ok
10:22:09.0039 0x0aa4 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
10:22:09.0054 0x0aa4 EPLTarget\P0000000000000000 - ok
10:22:09.0085 0x0aa4 Facebook Update - ok
10:22:09.0085 0x0aa4 Steam - ok
10:22:09.0101 0x0aa4 [ 6ECE746BB283927604DA192CA0D1403D, 327E1E908B6DB1C8414B31DB277EF5EABA340B2EE7FEE19349860B3C8F7778FE ] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE
10:22:09.0117 0x0aa4 EPLTarget\P0000000000000001 - ok
10:22:09.0241 0x0aa4 [ E11775E9CC132A91A0918E3C8A536343, 85FAB7BF6B69DA7992E216B230D62520F5F5F87EB003AC4B98394CD60AE369FC ] C:\Users\Guest\AppData\Roaming\Spotify\SpotifyWebHelper.exe
10:22:09.0288 0x0aa4 Spotify Web Helper - ok
10:22:09.0507 0x0aa4 [ D698C43D244DD4520BBABC381C0B8C21, A2F0173F60CD2B44C8665CD3C53847BD15A408CF598014291EC2B6A82D60346B ] C:\Users\Guest\AppData\Roaming\Spotify\Spotify.exe
10:22:09.0709 0x0aa4 Spotify - ok
10:22:09.0709 0x0aa4 Waiting for KSN requests completion. In queue: 102
10:22:10.0786 0x0aa4 Win FW state via NFP2: enabled ( trusted )
10:22:11.0098 0x0aa4 ============================================================
10:22:11.0098 0x0aa4 Scan finished
10:22:11.0098 0x0aa4 ============================================================
10:22:11.0098 0x0a98 Detected object count: 0
10:22:11.0098 0x0a98 Actual detected object count: 0

Re: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 7:37 pm

Excellent work... all of that helped a lot...

Go to Start > type in Programs and select Programs and Features. Uninstall Malwarebytes' Anti-Malware, if present.

Then, please do the following for the all-new Malwarebytes 3.0:

Malwarebytes' scanner
Please download Malwarebytes' scanner to your desktop.

Double-click mb3-setup-consumer-3.x.x.xxxx and follow the prompts to install the program.
Click Finish.
On the Dashboard, click the 'Check for Updates' button.
After the update completes, click the 'Scan Now' button.
A Threat Scan will begin. Please allow it to progress through the scanning process.
When the scan is complete, if there have been detections, click Quarantines Selected button to allow the program to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs: (Export log to save as txt)

After the restart once you are back at your desktop, open Malwarebytes once more.
Click on the Reports tab > Scan Report. (if you have done more than one scan in the past, select the most recent that shows the Date and time of the scan just performed. Press View Report button.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Find the log on your Desktop and Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

Re: [INACTIVE] EXTREMELY slow computer with terrible startup12th December 2016, 1:32 am

I'm assuming we don't need to worry about the other FarBar scan, the one you wanted to make sure everything is okay? I had it running over the weekend, apparently it finished but power shut off at home. I do not see that it produced any new logs.

With your okay, I'll proceed with the next instructions.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup12th December 2016, 2:41 am

Oh... Yes, proceed with next instructions. Well done! Smile...

Re: [INACTIVE] EXTREMELY slow computer with terrible startup19th December 2016, 1:12 am

Okay! It's been officially 1 week since I've started that Malwarebytes scan. I have not shut it off since then.
It seems to be stuck at the "Scan File System" part of the scan, but I've also caught it going into the "Heuristics Analysis" for a few hours until it regresses back to the previous check. Right now the current time elapsed is 14:47:00 and counting. Obviously it's a lot more than that lol. . .

Re: [INACTIVE] EXTREMELY slow computer with terrible startup19th December 2016, 1:31 am

Sorry that occurred... Did not expect that. Glad you updated me...

Please Download OTL.exe by OldTimer to your Desktop.

Close all windows and double click OTL.exe.
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
You may need to use two posts to get it all.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 12:00 am

I was able to download OTL and leave it on my desktop, but nothing happens when I try to hit "Run Scan". I let it run overnight and still see it has not started.

EDIT: Nevermind! The window was not maximized. It shows the search at the very bottom. Yikes

Re: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 1:32 am

Okay, try once more and let me know if it ends up working please. Smile...

Re: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 10:14 pm

OTL logfile created on: 12/19/2016 11:30:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18524)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.65 Gb Available Physical Memory | 84.83% Memory free
10.97 Gb Paging File | 10.18 Gb Available in Paging File | 92.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.87 Gb Total Space | 208.22 Gb Free Space | 22.64% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.38 Gb Free Space | 11.96% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016/12/19 11:23:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV:64bit: - [2016/11/29 12:43:36 | 004,317,648 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2016/10/27 10:37:41 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2016/08/22 08:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2015/09/20 10:14:07 | 000,674,800 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/02/27 06:01:02 | 000,151,648 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Stopped] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/07/04 01:26:28 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/24 10:23:14 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 01:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/04/14 19:01:46 | 001,052,328 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxeecoms.exe -- (lxee_device)
SRV:64bit: - [2009/03/03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/04/20 11:24:32 | 000,566,704 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxblcoms.exe -- (lxbl_device)
SRV - [2016/12/16 22:34:17 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/11/08 17:13:08 | 000,270,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2016/09/20 11:54:54 | 000,324,224 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016/08/15 02:56:34 | 000,029,728 | ---- | M] (HP Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2015/11/05 20:36:48 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2011/05/05 15:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/11/26 06:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2007/04/20 11:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxblcoms.exe -- (lxbl_device)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2016/12/19 23:13:54 | 000,043,968 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:64bit: - [2016/12/19 23:12:02 | 000,250,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2016/12/11 20:04:53 | 000,176,064 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MBAMChameleon.sys -- (MBAMChameleon)
DRV:64bit: - [2015/06/10 22:08:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 21:21:30 | 001,874,016 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/15 23:58:14 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/15 23:58:14 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/04 02:02:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/04 00:44:02 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 02:35:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/04/22 02:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 17:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 17:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/04 14:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 14:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/12/15 19:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{866B19C7-65C3-4340-A244-92A88B9FBFC3}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 96 82 2E 83 A8 21 D2 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:3.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:50.1.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2: C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.9: C:\Users\user\AppData\Roaming\ACEStream\player\npace_plugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\e-webprint@epson.com: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016/01/14 23:53:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 50.1.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/21 00:55:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2014/05/25 01:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ct9tl7mi.default\extensions
[2014/05/25 01:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\ct9tl7mi.default\extensions\staged
[2016/11/23 13:46:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\extensions
[2016/11/23 13:46:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\extensions\trash
[2015/05/31 07:57:36 | 000,156,023 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fcpzgi7g.default-1395282151623\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2016/11/23 13:46:09 | 001,055,311 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fcpzgi7g.default-1395282151623\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/08/20 04:06:14 | 000,328,479 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fcpzgi7g.default-1395282151623\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2016/10/28 22:59:21 | 001,054,986 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fcpzgi7g.default-1395282151623\extensions\trash\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2016/03/12 14:06:33 | 000,003,027 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\fcpzgi7g.default-1395282151623\searchplugins\google-lavasoft.xml
[2016/11/17 16:39:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2016/11/17 16:39:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2016/11/17 16:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2016/11/17 16:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2016/12/16 22:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\3.3.2_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\3.4.0_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.955_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\12.0.124_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo\1.0.4_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5316.725.0.15_0\
CHR - Extension: No name found = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5416.905.0.6_0\

O1 HOSTS File: ([2016/12/04 00:01:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll File not found
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (HP Inc.)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (HP Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Camera Assistant Software for ViewSonic\traybar.exe (Chicony)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000001" /M "WF-3520 Series" File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000002" /M "WF-3520 Series" File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\user\AppData\Roaming\Spotify\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 11.91.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 11.91.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D5C3D27-403F-45C6-A3FF-D29F3ACBE4C2}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8D08E84-D6B4-4B9B-8D1E-C8A47B5D033C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016/12/19 03:09:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2016/12/11 20:04:53 | 000,176,064 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2016/12/11 20:04:53 | 000,102,856 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2016/12/11 20:04:53 | 000,081,696 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/12/11 20:04:48 | 000,043,968 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/12/11 20:04:43 | 000,250,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/12/11 20:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2016/12/11 20:04:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2016/12/11 20:00:53 | 051,969,976 | ---- | C] (Malwarebytes ) -- C:\Users\user\Desktop\mb3-setup-consumer-3.0.4.1269(1).exe
[2016/12/06 12:31:06 | 004,747,704 | ---- | C] (AO Kaspersky Lab) -- C:\Users\user\Desktop\tdsskiller.exe
[2016/12/04 10:19:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2016/12/03 16:06:42 | 005,659,954 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2016/12/01 20:40:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2016/12/01 20:40:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2016/12/01 20:40:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2016/12/01 20:25:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2016/12/01 19:51:46 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2016/11/25 22:07:46 | 000,000,000 | ---D | C] -- C:\FRST
[2016/11/25 21:11:08 | 006,253,640 | ---- | C] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet_2.exe

========== Files - Modified Within 30 Days ==========

[2016/12/19 23:17:49 | 000,102,856 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2016/12/19 23:13:54 | 000,043,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016/12/19 23:12:02 | 000,250,816 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016/12/19 23:11:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016/12/19 23:11:14 | 122,114,047 | -HS- | M] () -- C:\hiberfil.sys
[2016/12/19 11:23:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2016/12/11 20:04:53 | 000,176,064 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMChameleon.sys
[2016/12/11 20:04:53 | 000,081,696 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mwac.sys
[2016/12/11 20:04:32 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2016/12/11 20:03:36 | 051,969,976 | ---- | M] (Malwarebytes ) -- C:\Users\user\Desktop\mb3-setup-consumer-3.0.4.1269(1).exe
[2016/12/11 12:34:42 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/12/11 12:34:42 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016/12/11 12:34:42 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016/12/10 09:13:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2016/12/10 08:56:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2016/12/10 08:44:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000UA.job
[2016/12/10 07:55:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuser.job
[2016/12/10 06:07:30 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016/12/10 06:07:30 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016/12/06 12:31:10 | 004,747,704 | ---- | M] (AO Kaspersky Lab) -- C:\Users\user\Desktop\tdsskiller.exe
[2016/12/04 00:01:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2016/12/01 19:36:58 | 005,659,954 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2016/11/29 16:07:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2324025828-1623389042-2555509162-1000Core.job
[2016/11/29 14:55:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2016/11/29 06:27:14 | 000,077,408 | ---- | M] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2016/11/28 16:00:05 | 000,086,814 | ---- | M] () -- C:\Users\user\Documents\FarBar.png
[2016/11/25 21:17:50 | 006,253,640 | ---- | M] (AVAST Software) -- C:\Users\Public\Desktop\avast_free_antivirus_setup_online_cnet_2.exe
[2016/11/21 23:07:28 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUSER-HP$.job

========== Files Created - No Company Name ==========

[2016/12/11 20:04:32 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2016/12/11 20:04:30 | 000,077,408 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2016/12/11 12:34:42 | 000,782,470 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016/12/01 20:40:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2016/12/01 20:40:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2016/12/01 20:40:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2016/12/01 20:40:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2016/12/01 20:40:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2016/11/28 15:57:29 | 000,086,814 | ---- | C] () -- C:\Users\user\Documents\FarBar.png
[2015/01/08 21:45:07 | 000,000,109 | ---- | C] () -- C:\Windows\wininit.ini
[2014/05/25 10:49:02 | 000,000,045 | ---- | C] () -- C:\Users\user\AppData\Roaming\WB.CFG
[2014/05/24 23:02:44 | 000,007,608 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2016/08/29 07:31:19 | 014,183,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2016/08/29 07:12:50 | 012,880,384 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Re: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 10:24 pm

OTL Extras logfile created on: 12/19/2016 11:30:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18524)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.65 Gb Available Physical Memory | 84.83% Memory free
10.97 Gb Paging File | 10.18 Gb Available in Paging File | 92.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.87 Gb Total Space | 208.22 Gb Free Space | 22.64% Space Free | Partition Type: NTFS
Drive D: | 11.54 Gb Total Space | 1.38 Gb Free Space | 11.96% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01287F9A-F3AF-47B6-A79D-AA47EEB7CAE4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{24E061EF-79FE-479F-921E-04A8D443CA9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2ACAE1B4-B8D1-4C18-A453-382EF92523EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{35D458BC-29F7-41D2-9BCF-231C048E4436}" = lport=138 | protocol=17 | dir=in | app=system |
"{3F1DEFDF-21FB-4E8D-BF46-0B2160BA88B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{51607DED-0850-416B-863C-95685512940E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5E0F1344-EF56-4D46-A8F3-98F78C25B4AD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7F979D73-407B-4D6A-B7E1-01A65C12C67B}" = rport=445 | protocol=6 | dir=out | app=system |
"{83CDE3BC-B09F-48FC-BF21-B3AEC1A8D19A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{89075580-D9FA-4412-A658-87A1A5D1EA32}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1121CDD-B7AF-4D1B-ABDD-FC30C7688D1B}" = rport=137 | protocol=17 | dir=out | app=system |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{CAD07812-1B76-48D6-B8BF-DF12D4CBD08D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CB086F96-BB14-48A8-86E3-A89E4644F79E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CCEF2B3C-1BD7-4DAC-9EA9-8E9EB247CCE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E18BB922-D7F7-4C2A-899A-100ADA097B6B}" = rport=139 | protocol=6 | dir=out | app=system |
"{E7C6241B-A2D5-40B9-BD4B-EBE6C01EA98E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE724774-9122-4532-8544-6B646F6F351E}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03181888-5EBB-40DA-9738-81967F31F22F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{04928767-7255-4326-8A37-1EEE5153B945}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{0E474077-7176-40F7-ADC5-9B0E0B313DE9}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{11A8D8F1-C400-41F1-9B5D-73B2D84D4DED}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{11CAE389-8BF0-43AD-A4BE-92E951B6B1D9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{132D5BD1-6BAE-407A-887C-3978DF757BFB}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\acestream\engine\ace_engine.exe |
"{13A09811-A8E7-4117-9092-975560935178}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{18AED543-2950-41D3-923D-5AB010D2BE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{1DA4AFCA-47CC-42E6-904D-E09A758D2638}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{252AC2EB-8C28-4C57-8916-8D367A3930F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{26C7E964-39B7-4313-B65F-C5E564A8E375}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{2AAFEC93-47FB-4A91-ADD0-E46C1A7151BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2B42B3C6-067B-4A32-88AB-7568B8BD62A5}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{2EC6774C-5971-4579-ADCE-341AF872A863}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{32E10518-702D-464F-AA77-DA11D412ADBE}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{385AFE49-E3C4-4C3C-9E6C-3A0D94C1830A}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{3BFD9CC4-6266-4204-A688-3ACB732FD8AC}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3D858FC4-C699-457A-A8D1-CFE79BA38E4F}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{3DA13E45-1C20-4792-87DD-E0EE4C3A237E}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{3F6B3D96-CC15-4DC0-9907-A4104DFCEEEB}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{4083A5A2-CCFC-4310-BA3A-21B6C798490F}" = protocol=17 | dir=out | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{437BC1B4-B947-4702-8028-4A0E495074D7}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{4F3998E2-A4C2-4EAD-886F-222A75305DF1}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{51153FB8-ED84-4993-8541-5411A50F3462}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{5159912B-E329-476E-BBB9-48B1B89EF16F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{5254B2D3-3A59-4B96-9018-BCE358863479}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{5361E01E-8BED-4E73-8B9D-B044874AF0F8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5424F415-C0E4-483F-886D-5B78F00F8846}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{547B9ABE-BE41-4230-A4DB-D33CC91C4A03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{557E20CF-81C4-487E-95D0-6A41A522178E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{58429B1B-CCA3-4BAF-8CC0-D88EB676289A}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{599E3819-EF12-4FE9-9549-14B2A71FDCC3}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxblcoms.exe |
"{5C1B9152-0949-4070-8EC2-C67D9D1CB26E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F52F37A-DA47-42F2-BA44-BC687E57FF44}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\acestream\engine\ace_engine.exe |
"{607AE373-8F31-40BB-A4FE-0452844BBE36}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{60DBFC41-F9D1-46B8-BAF3-389C323C359F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{63E10791-2126-4002-91DE-F7180DE482A6}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{6C8A6D4B-B60C-4BCB-A029-AAD74E1A802D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D4B3ADD-D416-456C-BAB5-4EA7B6A80566}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{8473836D-0245-4C97-9C86-ECDD4692C57E}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{84FCB8AF-EED1-4461-9C40-7B6B22E75574}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A65207B-7B43-4F94-B446-EDE149EAB740}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{8B208778-860E-4EF6-BBA2-9EBDB7DFD226}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{8EE604D8-B82A-479E-AFFD-AFE4759D698F}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe |
"{A23EAB65-0F41-40F1-A65E-3AD358B47CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{ADDE7ECD-5ED1-468F-AB51-5ADDF2AA1DAC}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{B3795538-29BA-4D06-9AA6-913D92A212D4}" = protocol=6 | dir=out | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"{BB9ABEB4-B2A5-4D03-AAAE-DC6CD4A52235}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC93B914-858A-4E4A-B84E-A6C741E0BD84}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D2609B49-2FCC-497E-B847-96461FE7E412}" = protocol=17 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{D3A79EC2-B37A-450A-9373-AC641A5DC005}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D71F2BE7-FD57-4105-839E-293AE4F12835}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{DB088B72-0B58-49EC-BB25-677C27039895}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |
"{DE0FD889-DC2F-42C7-928C-DF8DD0454408}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{E10EC5DE-317C-4FE3-9610-98336659DCBE}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{E3E3A0CB-69B6-4B23-B580-0FE6B96C1F03}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E48EAB46-256D-4746-A7AA-7729C55C4B7E}" = protocol=6 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{E5D0D150-FDA9-4190-855E-9343E5B017F4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{E8F43D79-BBB9-4ACB-9D39-22CD0E2119EA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EAEB55E6-9CCF-4322-8A0F-B07E44C0A731}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED2B9E6A-D8B0-4FF7-85F6-FFA332D2306A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ED9B777E-B43F-42FE-A3FF-6F0DC0ECB482}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EDAAA742-3FD2-417F-9E1A-84F20326A59A}" = dir=in | app=c:\windows\system32\lxeecoms.exe |
"{F849AEDC-6FA9-4D75-9F84-17B815E495E0}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F8CFDFD0-2482-4508-9006-96E53464D74B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FF9D7CEB-8A64-49F2-B6DF-D0C8834B7ADC}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxblcoms.exe |
"TCP Query User{0FB1A18E-527E-409E-8BF9-55188B9DA5FE}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"TCP Query User{198B965A-405C-4093-B944-F9AB154A047A}C:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe |
"TCP Query User{2E23EEC0-2920-4442-B36D-DA63CBE39A3F}C:\users\theta\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\theta\appdata\roaming\spotify\spotify.exe |
"TCP Query User{34FC9910-726C-4F73-837B-0CF7E3F1FF6F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{370B9B87-458F-428D-8056-21B5A5464E5B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{48DDA238-5D70-4378-B520-82D863C9B9B1}C:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe |
"TCP Query User{56E6EB59-4577-4F99-A8D5-62834E49447E}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{73A883FC-54E5-42A1-A469-851EC66EA414}C:\users\guest\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\roaming\spotify\spotify.exe |
"TCP Query User{8861E5F7-72AB-4488-A203-336693D5C469}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe |
"TCP Query User{8C3B322E-9D58-43A0-A940-7CF9BC845287}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"TCP Query User{8F7C7376-6C80-42FC-845C-DE0665140724}C:\users\guest\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9EED4216-E86E-4AAA-BB77-40D7AE17D6FE}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{A1DD7821-DFE9-4137-AC8A-6F06E20DEACD}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"TCP Query User{A780B10E-4424-41A1-AF65-ED9727DF026A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{BEBEC6DF-C65C-4D44-BF58-36AD319276CA}C:\users\roger xo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\roger xo\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C79A47D2-9747-442E-8504-23A94174790A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{CBD196EA-23BD-4148-BF20-30216E8D24B6}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe |
"UDP Query User{0A14E1BE-1A71-4D84-99E2-B8830AB049FC}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{0C70A534-324B-4E6A-99F7-9E0685E381EB}C:\users\theta\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\theta\appdata\roaming\spotify\spotify.exe |
"UDP Query User{106FBA5F-DFD5-4BFB-B2CB-3AC0F47A4780}C:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\updates\3.4.2_34944.exe |
"UDP Query User{1534ADAD-8142-4334-A99D-FFCA812233B3}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{205A5CCE-7C3E-449E-9AAD-6F58F94E884A}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{3A7D5BA4-12C3-4BCA-8942-C8471DC17140}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{49C85F11-559C-4F5B-BDC9-39BD8CA17A09}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{68DE2661-9F2B-45A0-B2EF-9844E9A67211}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{8B04A807-9876-45DF-8181-B4F06E91F8C3}C:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\updates\3.4.6_42094.exe |
"UDP Query User{9E1AD300-0544-47A8-9C87-DE245A0F72F8}C:\users\guest\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A1FAAAE0-768E-4D74-8797-269F2CE1DDE1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe |
"UDP Query User{B8D67BDE-2DD0-46B9-B7D9-4B9A18876408}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe |
"UDP Query User{B905EF65-7EE2-469E-BED1-4D1CA0A40766}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{D1B17AF2-79B5-4C55-B85C-7232F746668E}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
"UDP Query User{DCB1E1D0-ABC3-4DF2-ACCE-083AF042150B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{E6DFD8DD-E6D1-4C10-870D-B3091612429D}C:\users\roger xo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\roger xo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F956F9E0-5470-4BF0-9735-A55A253D3287}C:\users\guest\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.10 (64-bit)
"{350488A4-1540-4103-8F01-B27503891EB0}" = SketchUp 2015
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.0.4.1269
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}" = Bonjour
"{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}" = Apple Application Support (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6096C0CC-7E19-4355-87F0-627EC5AA146D}" = iCloud
"{61F769F1-BAD0-45BF-5718-62259ACE24A6}" = ccc-utility64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.6.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}" = iTunes
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BD6F5371-DAC1-30F0-9DDE-CAC6791E28C3}" = Microsoft .NET Framework 4.6.1
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4D86CB2-2370-4691-8272-3869EDED6C64}" = Apple Mobile Device Support
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F580D12E-01E5-31A6-A321-7C8E6D5361A5}" = ATI Catalyst Install Manager
"{FA8D4B26-17BE-B76F-B2F6-0FD7391EDF95}" = AMD Media Foundation Decoders
"CDisplayEx_is1" = CDisplayEx 1.10.29
"Combined Community Codec Pack 64bit_is1" = Combined Community Codec Pack 64bit 2015-10-18
"EPSON WF-3520 Series" = EPSON WF-3520 Series Printer Uninstall
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.WORD" = Microsoft Word 2010
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0522A804-7B80-CEBF-DE81-597E5BA14D2F}" = Catalyst Control Center Localization All
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A352E1C-7868-2D98-165C-FCBD37F1E4AF}" = CCC Help Chinese Traditional
"{0A3925EA-5B0E-401B-A189-7419149747B2}" = Adobe AIR
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{138FE2EF-B1A5-40E1-A385-B771BF75E86D}_is1" = Free MKV Player version 1.0
"{13F59C8F-FC81-D786-77E7-CDFA6E2FE018}" = CCC Help Spanish
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A4DFE9C-F186-65E5-E2EE-2EA5B8FD2147}" = CCC Help Portuguese
"{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}" = Minecraft
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{25D47128-0A98-2F03-AFC7-F2F3963CFB3E}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83218077F0}" = Java 8 Update 77
"{26A24AE4-039D-4CA4-87B4-2F83218091F0}" = Java 8 Update 91
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29DB9165-5FC1-48F0-9188-26123F526848}" = Apple Application Support (32-bit)
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{330977BC-E980-4D58-DEE4-7E768CFC3EEF}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{379FBC79-1693-C2C9-5F34-BB0FAFFF5394}" = AMD VISION Engine Control Center
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{50060B25-2B8B-D852-7303-B64D2F7CDD90}" = CCC Help Turkish
"{55065080-504F-43BB-BE00-36B80D7D39A5}" = HP Support Solutions Framework
"{56EC47AA-5813-4FF6-8E75-544026FBEA83}" = Apple Software Update
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59111E3F-59C0-A8A5-9B49-253D6625F194}" = Catalyst Control Center InstallProxy
"{5A513137-7B05-E84C-B679-747AD17034F1}" = CCC Help German
"{5AA9CA89-29E1-6216-05BC-7C479A0FCF80}" = CCC Help Czech
"{5CE60812-BE7F-391C-99BF-2E3A4AE0C3E2}" = CCC Help Hungarian
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{61B8A32E-C79E-27DE-41E2-45F378976B96}" = CCC Help Italian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF9F374-EC67-4808-A90C-F127DE6D989D}" = Epson E-Web Print
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70658F33-BAB1-93B6-D365-8053A66762AC}" = CCC Help Dutch
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B20A36-5080-EA59-64CF-B276AD647724}" = CCC Help Polish
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{79C54A05-F146-4EA0-8A70-D4EFE6181E52}" = HP Support Assistant
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{85DFA50F-382E-6337-4B68-8454A29DFB50}" = CCC Help Danish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink 802.11n Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{952D0DBE-C9E2-2931-9F8F-C1230B6CAB4C}" = CCC Help Thai
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93AC7AF-0247-E038-2B78-A327A3267D78}" = CCC Help Finnish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{BCA47823-6ACE-9B28-B3ED-1D63E9B7794F}" = Catalyst Control Center Graphics Previews Common
"{BF3913A7-D083-F383-928F-BB93D48DB8F5}" = CCC Help Greek
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C33F3EF6-3625-4FE5-BCBA-41361C99AF1D}" = Camera Assistant Software for ViewSonic
"{C4C6C4A5-955C-C86D-E804-7325CE584F79}" = CCC Help Chinese Standard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7AA3D65-1F84-4590-AFAA-0777A04B6687}" = Epson Software Updater
"{C8DCD2DD-3999-C9CF-899C-F996D76CCD14}" = CCC Help Swedish
"{C9EF1AAF-B542-41C8-A537-1142DA5D4AEC}" = HP Customer Experience Enhancements
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE101785-F702-BCAD-F286-AF6D1FDD795B}" = CCC Help Russian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F910001F-A592-34EE-39B6-9D75D55D2FE7}" = CCC Help English
"{F9B579C2-D854-300A-BE62-A09EB9D722E4}" = Google Talk Plugin
"{FA6AF15B-5E4B-0A8A-7C5F-8F7FA2C0C85E}" = CCC Help Korean
"{FC965A47-4839-40CA-B618-18F486F042C6}" = Skype™ 7.29
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}" = QuickTime 7
"{FF7B20F0-9AF0-AE97-8111-60E63D0F3564}" = CCC Help Norwegian
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 23 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 23 NPAPI
"BSPlayerf" = BS.Player FREE
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2014-07-13
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"LTCM Client" = LTCM Client
"Mozilla Firefox 50.1.0 (x86 en-US)" = Mozilla Firefox 50.1.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office Suite X 3.3" = Office Suite X 3.3
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"PDF Complete" = PDF Complete Special Edition
"qBittorrent" = qBittorrent 3.3.7
"VLC media player" = VLC media player 2.1.3
"vsfilter_is1" = VSFilter 2.41.322 (0c3a1ea) Nightly
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-00bd8e0d-bc32-4794-8d13-795125148786" = Mystery of Mortlake Mansion
"WTA-0fb47d73-1db3-4451-9096-22bfd3be2d8c" = Penguins!
"WTA-14de0676-9bd7-4dcd-ba15-39c3e7372f73" = Plants vs. Zombies - Game of the Year
"WTA-15cfbcdf-aab9-4e69-88a1-70019a946210" = Virtual Villagers 5 - New Believers
"WTA-1ff9576c-46ac-4dc5-b28e-195380f07ae2" = Namco All-Stars: PAC-MAN
"WTA-28ffb82b-a200-450f-b5ed-5b46236328f4" = Cradle of Rome 2
"WTA-2b2dfe4f-d7c5-4314-85d6-9eb092ffcaac" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-3c7cb67f-5967-4ce5-83c6-09212f247bd3" = Blackhawk Striker 2
"WTA-41e883bb-c5e6-452d-b11f-3e4be09d37d7" = Bejeweled 3
"WTA-5547d01a-b06b-4e5d-b1f5-df0f41795724" = Polar Bowler
"WTA-5b8b1a7b-81b4-4c8c-8f48-244044b83643" = Chuzzle Deluxe
"WTA-604f5e5d-a232-467c-bfe8-fc79fd565afc" = Governor of Poker 2 Premium Edition
"WTA-61ade00b-604c-47cb-9930-97293d3706af" = Farm Frenzy
"WTA-7559db0a-3093-4845-9db9-5312f3360adf" = FATE
"WTA-77247688-bec7-4053-8596-100a952605d5" = Blasterball 3
"WTA-7c9e3cd0-e69a-48bc-8589-0c260f438d22" = Poker Superstars III
"WTA-7f93bbe6-83e6-4101-9825-4ffd7b0dc95a" = Cake Mania
"WTA-9aa5cc3c-8e02-4d96-9b41-1d111f12c3f6" = Vacation Quest - The Hawaiian Islands
"WTA-bcf422f6-f81f-499a-8ee9-131dbb90bc0d" = Slingo Supreme
"WTA-c19ce33e-d26f-470a-97ab-4ca362803e9c" = Chronicles of Albian
"WTA-c78cca66-af7b-49cb-9540-1ad206bafb39" = Agatha Christie - Peril at End House
"WTA-cfac3f8a-ab1a-4fb7-a0f2-bf74bb5d9867" = Polar Golfer
"WTA-d0302f89-2a22-430b-b81a-5c6059768fb0" = Mah Jong Medley
"WTA-d50518e0-167f-43d1-b168-f4d7f2c0c200" = Bounce Symphony
"WTA-fc8886ac-c86d-44f5-bc39-b421e8f9efde" = Zuma Deluxe
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2016 4:31:43 PM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/11/2016 4:35:17 PM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/11/2016 4:38:39 PM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/17/2016 10:12:18 PM | Computer Name = user-HP | Source = System Restore | ID = 8193
Description =

Error - 12/19/2016 4:41:47 AM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/19/2016 4:47:28 AM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/19/2016 4:52:02 AM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/20/2016 3:16:21 AM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/20/2016 3:21:34 AM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

Error - 12/20/2016 3:27:22 AM | Computer Name = user-HP | Source = Microsoft-Windows-CAPI2 | ID = 256
Description = The Cryptographic Services service failed to initialize the Catalog
Database. The error was: 1117 (0x45d) : The request could not be performed because
of an I/O device error. .

[ Hewlett-Packard Events ]
Error - 5/11/2012 4:58:00 AM | Computer Name = user-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/27/2012 7:55:25 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 7:55:25 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/3/2012 7:15:17 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/3/2012 7:15:18 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 5616 Ram Utilization: TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/10/2012 9:57:02 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/11/2012 6:00:47 AM | Computer Name = user-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/10/2012 12:34:18 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/19/2012 8:55:44 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5616
Ram
Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

Error - 11/19/2012 10:58:50 PM | Computer Name = user-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 5616
Ram
Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

[ HP Software Framework Events ]
Error - 4/15/2016 5:13:02 PM | Computer Name = user-HP | Source = hpqwmiex | ID = 5
Description = 2016/04/15 14:13:02.865|00000C70|Error |ChpqWmiExModule::Start|The
hpqwmiex service failed to start (1063). A system restart may correct this problem.

[ System Events ]
Error - 12/21/2016 6:28:32 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:29:24 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:29:24 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:29:24 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:30:34 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:30:34 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:30:34 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:31:32 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:31:32 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/21/2016 6:31:32 AM | Computer Name = user-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

< End of report >

Re: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 10:34 pm

Please download aswMBR from here

Save aswMBR.exe to your Desktop
Double click aswMBR.exe to run it
Click the Scan button to start the scan as illustrated below

[INACTIVE] EXTREMELY slow computer with terrible startup AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop
Copy and paste the contents of aswMBR.txt back here for review

Re: [INACTIVE] EXTREMELY slow computer with terrible startup22nd December 2016, 12:15 am

It's asking me if I want to download Avast definitions. Yes or no?

Re: [INACTIVE] EXTREMELY slow computer with terrible startup22nd December 2016, 12:20 am

Yes please

Re: [INACTIVE] EXTREMELY slow computer with terrible startup25th December 2016, 8:58 pm

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2016-12-23 18:19:45
-----------------------------
18:19:45.055    OS Version: Windows x64 6.1.7601 Service Pack 1
18:19:45.055    Number of processors: 2 586 0x100
18:19:45.070    ComputerName: USER-HP UserName: user
18:53:59.847    Initialize success
19:27:44.327    AVAST engine defs: 16122301
23:49:13.379    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
23:49:13.379    Disk 0 Vendor: ST310005 HP63 Size: 953869MB BusType: 11
23:53:43.914    Disk 0 MBR read successfully
23:53:43.914    Disk 0 MBR scan
23:56:33.222    Disk 0 Windows 7 default MBR code
23:56:33.300    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
23:57:19.663    Disk 0 default boot code
23:57:36.465    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       941949 MB offset 206848
23:57:53.313    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        11817 MB offset 1929318849
00:03:14.128    Disk 0 scanning C:\Windows\system32\drivers
02:45:04.365    Service scanning
02:52:51.836    Modules scanning
02:52:51.836    Disk 0 trace - called modules:
02:52:52.024    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
02:52:52.039    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fc2790]
02:52:52.039    3 CLASSPNP.SYS[fffff88000db943f] -> nt!IofCallDriver -> [0xfffffa8005ee0ac0]
02:52:52.039    5 amd_xata.sys[fffff88000fe18f7] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8005edc9c0]
03:05:43.961    AVAST engine scan C:\Windows
03:22:40.679    AVAST engine scan C:\Windows\system32
06:33:33.441    File: C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\8ea4c536da1434c796df396e7f5384c4\PresentationFramework-SystemCore.ni.dll **HIDDEN**
06:34:59.195    AVAST engine scan C:\Windows\system32\drivers
06:37:05.508    AVAST engine scan C:\Users\user
00:02:17.389    File: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\cache2\entries\2BE3EACB19D60511FCA3E6E25B35749A14D5EBEA **HIDDEN**
00:25:26.745    File: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\cache2\entries\AAA282BCF7A610E7BC04498192186490B649EEAD **HIDDEN**
00:26:13.093    File: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\cache2\entries\C7A9A97BB1EE4ADE748FDDE36A67D0D7D07A8D2A **HIDDEN**
00:26:15.620    File: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\cache2\entries\C8D6DE9FD41EAE09D67AA4896DEC861791522F14 **HIDDEN**
00:27:02.779    File: C:\Users\user\AppData\Local\Mozilla\Firefox\Profiles\fcpzgi7g.default-1395282151623\cache2\entries\E6BCB4F6C8A55AEF4CC446B55669C85658EDC939 **HIDDEN**
00:28:46.098    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.1_31395.exe **HIDDEN**
00:28:47.705    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_31893.exe **HIDDEN**
00:28:49.296    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32126.exe **HIDDEN**
00:28:50.856    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_32239.exe **HIDDEN**
00:28:52.447    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_34024.exe **HIDDEN**
00:28:54.054    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_34309.exe **HIDDEN**
00:28:55.676    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_34944.exe **HIDDEN**
00:28:57.127    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe **HIDDEN**
00:28:58.718    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_38429.exe **HIDDEN**
00:29:00.294    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.2_38656.exe **HIDDEN**
00:29:01.636    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe **HIDDEN**
00:29:03.336    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.3_40760.exe **HIDDEN**
00:29:04.974    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.4_40911.exe **HIDDEN**
00:29:05.286    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41073\utorrentie.exe **HIDDEN**
00:29:05.926    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41073.exe **HIDDEN**
00:29:06.175    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe **HIDDEN**
00:29:06.799    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41162.exe **HIDDEN**
00:29:07.236    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe **HIDDEN**
00:29:07.907    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41202.exe **HIDDEN**
00:29:08.032    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe **HIDDEN**
00:29:08.671    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41372.exe **HIDDEN**
00:29:09.139    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe **HIDDEN**
00:29:09.763    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41712.exe **HIDDEN**
00:29:09.919    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41865\utorrentie.exe **HIDDEN**
00:29:10.606    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.5_41865.exe **HIDDEN**
00:29:11.417    File: C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.6_42094.exe **HIDDEN**
00:29:11.542    File: C:\Users\user\AppData\Roaming\uTorrent\updates\updates\3.4.6_42094\utorrentie.exe **HIDDEN**
00:29:12.181    File: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe **HIDDEN**
00:29:17.969    AVAST engine scan C:\ProgramData
00:53:54.545    Disk 0 statistics 6337659/0/0 @ 0.13 MB/s
00:53:54.545    Scan finished successfully
12:31:17.538    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
12:31:17.538    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

Re: [INACTIVE] EXTREMELY slow computer with terrible startup26th December 2016, 1:38 am

Run ESET Online Scan Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescannerlog.txt.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 1:46 am

C:\AdwCleaner\Quarantine\C\Program Files (x86)\iBryte\browseforchange\uninstall.exe.vir    Win32/Adware.iBryte application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iBryte\playbryte\uninstall.exe.vir    Win32/Adware.iBryte application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir    a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Babylon\Setup\BExternal.dll.vir    a variant of Win32/Toolbar.Babylon.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Babylon\Setup\IECookieLow.dll.vir    a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Babylon\Setup\Setup.exe.vir    a variant of Win32/Toolbar.Babylon.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir    Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\users\user\AppData\Roaming\Speedial\UpdateProc\UpdateTask.exe.vir    a variant of Win32/DealPly.S potentially unwanted application
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSS.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll    a variant of Win32/Systweak.N potentially unwanted application
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Program Files (x86)\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe    a variant of Win32/Systweak.L potentially unwanted application
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000    a variant of Win32/4Shared.O potentially unwanted application
C:\Users\Guest\Downloads\amnesia_the_dark_descent.exe    Win32/Toggle.H potentially unwanted application
C:\Users\Guest\Downloads\Word-Installer.exe    a variant of Win32/InstallCore.AF potentially unwanted application
C:\Users\user\AppData\Roaming\uTorrent\updates\3.4.1_31395.exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application
C:\Windows\Installer\1937337.msi    a variant of Win32/Systweak.L potentially unwanted application,a variant of Win32/Systweak.N potentially unwanted application

Re: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 2:11 am

Excellent work!

Now to wrap things up here...

CCleaner Temporary Files Cleaning

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

Double-click the CCleaner shortcut on the desktop to start the program.
A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Please download Security Analysis from here

Save it to your Desktop.
Close your security software to avoid potential conflicts.
Double click RGSA.exe
Click OK on the copyright-disclaimer
It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
Please copy and paste the contents of that log in this topic.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 8:20 am

Result of Security Analysis by Rocket Grannie (x86) Updated: 17th December, 2016
Running from:C:\Users\user\Desktop (00:18:59 - 12/30/2016)
***---------------------------------------------------------***
Microsoft Windows 7 Home Premium X64 Service Pack 1
UAC is Enabled!
Internet Explorer 11
Default Browser: Firefox
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Disabled - Up to Date)
Spybot - Search and Destroy (Disabled - Not Up to Date)
Windows Firewall (Enabled)
*No other Firewall Installed*
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player Plugin (version 23.0.0.207) is *out of Date*
CCleaner (version 5.25)
Firefox (version 50)
Google Chrome (version 54)
Microsoft Silverlight (version 5.1)
Spybot - Search & Destroy (version 2.4)

Adobe Flash Player 23 ActiveX (version 23.0.0.207) is *out of Date*
Java 8 Update 77 (version 8.0.770.3) is *out of Date*
Java 8 Update 91 (version 8.0.910.14) is *out of Date*
Windows Live Essentials (version 15.4.3508.1109) is *out of Date*
Windows Live Essentials (version 15.4.3502.0922) is *out of Date*

***----------------Analysis Complete-------------------------***

Re: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 4:49 pm

Please update the following programs:

Uninstall every version of Adobe Flash Player 23 (version 23.0.0.207)
Then download the new version(s) from: www.adobe.com/products/flashplayer.html *Ensure to download this for each of your browsers.

Uninstall these: Java 8 Update 77 and Java 8 Update 91
Then, download the newest version, if you wish to keep Java, from www.Java.com

If you prefer to have better protection, uninstall Spybot Search & Destroy, and please download at least a free antivirus at www.avast.com

After doing all of this, please let me know how your computer is operating. Smile...

Re: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 8:30 pm

I managed to uninstall both Adobes and the Spybot, but when I try either Java, I get this picture.

Also, status update: I am still working in Safe Mode with Networking, but the speed is already significantly better. Proof of that is the fact that I was able to upload this screenshot. I have yet to try anything in a regular boot.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 11:42 pm

Not sure if it was attached. It says:

The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup31st December 2016, 1:58 am

Windows Installer service will not work under Safe Mode, this means that programs cannot be installed or uninstalled in Safe Mode without giving a specific command using msiexec in Command Prompt.

Are you able to work in Normal Mode?

Please visit below tutorial link to enable Windows Installer service under Safe Mode.

Make Windows Installer Service Work Under Safe Mode

Re: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 12:00 am

That Tweaking program froze on me, I shut down and went into Normal Mode like you've asked. It's running slower than it would in Safe Mode.

Those Java updates were only able to be uninstalled after updating them. I tried downloading Java after that and I got this message:

Java did not complete
Error Code: 1618
Please refer to the Java Help Center for troubleshooting information or contact your system administrator.

Should I try Tweaking again?

Re: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 12:03 am

Error 1618 isn’t unique to Java. It is an error from Microsoft Installer (.msi) stating that another .msi is currently being processed. You see, the Microsoft Installer, msiexec.exe, can only process one installation at a time. This error will be encountered when one MSI is attempted to be installed while another is currently processing. Reboot your computer and try installing Java.

............................................................................................

FreeBooter

[INACTIVE] EXTREMELY slow computer with terrible startup 1363

Co-Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat

Re: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 4:02 am

Okay, so I rebooted and was able to download the latest Java. My browser stopped working along with everything else. I tried to click a folder or browser to open but nothing comes up.

And to answer Dr. Jay: After uninstalling Adobe and Java, other than being able to log in normally at a decent speed, it's still posing the same problems.

Re: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 4:45 am

Hi omicron_persei8,

Was the browser working before you have installed Java?

What else is not working?

We can try few troubleshooting to find out what is causing slow computer performance.

Create new user account and see issue resolves within new user account if it does then your user account is corrupted.

Please follow my instructions at my tutorial to boost performance of Windows OS.

"Tweaking & Optimizing Window Operating System"
http://www.geekpolice.net/t30298-tweaking-optimizing-windows-operating-system

I would like you to check the system integrity of your Windows OS installation.

Please right click the Windows logo (formerly the start button) at the bottom left of your screen.
Please select "Command Prompt (Admin)"
Please type the following command and press the key: sfc /scannow (Please note that there is a space between 'sfc" and "/scannow".)
It should take about 20 minutes to run, if there are no serious errors.
If the System File Checker reports that some errors were fixed, but some remain; please reboot your computer and run the System File Checker from an Administrator Command Prompt, again.
If the System File Checker again reports that some errors were fixed, but some remain, please reboot your computer and run it a third time.
If "Resource Integrity Violations" (errors) are reported that could not be corrected, or were not corrected after a third SFC run, then please navigate to the folder: C:\Windows\Logs\CBS and copy the file "cbs.log" to your desktop immediately. I am asking you do that because that file is dynamic, so I want to be able to examine a copy that is unchanged from the time that the System File Checker was run.
If there are errors that couldn't be corrected, let me know and I will provide you with instructions as to how to upload the file

If the issue is caused by a current running process, restart your Windows system using the clean boot method which will allow you to troubleshoot if a service or process is causing the issue to appear.

With a clean boot only the necessary services and process that are required to operate Windows are started when you boot your computer.

Follow the steps at below link to perform clean boot state.

"Clean Boot Windows"
https://www.dost-tech.com/viewtopic.php?f=10&t=109

............................................................................................

FreeBooter

Co-Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat

Re: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 5:52 am

Yes it was working better before installing Java. In general, everything was just loading up faster. It just took me 5 minutes to open up the Control Panel.

I'll be going through your instructions as much as it lets me.

[INACTIVE] EXTREMELY slow computer with terrible startup

description[INACTIVE] EXTREMELY slow computer with terrible startup23rd November 2016, 11:10 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup23rd November 2016, 11:51 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup26th November 2016, 9:39 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup29th November 2016, 3:50 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup29th November 2016, 5:41 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup1st December 2016, 9:47 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup1st December 2016, 9:48 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup1st December 2016, 9:49 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup2nd December 2016, 12:55 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup5th December 2016, 6:02 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup5th December 2016, 9:05 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:39 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:40 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:41 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:42 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:44 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:45 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 10:46 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 5:13 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup6th December 2016, 8:40 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup7th December 2016, 12:12 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 6:18 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 7:00 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 7:02 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup10th December 2016, 7:37 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup12th December 2016, 1:32 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup12th December 2016, 2:41 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup19th December 2016, 1:12 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup19th December 2016, 1:31 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 12:00 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 1:32 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 10:14 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 10:24 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup21st December 2016, 10:34 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup22nd December 2016, 12:15 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup22nd December 2016, 12:20 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup25th December 2016, 8:58 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup26th December 2016, 1:38 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 1:46 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 2:11 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 8:20 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 4:49 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 8:30 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup30th December 2016, 11:42 pm

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup31st December 2016, 1:58 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 12:00 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 12:03 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 4:02 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 4:45 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup5th January 2017, 5:52 am

descriptionRe: [INACTIVE] EXTREMELY slow computer with terrible startup