Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple Unknown Origin Scripts . . .

Started by NTxLSUSA , Nov 14 2015 06:49 PM
Scrpts UnkwnOrgn

  • Please log in to reply

#1
NTxLSUSA
Posted 14 November 2015 - 06:49 PM

NTxLSUSA

    Member

  • Member
  • PipPip
  • 14 posts

Greetings from the GREAT Country of TEXAS,

 

Feel this started about six (6) or even more months ago, my system has been slowing and slowing and, well you get the message.  I started to look into what is going on about a month and half ago.  NOT any sort of a computer expert, just a self taught home user with a very strong curiousity that is not satified very easy.  Started working with computers abut 1974 learning how to use a Data General 19" Main Frame/w a TTY for input/output that is a part of a test stand working for the Government, originally trained as an Electroincs Techy (with over 65 years experience), learning a small amount about logic, binary, octal, hexadecimal, eight bit, sixteen bit, thirty two bit, well that is enough of that for now.  Not a programmer but very curious about my systems.  Started working with desktops before the WWW was ever created and not even Windows, was surfing the net using TCP/IP in Unix software @ a DOS CMD line.  Enough about me, on to my issue.

 

Started getting the Pop-Up window "Windows PowerShell has stopped working" with only "Cancel" available as a choice to close the window.  Later was  given a RB "Detail" that produced NOTHING, had to use RB "Close"  to get rid of that window.  Then it would alternate between those to choose from.  Went looking for "Windows PowerShell" finding NOTHING, then a friend told me to just look for "PowerShell" and would find it in '\Windows\System32\WindowsPowerShell\' plus '\Windows\WOW64WindowsPowerShell\' and actually another folder added to each 'v1.0\' and some scripts and two (2) files in each location titled 'powershell.exe' and 'powershell_ise.exe'.  Attempted to rename them, as my friend had suggested, could NOT get that done.  These files were all IDed as Microsoft files and signed by them.  Am also familiar with SysInternals by Mark Russonivich, now working for Microsoft, and his program "PorcessExplprer/exe" and have used it for many years.  Had not used it on this system so started ASAP!  With using that found there were about eighteen (18) 'svchost.exe' [my last experience with these files there were nineteen (19)] files running 'scripts' as I had learned from reading several different forums I hold membership, including "Windows Sectrets Lounge" and am also an "Insider" with "WS" and listed with Microsoft.  Attempting to keep this as short as possible, last week-end spent both days reading about "Windws PowerShell has stopped working" on WinTips Dot Org website and how to remove that issue.  Well it did remove that issue of "Windows PowerShell," but; did nothing about clearing the 'scripts' that were slowing my system.  Ran their thee (3) little files several times with only the first producing any resuts, that is clearing the window about "Windows PowerShell" the other remained.  It has gotten so bad that even logging off and shuting down would not work, Power Switch for for (4) sec was required, many times.

 

Being familiar with 'F8' and the menu selection which have been used many times out of curiosity and getting familiar.  Finally went into "'Safe Mode" without Networking' going to those afore mentioned files (PowerShell and PowerShell_ise) all four (4) changing the Ownership to my Admin and RENAMING them to attempt to get control back where I could use my browser of choice and post some info to see if anyone else has had this experience.  PLUS if any HELP is available.  If there are any questions that cannot be covered by what is posted, "JUST ask and ye shall receive to the best of my recolection" . . @75 going on 76 that may not be the best in the World.

 

Thank you for reading my book, yes there is more but; my hands are getting tired and so is my head for thinkiing so miuch about this issue . .

 

TIA, CU L8R,

'd' AKA NTxLSUSA

"Lone Wanderer"

Dell OptiPlex 960 DualCore Processor Win7 Professional SP1 all updates as Microsoft provides, Avast! FREE v11.1.2241, WinPrivacy v2015.11.752 WinAntiRansom v2015.11.185 the remainder will be listed in FRST and Addition TEXT files.

 

FRST.TXT:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by DE (administrator) on DESDSKTP (14-11-2015 16:42:57)
Running from F:\!DwnLdStrg\Installed\FRST_Farbar
Loaded Profiles: DE & DEPro &  (Available Profiles: DE & HomeUsers & DEPro & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
(WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Agent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(RaMMicHaeL) C:\Users\DEPro\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sysinternals - www.sysinternals.com) C:\Tools\PrcssXplrr\procexp.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Sysinternals - www.sysinternals.com) C:\Users\DE.DEsDskTp\AppData\Local\Temp\procexp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(David Harris) E:\PMAIL\Programs\winpm-32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WinPrivacy] => C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe [1705984 2015-11-03] (WinPatrol)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-13] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\DE.DEsDskTp\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-22] (SUPERAntiSpyware)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [Task Catcher] => C:\Program Files\Task Catcher\TaskTrap.exe [200200 2015-05-10] (BillP Studios)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [KeyScramblerD] => C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe [563488 2015-10-12] (QFX Software Corporation)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C3].txt [903 2015-11-14] ()
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Policies\system: [RunUserPSScriptsFirst] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [9832760 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [7 Taskbar Tweaker] => C:\Users\DEPro\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Policies\system: [RunUserPSScriptsFirst] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-18\...\MountPoints2: D - D:\setup.exe
IFEO\taskmgr.exe: [Debugger] "C:\TOOLS\PRCSSXPLRR\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-13] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinAntiRansom.lnk [2015-11-14]
ShortcutTarget: WinAntiRansom.lnk -> C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe (WinPatrol)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1    localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4BDCB209-9716-4295-93CA-502D86DD982A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{895A01BE-5F6D-48CF-9ACF-9331FCDBD0C4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FD5E16AB-D639-485C-B87C-BFAB6E8F83E7}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-13] (AVAST Software)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-13] (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\DE.DEsDskTp\AppData\Roaming\Mozilla\Firefox\Profiles\6v54c658.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-23] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation)
FF Extension: PasswordMaker - C:\Users\DE.DEsDskTp\AppData\Roaming\Mozilla\Firefox\Profiles\6v54c658.default\Extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}.xpi [2015-09-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-13] (AVAST Software)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-03] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WARSvc; C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe [194696 2015-11-10] (WinPatrol)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WinPrivacySvc; C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe [460800 2015-11-03] (WinPatrol) [File not signed]
S2 HPSLPSVC; C:\Users\DE\AppData\Local\Temp\7zS354D\hpslpsvc64.dll [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-13] (AVAST Software)
R1 CGKDarkWatcher; C:\Windows\System32\drivers\CGKDarkWatcher.sys [15640 2015-10-20] ()
R1 CGKDarkWatcher; C:\Windows\SysWOW64\drivers\CGKDarkWatcher.sys [16152 2015-08-25] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\466534B9.sys [192216 2015-11-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-06-01] (Riverbed Technology, Inc.)
S3 rspRegMon; C:\Windows\System32\DRIVERS\rspRegMon64.sys [24832 2014-12-10] (Resplendence Software Projects Sp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation                           )
R1 ruifltr; C:\Windows\System32\drivers\ruifltr.sys [51480 2015-01-12] (Windows ® Win 7 DDK provider)
R1 ruinetf; C:\Windows\System32\drivers\ruinetf.sys [48408 2015-05-21] (Windows ® Win 7 DDK provider)
R4 rwpvcy; C:\Windows\System32\drivers\rwpvcy.sys [49944 2015-09-10] (Ruiware, LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-11-14] ()
R1 wppvcy; C:\Windows\System32\drivers\wppvcy.sys [49944 2015-08-27] (Ruiware, LLC)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 08:20 - 2015-11-14 08:20 - 00000360 _____ C:\windows\PFRO.log
2015-11-14 08:18 - 2015-11-14 08:18 - 00001006 _____ C:\Users\Public\Desktop\WinAntiRansom Explorer.lnk
2015-11-14 08:18 - 2015-11-14 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ruiware
2015-11-14 08:15 - 2015-11-14 08:15 - 00066504 _____ C:\Users\DE.DEsDskTp\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-14 07:37 - 2015-11-14 07:37 - 00000000 ____D C:\Users\TEMP.IIS APPPOOL
2015-11-14 07:37 - 2013-03-11 15:36 - 00000000 ____D C:\Users\TEMP.IIS APPPOOL\AppData\LocalLow\Sun
2015-11-14 07:37 - 2010-11-20 20:51 - 00001449 _____ C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-14 07:37 - 2010-11-20 20:51 - 00001415 _____ C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-11-14 07:37 - 2010-11-20 20:50 - 00000020 ___SH C:\Users\TEMP.IIS APPPOOL\ntuser.ini
2015-11-14 07:37 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-14 07:37 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-14 05:45 - 2015-11-14 05:45 - 00000017 _____ C:\Users\DE.DEsDskTp\AppData\Local\resmon.resmoncfg
2015-11-14 05:33 - 2015-11-14 05:33 - 00000610 _____ C:\Users\DE.DEsDskTp\Desktop\JRT.txt
2015-11-14 04:11 - 2015-11-14 14:49 - 00000448 _____ C:\windows\setupact.log
2015-11-14 04:11 - 2015-11-14 04:11 - 00291792 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-14 04:11 - 2015-11-14 04:11 - 00000000 _____ C:\windows\setuperr.log
2015-11-13 14:11 - 2015-11-13 14:10 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-11-13 14:10 - 2015-11-13 14:10 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-11-12 18:19 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 17:06 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 17:06 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 16:22 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 16:22 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 16:22 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 16:22 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 16:22 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-11 16:22 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-11 16:22 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-11 15:56 - 2015-11-13 15:17 - 00000000 ____D C:\Users\DEPro\AppData\Local\CrashDumps
2015-11-11 14:54 - 2015-11-14 05:01 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-11-11 14:54 - 2015-11-11 15:11 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-10 19:12 - 2015-11-10 19:12 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Roaming\OpenOffice
2015-11-10 18:43 - 2015-11-14 05:58 - 00000000 ____D C:\Users\TEMP
2015-11-10 18:41 - 2015-11-10 18:41 - 00066504 _____ C:\Users\DEPro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-10 14:55 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-10 14:55 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-10 14:55 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-10 14:55 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-10 14:55 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-10 14:55 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-10 14:55 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-10 14:55 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-10 14:55 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-10 14:55 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-10 14:55 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-10 14:55 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-10 14:55 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-10 14:55 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-10 14:55 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-10 14:55 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-10 14:55 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-10 14:55 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-10 14:55 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-10 14:55 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-10 14:55 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-10 14:55 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-10 14:55 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 14:55 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-10 14:55 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-10 14:55 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-10 14:55 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-10 14:55 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-10 14:55 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-10 14:55 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-10 14:55 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-10 14:55 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-10 14:55 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-10 14:55 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-10 14:55 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-10 14:55 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-10 14:55 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-10 14:55 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-10 14:55 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-10 14:55 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-10 14:55 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-10 14:55 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-10 14:55 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-10 14:55 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-10 14:55 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-10 14:55 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-10 14:55 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-10 14:55 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-10 14:55 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-10 14:55 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-10 14:55 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-10 14:55 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-10 14:55 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-10 14:55 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-10 14:55 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-10 14:55 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-10 14:55 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-10 14:55 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-10 14:55 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-10 14:55 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-10 14:55 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-10 14:55 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-10 14:55 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-10 14:55 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-10 14:53 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-10 14:53 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-10 14:53 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-10 14:53 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-10 14:53 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-10 14:53 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-10 14:53 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-10 14:53 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-10 14:53 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-10 14:53 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-10 14:53 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-10 14:53 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-10 14:53 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-10 14:53 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-10 14:53 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-10 14:53 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-10 14:53 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-10 14:53 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-10 14:53 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-10 14:53 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-10 14:53 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-10 14:53 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 14:53 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-10 14:53 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-10 14:53 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-10 14:48 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-10 14:48 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-10 14:48 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-08 15:27 - 2015-11-08 15:27 - 00000877 _____ C:\Users\DEPro\Desktop\gpedit.msc - Shortcut.lnk
2015-11-07 20:02 - 2015-11-13 14:10 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-11-07 16:21 - 2015-11-08 13:03 - 00000620 __RSH C:\Users\DEPro\ntuser.pol
2015-11-07 14:54 - 2015-11-07 17:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 08:01 - 2015-11-10 13:38 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\466534B9.sys
2015-11-05 22:51 - 2015-11-05 22:51 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Local\Microsoft_Corporation
2015-11-05 22:18 - 2015-11-05 22:18 - 00000000 ____D C:\Users\DEPro\AppData\Local\Microsoft_Corporation
2015-11-05 12:19 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-05 12:19 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-05 12:19 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-05 12:19 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-05 12:19 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-05 12:19 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-05 11:54 - 2015-11-05 11:54 - 00000493 _____ C:\Users\DEPro\Desktop\WinUpdate.lnk
2015-11-04 19:03 - 2015-11-04 19:03 - 00000176 _____ C:\Users\DEPro\Documents\AvastThreatDetected.txt
2015-11-03 04:07 - 2015-11-04 14:17 - 00000056 _____ C:\windows\system32\WinPrivacyTrayApp.log
2015-11-03 04:01 - 2015-11-04 14:14 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Roaming\Ruiware
2015-11-02 08:52 - 2015-11-06 06:11 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\58692398.sys
2015-10-29 18:11 - 2015-10-29 18:26 - 00000000 ____D C:\Users\DEPro\AppData\Local\Mozilla
2015-10-27 08:34 - 2015-10-27 08:34 - 00000000 ____D C:\Users\Public\Foxit Software
2015-10-26 13:48 - 2015-11-02 08:52 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\64B4637E.sys
2015-10-26 10:52 - 2015-10-26 10:52 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\3F845C44.sys
2015-10-26 10:52 - 2015-10-26 10:52 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\137D5C4A.sys
2015-10-26 08:12 - 2015-10-26 08:12 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\51A26264.sys
2015-10-26 08:00 - 2015-10-26 08:06 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\08715892.sys
2015-10-20 15:03 - 2015-10-20 07:35 - 00015640 _____ C:\windows\system32\Drivers\CGKDarkWatcher.sys
2015-10-18 14:25 - 2015-10-18 14:25 - 00000333 _____ C:\Users\DE.DEsDskTp\Desktop\HP Printer Diagnostic Tools.url
2015-10-18 04:51 - 2015-10-18 04:51 - 00000000 ____D C:\Users\DEPro\Documents\SafeZone
2015-10-18 04:45 - 2015-08-25 08:23 - 00016152 _____ C:\windows\SysWOW64\Drivers\CGKDarkWatcher.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 16:45 - 2015-04-17 08:22 - 00000000 ____D C:\FRST
2015-11-14 15:03 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-14 15:03 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-14 15:00 - 2009-07-13 23:13 - 00866506 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-14 14:58 - 2014-03-30 16:37 - 01582700 _____ C:\windows\WindowsUpdate.log
2015-11-14 14:49 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-14 13:59 - 2015-06-10 12:27 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-14 13:10 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2015-11-14 09:03 - 2015-02-21 08:07 - 00000000 ____D C:\Users\DEPro\Documents\MyDocsOOD
2015-11-14 08:23 - 2015-07-02 11:54 - 00001155 _____ C:\Users\DEPro\Desktop\PrcssXplrr.lnk
2015-11-14 08:19 - 2013-11-18 07:43 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-14 05:54 - 2013-11-18 05:43 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-14 05:47 - 2015-07-02 07:43 - 00000000 ____D C:\windows\pss
2015-11-14 05:32 - 2015-07-05 14:07 - 00000000 ____D C:\Users\DE.DEsDskTp
2015-11-13 20:20 - 2015-03-03 07:04 - 00000000 ____D C:\windows\Minidump
2015-11-13 14:18 - 2009-07-13 23:08 - 00032564 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-11-13 14:10 - 2015-01-28 15:21 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00154256 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-11-11 15:48 - 2009-07-13 23:32 - 00000000 ____D C:\windows\SysWOW64\WindowsPowerShell
2015-11-11 15:47 - 2009-07-13 23:32 - 00000000 ____D C:\windows\system32\WindowsPowerShell
2015-11-10 18:34 - 2013-11-17 20:17 - 00000000 ____D C:\windows\system32\MRT
2015-11-10 18:29 - 2013-11-17 20:17 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-10 14:58 - 2013-03-11 15:35 - 00854274 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-08 13:03 - 2013-11-18 09:48 - 00000000 ____D C:\Users\DEPro
2015-11-07 17:59 - 2013-11-17 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 01:55 - 2013-11-18 07:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyMaint
2015-11-04 01:52 - 2014-05-24 16:39 - 00000000 ____D C:\Users\DEPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMaint
2015-10-29 15:42 - 2014-12-19 06:23 - 00000000 ____D C:\Users\DEPro\AppData\Local\stellarium
2015-10-26 06:42 - 2015-10-13 06:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\28A31E4E.sys
2015-10-23 11:38 - 2015-06-13 09:10 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-23 11:38 - 2015-06-13 09:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-23 11:24 - 2015-05-21 16:34 - 00000000 ____D C:\Users\DEPro\AppData\Local\Adobe
2015-10-23 11:23 - 2015-07-05 18:13 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Local\Adobe
2015-10-23 02:12 - 2015-07-16 17:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-20 15:03 - 2015-02-22 16:22 - 00000000 ____D C:\ProgramData\WinPatrol
2015-10-20 15:03 - 2014-12-21 11:15 - 00000000 ____D C:\Program Files\Ruiware
2015-10-19 15:07 - 2015-06-13 09:14 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2015-10-18 15:39 - 2013-12-08 08:08 - 00000000 ____D C:\Users\DEPro\AppData\Roaming\HpUpdate
2015-10-18 04:51 - 2013-11-19 11:29 - 00000000 ____D C:\Users\DEPro\AppData\Roaming\WinPatrol
2015-10-18 04:45 - 2015-07-06 09:32 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Roaming\WinPatrol
2015-10-15 04:46 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache

==================== Files in the root of some directories =======

2014-12-21 09:41 - 2014-12-21 09:41 - 0001181 _____ () C:\Users\DE.DEsDskTp\AppData\Roaming\trace_FilterInstaller.1.txt
2014-12-21 09:41 - 2014-12-21 10:29 - 0000919 _____ () C:\Users\DE.DEsDskTp\AppData\Roaming\trace_FilterInstaller.txt
2014-12-21 09:41 - 2014-12-21 10:29 - 0000000 _____ () C:\Users\DE.DEsDskTp\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-11-14 05:45 - 2015-11-14 05:45 - 0000017 _____ () C:\Users\DE.DEsDskTp\AppData\Local\resmon.resmoncfg
2013-12-01 07:41 - 2013-12-01 07:41 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\DE.DEsDskTp\AppData\Local\Temp\dllnt_dump.dll
C:\Users\DE.DEsDskTp\AppData\Local\Temp\procexp64.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-03 03:35

==================== End of FRST.txt ============================

 

Addition.TXT:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by DE (2015-11-14 16:57:42)
Running from F:\!DwnLdStrg\Installed\FRST_Farbar
Windows 7 Professional Service Pack 1 (X64) (2013-11-17 22:43:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4267585356-2186095281-715594798-500 - Administrator - Disabled)
DE (S-1-5-21-4267585356-2186095281-715594798-1000 - Administrator - Enabled) => C:\Users\DE.DEsDskTp
DEPro (S-1-5-21-4267585356-2186095281-715594798-1003 - Limited - Enabled) => C:\Users\DEPro
Guest (S-1-5-21-4267585356-2186095281-715594798-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4267585356-2186095281-715594798-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
EaseUS Partition Master 10.5 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
EditPad Lite 7.3.1 (HKLM\...\EditPad Lite) (Version: 7.3.1 - Just Great Software)
EMET 5.1 (HKLM-x32\...\{72E7AE20-5B12-4F27-AF5E-DA03E3C09466}) (Version: 5.1 - Microsoft Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Free Unit Converter 2.11 (HKLM-x32\...\Free Unit Converter_is1) (Version:  - Unit Conversion, Inc.)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.80.0000 - Intel® Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.2.0 - QFX Software Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nmap 6.49BETA5 (HKLM-x32\...\Nmap) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version:  - David Harris)
Pegasus Mail Debugger 2.5.8.2 (HKLM-x32\...\{CEF609C4-3E78-41EB-BC61-582EC4BE2086}_is1) (Version:  - Micha's Midnight Manufacture)
Pegasus Mail HTML Renderer 2.4.9.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version:  - Micha's Midnight Manufacture)
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Switch) (Version: 4.65 - NCH Software)
Task Catcher 2.2.2015.0 (HKLM\...\{5AF136F1-C403-44B2-9B01-03274C2DCDE7}) (Version: 2.2.2015.0 - BillP Studios)
Verbose Text to Speech (HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Verbose) (Version: 2.01 - NCH Software)
WinAntiRansom (HKLM-x32\...\{D7C29DFD-DD4C-4C58-B79F-E2B576142AF8}) (Version: 2015.11.185 - WinPatrol)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinPrivacy (HKLM\...\{49F837A4-27B5-4B14-83A8-1D0A4496E79E}) (Version: 2015.9.722.0 - Ruiware)
WinPrivacy (HKLM\...\{9EE56BF5-3EDE-4DC7-9D46-AE6E05566DEF}) (Version: 2015.11.752.0 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-11-14 05:03 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1    localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0F08BF70-AC70-42AD-8C2E-CE42EBF81F3A} - System32\Tasks\HP Deskjet 3510 series.exe_{68B22FF4-112B-40CC-B707-212CEFBEA7E5} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1AAE1B89-E128-4F83-8932-15B744D01220} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1F5567A8-1944-4A72-B0AE-A434D6A23D25} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-13] (AVAST Software)
Task: {411FE4F3-77EB-4A8A-A459-96D4194C0FEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {46045B33-AF76-4469-BC87-CE729FD13C75} - System32\Tasks\{964EA1CB-AB4E-4DB5-87B1-A2603D57C69F} => Firefox.exe
Task: {47CEF3DD-ED67-48CD-8C2A-9EE176896D0F} - System32\Tasks\MyDefrag\DefragSysPart => C:\Program Files\MyDefrag v4.3.1\Scripts\SystemDiskWeekly.MyD [2010-05-09] ()
Task: {53732B1C-1771-43F1-AD7A-CDC03AE3ECA1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {5D60727B-1C07-4DB6-8178-A37B1B9E40F3} - System32\Tasks\DEPro => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {76A02CC1-0BA7-4EA1-9D36-F2FCF84D2DCB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9150E745-82F5-4B22-8CF6-40D90CD982EE} - System32\Tasks\ScanToPCActivationApp.exe_{1DF99BB7-80BB-4050-9E86-43CB93FAE6E8} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9E56EB87-3F74-4FCC-829D-41F145F70ECC} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe
Task: {A6C9DE9E-BD02-4CA5-979F-13751CF3179C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B19A297B-5628-4162-9733-B42AEB22A9B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {BF41F739-5453-4883-92BC-06BC728FF420} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CB21273C-8925-487F-AEAE-B2DAE2FDCA70} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CC234E15-10D1-41C0-8E9F-5CAFF4550C27} - System32\Tasks\HP Deskjet 3510 series.exe_{83828A9E-3B3A-4693-8A4F-C8BEBF81F38A} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DD3CFA09-AF62-4EDC-B6D5-2E9E3E85E212} - System32\Tasks\Toolbox.exe_{BBBE27C6-C823-4EB8-BF16-15E6CB27342A} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\Toolbox.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DD704750-B374-4AF3-8EFB-AE996D1A3869} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {E01A33DA-4663-42E7-BE34-3E828FEC5E28} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E0E15A18-E738-4384-B7CA-E81291E7C39B} - System32\Tasks\HPCustPartic.exe_{E78757BB-7F1F-42D9-8E77-410C9CFBFBB6} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: {E29FF6B8-06C6-4D9C-8597-B21DE9FD3E0D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F2BAE81D-2C66-4706-9E8B-01DEEF08A75B} - System32\Tasks\DEPro Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {FFFCCD97-7A33-44B4-BCBE-62776B666530} - System32\Tasks\hpUtility.exe_{898BB593-B06B-411A-B1EA-43CA39F61B47} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Loaded Modules (Whitelisted) ==============

2014-11-09 16:10 - 2014-11-09 16:10 - 00166536 _____ () C:\Program Files (x86)\EMET 5.1\HelperLib.dll
2014-11-09 16:10 - 2014-11-09 16:10 - 00027784 _____ () C:\Program Files (x86)\EMET 5.1\ReportingSubsystem.dll
2014-11-09 16:10 - 2014-11-09 16:10 - 00061576 _____ () C:\Program Files (x86)\EMET 5.1\PKIPinningSubsystem.dll
2015-10-20 15:03 - 2015-10-28 08:21 - 00063624 _____ () C:\Program Files\Ruiware\WinAntiRansom\drvhlpr.DLL
2015-08-30 03:28 - 2015-09-26 13:12 - 00405160 _____ () C:\Program Files\Ruiware\WinPrivacy\PFPVCY.DLL
2015-08-30 03:28 - 2015-09-23 09:05 - 00128168 _____ () C:\Program Files\Ruiware\WinPrivacy\pvcytl.DLL
2014-11-09 16:10 - 2014-11-09 16:10 - 00045192 _____ () C:\Program Files (x86)\EMET 5.1\TrayIconSubsystem.dll
2014-11-09 16:10 - 2014-11-09 16:10 - 00045704 _____ () C:\Program Files (x86)\EMET 5.1\TelemetrySubsystem.dll
2014-02-08 18:19 - 2014-02-08 18:19 - 00348160 _____ () C:\Program Files (x86)\EMET 5.1\DevExpress.UserSkins.HighContrast.dll
2015-11-13 14:10 - 2015-11-13 14:10 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-13 14:10 - 2015-11-13 14:10 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-14 05:56 - 2015-11-14 05:56 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111400\algo.dll
2015-11-13 14:10 - 2015-11-13 14:10 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-07-15 22:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-15 22:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-15 22:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-11-13 14:10 - 2015-11-13 14:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-27 23:12 - 2014-02-27 23:12 - 00637632 _____ () E:\PMAIL\Programs\tcpip.dll
2011-05-19 10:37 - 2011-05-19 10:37 - 00565827 _____ () E:\PMAIL\Programs\sqlite3.dll
2013-06-28 15:39 - 2013-06-28 15:39 - 00557568 _____ () E:\PMAIL\Programs\DICT.RLO

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4267585356-2186095281-715594798-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DE.DEsDskTp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\DEPro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C00A7B34-AB43-4E8A-A5AC-96406B9B984E}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [{47B9C91E-2813-4981-828A-156000489D29}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [{01E999B3-3AC5-4F35-A705-4DC01E868C6C}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [{D9820D02-5407-42DF-B3E3-94977F1E173C}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [TCP Query User{8721E9FD-90AE-4A3F-8D74-197AB0F1911A}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [UDP Query User{E497034A-0455-4E3D-86EF-634110B64D1E}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [TCP Query User{DD0AB9DB-DA0C-4973-A74A-19B31DB96FBB}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{5818978E-A86F-4EED-B81B-2FC1F2B92816}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{ADCF0AB4-575E-46D1-B8A4-79E0832EF904}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{BD1D55D2-D9A0-4A8C-AE28-DA485B841AEB}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{A319BC78-DEB1-49E6-8E56-6C869E2E6D17}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{AD07AEF1-1CC6-4A0F-BF32-63D5E8CE75BF}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{7CABFA24-2506-4C5E-9F9C-63BE0D17E106}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{F5BBA92C-5C8E-4822-97DE-3EE65F286D08}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{8D2777D9-478A-48A4-8223-C52464B668C3}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{232BD8B6-E2CA-4761-A654-DBEA5AA81B1A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{BE290C1B-7912-4EB7-A585-FFA4E765DDCD}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{5A64110C-4ACB-4CDD-8697-F537AAA0B9E1}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{4B15661F-9EEF-47AE-AA69-05D90335FDDB}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{0D0A6E43-F199-4615-956D-39031E17EAC4}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{BD1D11E3-A6BE-4972-935B-D482F7EC7104}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{61F55B02-E7B9-4A8B-A0EE-0BC29351F110}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{634EA218-793D-4EC3-93EE-2667A35D5CCC}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{7BCFD482-8F2E-4771-9047-A66B4BF41427}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{273B2CE3-865F-4543-AE61-65E34F145C6D}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{BF7D140E-4A7D-4E80-8EF0-2A4F21A6E288}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{73902AB4-70C5-4D43-9592-49DA9443558D}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{4A970B4A-8BEB-4E47-B64B-F5249CAAA36C}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{CAA329EC-9211-4BA3-BED7-EACD36E40AB2}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{076B0D4A-CB06-4083-89A1-E8EDA08A43F0}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{4CD706C5-2ED9-4442-9299-E3B6F7546742}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{E6681993-4C96-421C-996D-DBD37D501AFB}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{0BC8C397-D4C5-4318-9E4A-C6580AC83DC0}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{07E180B2-D7C8-4E20-9F1F-F0A5E65D6FD1}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{36D04A0F-A271-44AA-B185-57B9BBA75FF7}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{52AA5005-DF7D-4F89-9991-B8888775A144}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{FA208F40-6531-4F36-A879-549E1A9BA32D}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{DEEE017B-766E-4070-8F05-B75CB6CF78C1}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{DCF3C548-4A6B-4803-8062-EDEBFFC9F713}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{2C165BA8-8203-4C44-B725-6D0E129B5C2D}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{5AA6D625-A2A1-4D99-9900-4F246DC5944D}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{E494CC58-9700-4169-973C-7F4A8E875D38}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{B7322217-6923-486E-83EB-29B27B076AFE}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{D2632E60-6140-4CA4-BE18-9F81AA70AFAA}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{A73D4B7F-2188-4FF8-A9F0-CCA472444E0E}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{D47161BC-F9EF-4AD2-9811-5CB1DC9A7C77}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{8B581DFC-D601-4FB1-9770-9EEA2C93E01D}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{F4D5467E-F252-4023-8527-BF65068185F7}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{CFDCA40F-2439-4F2D-A5DA-B746C22D7AAC}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{9F182C0E-1760-47C9-AF3C-01A84A22B197}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{A2B0E847-53B8-4522-ABB7-05E2BB554DAD}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{8CE26318-E035-474D-8BA0-04BF883A777E}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{9D1C00F7-656E-493E-AF8F-654643929666}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{4915F057-924D-4F57-8B3E-C38DCCD603C9}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{D64E2769-793B-49B7-BBDB-CF00F17598FB}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{D688EC02-B595-44C6-AE55-5606C374EF54}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{F4382B9F-ACC3-4510-AA8A-EA453E28D9DB}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{3B2E6BBC-EE6F-46B6-A8DD-9EC95BD2BA82}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{B6D09F2F-905C-4301-9436-7EA38307CFA0}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{7E533C8E-2D28-47FD-9F4E-0FF610B8DA61}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{917CA23D-2FF2-4563-A1D7-B6E8366F8963}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{9D0581BC-29A9-4883-9CA6-5E7847EB9A1E}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{E1F01DD6-86FC-4D5A-9926-E7B6B17805DD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{3599C1E0-BA1B-4FF7-8F3D-69E85666652F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{58B61312-B8D6-4C5C-B831-5B9DF6CD7197}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{871224EA-91C1-4627-B695-D2557154F98B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{9162FF50-8B17-456E-947F-9BB62F117D0A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{52C0ED41-45E7-46EC-8D6C-645FCDB28AB2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{E3CAA384-8F57-4904-9EE7-77CEC9AD9CB0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{66AC9AF2-0791-41AC-B4D8-6017D421F555}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{E225D50B-B935-463B-B61D-ACA4F705C96B}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{4E558C27-86FB-46E3-ACFD-7A4B1543B9A0}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{2CE63C82-D5FF-4A06-9BB5-F660AC213D1F}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{D9C2ADA7-E71A-48A4-AB57-491A14031C3F}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{0975C625-94A3-4172-BD46-15666B48AA64}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{519F5D06-B87A-4FC2-ABC6-C654EFE44D91}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{C0E6016C-7F62-4FD0-B8B8-A7F504539ED7}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{D2BCEFE8-65D1-4430-9380-3CE619941019}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{C275C6BB-46C3-45BB-A767-4A0999BCDFB6}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{53070DAF-E1DC-4B1B-A46C-3C96EB9FC5A7}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{F0F1A8F4-5E64-4287-9444-8D12D4613C1B}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{E3E616FC-0B09-45FF-A01E-B5825BED7947}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{8CF64591-07E7-46C4-A08E-6C79C8747348}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{606FE148-97E4-4423-B153-247C357A257E}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{83498705-C48C-451D-997A-F11B201F3E62}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{40726B88-BECC-4A96-93A4-107B582735C0}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{2322CC95-864A-4D32-A059-83536360D1E0}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{EBB769C1-248F-441E-9A8B-5CB17E359BFC}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{2F4FDA91-4470-44C1-BFC8-E90C09BB2C23}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{C3824272-F733-4939-9EBC-CEB51DB92914}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{3E8C3BCA-7C31-4CB5-A5AD-A5D7BAF63A32}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{9E534295-4987-4C3A-BBA5-CF01C53669C7}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{EB906324-B0C1-4821-94B0-60FB941C144B}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{2A11101C-EB3E-4764-B4DF-D0B71EB48DC6}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{6BA87549-509E-4E97-BAFB-1483CB839C8B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{6F7A54A2-82C1-4BB1-BBE4-50D83ADBB60D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AB1F5AAA-AE9E-4E64-A7A0-45388025E7D7}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5DE90270-CDFC-47BD-AD82-266A079FC88D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{5D0A0393-4F9F-4090-9085-D5F970F7FB6C}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{3F7BF69C-A5D6-4427-82D9-B8B568C60CC6}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D4403FE6-75DA-46AC-9ABA-3CE2FAE42492}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{11F1881C-AFED-4542-AD4E-DCDA3D8B601E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DE12414D-D310-4DEC-8B23-1E8896AB68D5}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{816D20ED-CDF7-41B9-B208-CC86F3799850}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{CEFBC902-7CF1-4B5D-9444-7A6B83C96E62}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{EFBF2841-3193-40CE-97DD-3F9CD59431C0}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{77D68AB4-3081-43D9-A595-186B2B5083BE}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{7987A4D0-C049-4BF4-AD41-5AE9379A4F12}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{A55DCADB-70A3-49FF-8139-779DE6D76B73}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AB207F1A-02F9-4360-A3E9-60BA95ABAC4B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AA4819A2-99CC-4E18-AEDD-D38744717809}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{EE3E0BEA-0CF0-4FF2-8199-6BE97566B37D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2C224A7C-CB62-46B0-AEA0-4A715624F183}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0BEE6520-A6F6-4FC0-B869-49E1B2DF8A6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9FE78145-68CD-493C-8A2C-F45B4033582B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B83BEC29-6473-4816-BBA1-ABC86FA84983}] => (Allow) C:\Program Files\SUPERAntiSpyware\SSUpdate64.exe
FirewallRules: [{98D44EE3-335F-4710-9751-9ABD8845FE34}] => (Allow) C:\Program Files\SUPERAntiSpyware\SSUpdate64.exe
FirewallRules: [{49B6F2A5-2B1E-4D15-9039-1AF2BAB2B79D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{3F3334A0-90C4-4F30-8627-A8D91575B430}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D565B63E-FACF-4365-9ABB-84234D32E368}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{75B10D1B-A022-431D-98AB-97BF455AFFFE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{D716F831-AD24-4F81-B740-144E9B996CF0}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{87923D8D-D9FD-4B3A-840F-3C9DFF270B6E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{C3753099-4A73-4CB8-B60F-254012008908}] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{BE4E18DC-AC09-4218-8279-D3B184301557}] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{73120194-CEF9-424D-8C97-AEFDFA5AF86A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{E0B9E68F-9285-4EED-9AAB-719007EED3BC}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BBBE87BC-4F3E-4E47-B177-5E4FEC69917C}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{15A55F00-6854-4AF5-B4D0-3A68C2F6B545}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{6ADCD6D1-4CE8-486B-A31D-8A4BDECE2D7D}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{5F3F3534-9D2F-45EE-BD73-98C5BEDDE1DA}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{EE12CAF9-7754-41CA-AE81-124FFCAB13CE}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{EBD82EAF-DEF9-4185-BAE6-78D399A0195B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{BD135FC6-1AE6-423E-B26C-0DD9934C644C}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{27857A3F-B96F-4DAD-B1AC-BCA50A73D3C4}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{794A82AE-2F3F-4306-BE9A-C365C1F7D2CE}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{326BC1CF-D543-4269-8CCC-D4EEA749E200}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{BC6580FE-865A-4ED2-9BE3-89B4A55AC595}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{0346C772-60B3-4BC7-8E12-5FE9927610CA}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{4B25177D-A1F0-48D4-8730-A49ED70252D2}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{BC83308B-CFCC-40DB-8E07-5F2875C42D69}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FB2ABEAE-BFE8-44C9-94A9-7C18F582E94B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{39258BDF-9940-4AF7-95CE-DC939896A431}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{837C22FB-F95B-4C2F-915F-5202BD4FFC51}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{FE9FAF83-B9CE-4F4A-B5FB-C9ECEB8A78C2}] => (Allow) LPort=8888
FirewallRules: [{DD2B0ED8-0CF9-49F0-B4BB-2AE4E82FA208}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{75DB749B-1D37-47C5-907A-08AAB31CAD52}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{D04307D5-CB95-4CC9-98EF-68D284C5174E}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{0460D652-C1C3-412C-8D70-9EA758E8B111}] => (Allow) LPort=8888
FirewallRules: [{36C95932-06F1-49A6-9DDD-0115B3125DF6}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{BB9CA7B0-2095-4CB8-B363-D644445D6A3F}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{D969033D-C758-4BCB-BC96-DB4141A293DD}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{0FE7B800-9844-4A32-B921-09C940123A60}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{8CE095C4-BBC8-4DE0-A4BD-26E68604C2D8}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{46583A15-7E22-46AD-BB2A-F4B1C1DFD20E}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{C3E3EB6D-A87D-453E-9F16-9E76B98BBBB4}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{CDD07205-FFA5-4E92-ABA5-79DE4B7C93C0}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{41F06695-6DB9-4A06-BC10-3BBAE57EEE2A}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{24221B96-0E69-46A2-8557-02F4094A47FE}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{884C51BD-9057-49A2-B571-11B96EBBFE4E}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{DB64109E-40DA-40C3-B371-4EDA7D710C35}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{1C57CE5C-D90A-4477-8285-C7C780A4F44F}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{90269CB9-30F7-41AB-9868-8E8B94102400}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{7F5C15DF-2011-430B-956B-17D2D07109D1}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{B5D17AAC-0AA6-488D-B59E-9AC40B7E67A9}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{D123E012-A7F7-46D3-9C2C-93846EA7454D}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{EA92DA50-AC78-4A76-B9CA-F81200B2D511}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{317A57AD-60FE-4EF7-B53E-682B499CFBAC}] => (Allow) LPort=8888
FirewallRules: [{4203E56A-A5D3-48D7-B796-43DA6199D9CA}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{D1F83CBA-C2C3-444A-B658-47DF40CEE5BF}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{68CBFEDC-7B5F-4772-B8AB-584F1131D45D}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{C237B5E6-4BB9-4687-9A07-DF29CDBED88D}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{35FFB23D-1472-42FB-ABD8-54DD816B81BF}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{3D4F486C-DAA0-4E00-8555-D0BC25553373}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{89530072-BEA7-48D5-8A73-534D7353AEDA}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{55963096-1AE7-4A08-BE73-81082B599E44}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{00393508-FD8F-4028-9294-3EC30598218D}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{A0C4B8BB-9549-42DD-BD45-FABF284A5EF3}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{ED68AA98-1E7D-4009-92C5-50ABF19D6F5E}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{1A3A3959-3FA2-4185-A045-B60360D1C222}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{C790EE11-4621-48EE-BEBC-8FA5C13E92D2}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{1DC6F8DD-CA82-4218-964A-74D492A56D82}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{44CCED61-93F8-4655-83BC-F649BEA60EAC}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{61ECDCAD-94CB-400D-BE59-2D1FA4757435}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{19A36C3A-09DA-4EC3-9DA2-E51ECB208F07}] => (Allow) LPort=8888
FirewallRules: [{17D643FA-D348-4F9A-824E-D9FCD829F2C6}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{259BAF7E-3992-486E-923E-43E432FFA4C2}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2A55A98B-494A-424B-89BB-585DD51759C9}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A6DEF2B8-943E-4134-93D1-EDE3383337AA}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{3FEBAD35-B805-49DE-8EAC-A89637CA0631}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{44F346AB-A719-4C33-8046-B32FBB9DEA12}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{7E8CBB9D-5D19-46FA-8E6E-DFB11D60B541}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{912E492D-35B4-48A8-BD97-823824C944DD}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{5E084411-445D-41D5-A80B-DBC32E9C68A1}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{55E9BDA7-5325-4EA2-9E54-4CDB3D2B5255}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{E522454B-08F0-4388-BA21-3E2157F5C96B}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{5E245751-416A-4A2E-A962-93DC152D2907}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{7464E954-5BD8-4C2D-B9C4-D7A464324838}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{A372A324-829B-43AE-9762-B02BF32FA9F5}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{CEE9507C-38DB-4D32-BDE4-C36B8D8EB5BB}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{000DD02C-9B23-4A39-8D37-9E8D1C5ABA2D}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{8336A896-F23C-4119-8A0F-76C37C853B67}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{205FFAB7-7410-47A1-99A9-67D6345866F3}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{66C59FBD-ACDE-449E-A57A-8002FA487174}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{263F4102-3281-40FE-8A49-4C0406AC923E}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{C35ECFE4-F25A-4E0D-A5F1-6C8077D080D8}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{15FDACD0-44FC-417A-9533-93BBEED346BD}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{14BBA21A-E0E8-4B68-BAE6-A1B97211EA08}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{F3E4471E-80D7-42F4-BAF3-5BF50BF11D10}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{ABDEBD63-E387-4ACB-A1B6-ABD5B68A4892}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{01092B8D-2962-423C-9D6E-0B30D64C34F6}] => (Allow) LPort=8888
FirewallRules: [{24BCE42E-5D59-48F6-A011-74CCC5EA517E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{C3BA86FC-9118-42B4-8BFE-1637212D23BD}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3CA97CA1-8FA6-46F6-85CB-1CD7E8798EB4}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3583EAC6-770C-47BF-8690-8D456C651121}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{2F3C85D1-B2F1-4B0F-B05C-E69EAB083AF7}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{7F3463B7-86D4-42B3-852A-3B8E2CDC023A}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{177C6453-0E9A-4D0A-A82C-139747B8AEEA}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{1832A814-FDBE-414A-85DF-8C470BFABD10}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{5515E0BA-4694-4EB9-878F-91FBE0A56FE5}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{515BE01D-AFE4-40C1-9E94-1A64CFE72961}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{BC323917-961B-4CEF-871C-AB88DA674E77}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{5DDA5CB2-87D2-4E48-A265-1B2C8C424F58}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{D2A7F495-8CD7-403E-864E-5C1D3698CA75}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{711B6B59-240B-45E5-9982-52B5815F21C5}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{1C6F92CC-93E4-496E-A38E-BAE03431A6E0}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{7FFDAE91-645B-43CE-AB7A-4A54308EC1E8}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{7E8D8827-D7C2-4962-90FE-C639A7BB0D7A}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{F38816F5-CE84-481D-834D-F0B5DD4877D8}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{70A1CD74-9478-490C-BF81-513E1FF4A945}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{73472914-92C4-462F-AAE2-4122902CFBDF}] => (Allow) LPort=8888
FirewallRules: [{9D59079A-7FEB-468B-A26A-2D0578C4CC51}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{A49A549E-E061-4711-9678-4FCBA9509D89}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{691262A8-9928-4FDB-8F75-2796967D49EE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FCBB8800-8204-4B58-B44A-C577D1859A0C}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{D544499B-E865-47AB-9274-D7155D07A998}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{D47F07D0-16D5-4E20-AADF-E54FED7BF67F}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{8928A89D-C753-443D-8036-B83F3A574E55}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{CDA7490C-81FB-4DF5-9052-C0C5ED166AFA}] => (Allow) LPort=8888
FirewallRules: [{A2E74103-C603-4C5A-865E-67EB90EA350B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{B3D1001B-6C51-4454-AB00-B337EEC86F32}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{44E99320-3711-42CC-A384-93B46D6961F8}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1B20A67C-0556-4A8C-B805-1CFFDA93A25C}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{3B886B19-68EB-4547-9F80-0B046425E649}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{C58D5AFC-6459-4FF5-BB6E-FE301A60FE3C}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{AC4A43D3-3224-4044-B1E7-F14C35C70843}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{42286F41-0F2E-421F-8470-CDBBDE47C06C}] => (Allow) LPort=8888
FirewallRules: [{D4A68143-D0E9-4BC4-B3B9-BBCF37CBE49A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{1E4D3ACD-E606-4824-97AA-7A781C2F06ED}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FCF040E2-6921-4229-A4F3-A2A2FAEBAAEA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FE8B29CC-B425-4236-B346-BC47110AE8CA}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{55041957-4D58-4192-AF9D-C52D912453C6}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{6970F41F-FF2F-4614-9EFF-75BDBBA80B69}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{A4AA93A8-4382-4F3D-AE9B-037743A0259C}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{C48EA579-EA53-41B0-B5A6-49099D269B24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{39BC8245-0FC7-44F5-AA16-AD501CF0A311}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/14/2015 02:50:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2015 02:03:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 13634. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (11/14/2015 02:00:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2015 01:19:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004aea0
Faulting process id: 0x1994
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (11/14/2015 01:19:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1708

Start Time: 01d11f0e7771f3cd

Termination Time: 0

Application Path: C:\windows\system32\mmc.exe

Report Id: 38c05889-8b04-11e5-bf1d-ac279f592d5a

Error: (11/14/2015 09:38:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (11/14/2015 09:38:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3014) (User: NT AUTHORITY)
Description: Unable to update the performance counter explain text strings of the 009 language ID. The first DWORD in the Data section contains the error code.

Error: (11/14/2015 09:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/14/2015 09:18:23 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (11/14/2015 09:05:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (11/14/2015 02:53:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (11/14/2015 02:51:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/14/2015 02:51:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/14/2015 02:50:25 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Windows Firewall With Advanced Security/Firewall.

Error: (11/14/2015 02:49:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (11/14/2015 02:49:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (11/14/2015 02:49:22 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/14/2015 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/14/2015 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/14/2015 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 65%
Total physical RAM: 3931.61 MB
Available physical RAM: 1342.92 MB
Total Virtual: 7861.43 MB
Available Virtual: 4771.64 MB

==================== Drives ================================

Drive c: (WinSeven) (Fixed) (Total:48.89 GB) (Free:14.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (SpareParts) (Fixed) (Total:68.36 GB) (Free:42.23 GB) NTFS
Drive f: (BackUp) (Fixed) (Total:61.66 GB) (Free:20.3 GB) NTFS
Drive k: (RdyBstDkTp) (Removable) (Total:14.82 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: B3300DEA)
Partition 1: (Active) - (Size=48.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=159.2 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 0399B733)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
RKinner
Posted 14 November 2015 - 11:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

First uninstall the following:

 

Microsoft Security Essentials  (Just one anti-virus please.  Avast is much better so uninstall MSE)
Spybot - Search & Destroy  (Tell it to remove its immunizations if you can.  Makes it too hard to make changes.)
SUPERAntiSpyware  (Not one of my favorite programs)
WinAntiRansom (Possible cause of your errors.  Probably going to break it anyway when we run the fixlist. Assume you can reinstall it after we are done)
 
 
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
 
 
Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 
Reboot. 
 
Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
sfc  /scannow
 
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.
 
 (Second time you run vew it will overwrite the first log so copy it to a reply or rename it first.)
 
Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  
 
Close all browsers and open progrms before running Speccy.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.)  Save the file and close notepad  Attach the file to your next post as it is usually too large for the forum (Click on More Reply Options then Choose file, select the file, Open, Attach this File) Uninstall Speccy.
 
 
 
 
 

  • 0

#3
NTxLSUSA
Posted 15 November 2015 - 12:29 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

My first problem is all of those 'svchost.exe' files (18 of them) are back, they had gone away yesterday evening.  When booting up today they have reestablished their dirty work.  Have my processor at 100% meaning that system is rather slow.  Am using my laptop to reply.  Have basically the same software on both systems.  Never have had an issue with my setup, both are 64bit.  Laptop has been running since 2004 with even more securitiy software operating together on here.  Even had two (2) firewalls for over a month without any problems.

 

This system, laptop, has been giving some very unusual warnings, similar to what was showing on my desktop, but; NOT exactly the same.  NOT going any farther with this as it is for a different system.

 

I am working with the man creating "WinAntiRansom" and "WinPrivacy" software.  NOT a problem to reinstall any that may become damaged, shall we say.

 

I will be using this system to do my downloading and moving to my other system, desktop, because do not want the other on the web for any reason.  Will be using SD mini cards for moving betwee systems.  This may take a little longer than before to complete, will be getting back ASAP!

 

Thank you for reading my lengthy message with TXT files, I still have not had the time to review the TXTs . . will be doing the same with this when done.


  • 0

#4
NTxLSUSA
Posted 15 November 2015 - 01:53 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

Lost my message started to ask about : "Download the attached fixlist.txt to the same location as FRST" where might I find this 'attached' information?  Not familiar with your forums yet.

 

I will get "Speccy" from Piriform.  NONE of the free software providers like FileHippo, MajorGeek, CNN, etcetera will get any business from me.

 

NotePad, will only allow you to open one file at a time, EditPad Lite by JGSoft is better and it is FREE.  No limit on number of TXT files open at the same time.


  • 0

#5
RKinner
Posted 15 November 2015 - 02:11 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Here it is.  Sorry.

 

filehippo download is free of adware which is why I use it.


  • 0

#6
NTxLSUSA
Posted 15 November 2015 - 02:30 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

Thank you for the file for download, already had 'Speccy' downloaded from Piriform before sending that message.


  • 0

#7
NTxLSUSA
Posted 15 November 2015 - 06:47 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

After doing, " . . (My) Computer and select Manage (Continue . ." at the beginning and doing the "Reboot" it never completed after about an HOUR used the POWER switch to Kill it.  Left it off for about ten (10) min. then rebooted.

 

The NEXT instruction called for, "Then type (with an Enter after each line)."  There was only one line, the 'sfc /scannow'  had just been run yesterday finding NOTHING amiss.  Today "Windows Resource Protection found corrupt files and successfully repairedthem."  The report is within the 'Cbs.Log' file.  Attached . .  is the largest a little over 2.2Meg.

 

The other three (3) are small and will include them below/w titles bold and underlined:

 

FixLog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by DE (2015-11-15 14:45:36) Run:1
Running from F:\!DwnLdStrg\Installed\FRST_Farbar
Loaded Profiles: DE & DEPro &  (Available Profiles: DE & HomeUsers & DEPro & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Policies\system: [RunUserPSScriptsFirst] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Policies\system: [RunUserPSScriptsFirst] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-18\...\MountPoints2: D - D:\setup.exe
IFEO\taskmgr.exe: [Debugger] "C:\TOOLS\PRCSSXPLRR\PROCEXP.EXE"
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
Task: {46045B33-AF76-4469-BC87-CE729FD13C75} - System32\Tasks\{964EA1CB-AB4E-4DB5-87B1-A2603D57C69F} => Firefox.exe

*****************

HKU\S-1-5-21-4267585356-2186095281-715594798-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\RunUserPSScriptsFirst => value removed successfully
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\RunLogonScriptSync => value removed successfully
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\Software\Microsoft\Windows\CurrentVersion\Policies\system\\RunUserPSScriptsFirst => value removed successfully
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\Software\Microsoft\Windows\CurrentVersion\Policies\system\\RunLogonScriptSync => value removed successfully
"HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\taskmgr.exe" => key removed successfully
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\windows\system32\GroupPolicy\User => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{46045B33-AF76-4469-BC87-CE729FD13C75}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{46045B33-AF76-4469-BC87-CE729FD13C75}" => key removed successfully
C:\windows\System32\Tasks\{964EA1CB-AB4E-4DB5-87B1-A2603D57C69F} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{964EA1CB-AB4E-4DB5-87B1-A2603D57C69F}" => key removed successfully


The system needed a reboot.

==== End of Fixlog 14:45:51 ====

 

 VEWSy.txt:

 

Vino's Event Viewer v01c run on Windows 2008 in English

Not much to report, the 'sfc /scannow'  had just been run yesterday finding NOTHING amiss.  Today "Windows Resource Protection found corrupt files and successfully repairedthem."  The report is within the 'Cbs.Log' file.

 

Report run at 15/11/2015 5:20:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

VEWAp.txt

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 15/11/2015 5:49:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#8
RKinner
Posted 15 November 2015 - 08:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

 

 

Above is what were you were supposed to do after running sfc /scannow if it said it couldn't fix everything.  It takes the important info from the cbs.log so that you don't need to post the impossibly big cbs.log.  If it said it could fix everything then we don't need anything.

 

 

 

Waiting on Speccy log and Process Explorer logs.

 

 

 

Also Need you to run FRST scan again with Addition checked and post both logs.

 

 


  • 0

#9
NTxLSUSA
Posted 16 November 2015 - 03:07 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

Excuse me please?  I had been working with this issue on my desktop sinse about 0215hrs yesterday morning at about 2000hrs or 2100 hrs tired took over and could not think on any of it so had to go to bed.  I just sent what I could get together, after sending realized the 'Cbs.txt' did not need to be sent.  Have the Speccy report and some other to get off to you.  Need to reorient myself and review what has been done as well as what is still needed, hope to get this done today, NO guarrantee included with this, just working.

 

The reason for my delay is another project came up this morning and had to go rescue a friend that was having much difficulty with operating their computer.  A memory block is the only way to explain that problem plus did need to install some special instructions that had been on the old computer and with the NEW software on the new computer, had not been installed. 

 

One point about this site, have created a 'Signature' and should be shown with my posts, have not seen it yet.  Have clicked on the RB "More Reply Options" and there is a check box for Sig yet still not shown.

TIA, CU L8R,

'd' "Lone Wanderer"


  • 0

#10
RKinner
Posted 16 November 2015 - 04:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

No problem.  Get back to this when you can.


  • 0

Advertisements

#11
NTxLSUSA
Posted 17 November 2015 - 07:06 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

Think there are only two (2) files remaining, "Speccy°C.txt" [meaning temp in cenitgrade] and ProcExp.txt:

 

Speccy 582Km attached.

 

ProcExp: (9kb)

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
WAR_TrayApp.exe    74.04    40,908 K    49,552 K    4100    WinAntiRansom    WinPatrol    (Verified) Ruiware
procexp64.exe    2.95    38,208 K    58,196 K    4276    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Sysinternals
svchost.exe    1.87    21,652 K    35,608 K    428    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
mbamservice.exe    3.76    297,336 K    118,872 K    1140    Malwarebytes Anti-Malware    Malwarebytes    (Verified) Malwarebytes Corporation
WinPatrol.exe    2.38    3,084 K    9,316 K    3308    WinPatrol Monitor    Ruiware    (Verified) Ruiware
WARSvc.exe    2.77    52,492 K    63,200 K    2356    WARSvc    WinPatrol    (Verified) Ruiware
AvastSvc.exe    6.26    79,640 K    41,044 K    1384    avast! Service    AVAST Software    (Verified) AVAST Software a.s.
MsMpEng.exe    1.04    106,400 K    144,008 K    872    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
WmiPrvSE.exe        7,264 K    12,388 K    2732    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
mbam.exe    0.33    226,180 K    222,772 K    3316    Malwarebytes Anti-Malware    Malwarebytes    (Verified) Malwarebytes Corporation
dwm.exe    0.88    65,620 K    35,132 K    524    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
Interrupts    0.58    0 K    0 K    n/a    Hardware Interrupts and DPCs        
svchost.exe        5,052 K    10,092 K    712    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
explorer.exe    0.47    47,296 K    73,360 K    3404    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.25    156,600 K    147,556 K    256    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
System    0.64    248 K    360 K    4            
csrss.exe    0.27    2,740 K    13,220 K    496    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
lsass.exe    0.23    4,316 K    11,180 K    596    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows
services.exe    0.12    6,320 K    16,816 K    540    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.18    23,796 K    25,096 K    996    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
SDWSCSvc.exe    0.18    5,968 K    10,520 K    3060    Windows Security Center integration.    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
SearchFilterHost.exe    0.44    764 K    1,892 K    5884    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
WinPrivacySvc.exe    0.09    61,468 K    75,564 K    3044    WinPrivacySvc    WinPatrol    (No signature was present in the subject) WinPatrol
SDTray.exe    0.10    17,072 K    27,136 K    4880    Spybot - Search & Destroy tray access    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
CCleaner64.exe    0.02    11,104 K    20,692 K    3920    CCleaner    Piriform Ltd    (Verified) Piriform Ltd
AvastUI.exe    0.04    65,724 K    22,436 K    4344    avast! Antivirus    AVAST Software    (Verified) AVAST Software a.s.
SDUpdSvc.exe    0.03    9,516 K    15,100 K    2624    Spybot-S&D 2 Background update service    Safer-Networking Ltd.    (Verified) Safer Networking Ltd.
csrss.exe    0.04    2,332 K    4,836 K    432    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe    0.02    21,516 K    16,208 K    5084    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    15,800 K    17,980 K    1220    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
EMET_Agent.exe    0.01    34,476 K    48,008 K    3300    EMET_Agent    Microsoft Corporation    (Verified) Microsoft Corporation
svchost.exe        7,928 K    13,388 K    384    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
unsecapp.exe        2,028 K    6,220 K    3808    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    0.01    4,228 K    8,200 K    808    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe    < 0.01    9,604 K    13,036 K    1512    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
MobileService.exe    < 0.01    45,188 K    51,184 K    3028    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
ipoint.exe    < 0.01    7,612 K    2,056 K    3876    IPoint.exe    Microsoft Corporation    (Verified) Microsoft Corporation
SASCore64.exe    < 0.01    1,380 K    3,728 K    1644    Core Service    SUPERAntiSpyware.com    (Verified) SUPERAntiSpyware.com
taskhost.exe    < 0.01    13,216 K    13,312 K    3260    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
itype.exe        10,700 K    456 K    3916    IType.exe    Microsoft Corporation    (Verified) Microsoft Corporation
SearchProtocolHost.exe    < 0.01    1,484 K    4,016 K    5836    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
spoolsv.exe    < 0.01    9,576 K    17,084 K    1484    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
CompMgmtLauncher.exe    < 0.01    8,748 K    19,428 K    4320    Computer Management Snapin Launcher    Microsoft Corporation    (Verified) Microsoft Windows
Seagate.Dashboard.DASWindowsService.exe        45,452 K    52,864 K    2844    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
WUDFHost.exe        2,268 K    6,444 K    5076    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
WinPrivacyTrayApp.exe        21,620 K    27,324 K    3584    WinPrivacy    WinPatrol    (No signature was present in the subject) WinPatrol
winlogon.exe        3,132 K    7,664 K    568    Windows Logon Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        1,560 K    4,524 K    480    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows
VSSVC.exe        1,964 K    6,480 K    5348    Microsoft® Volume Shadow Copy Service    Microsoft Corporation    (Verified) Microsoft Windows
TCPSVCS.EXE        1,508 K    4,088 K    2100    TCP/IP Services Application    Microsoft Corporation    (Verified) Microsoft Windows
taskhost.exe        6,376 K    12,736 K    5548    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
taskeng.exe        2,060 K    6,084 K    4052    Task Scheduler Engine    Microsoft Corporation    (Verified) Microsoft Windows
System Idle Process        0 K    24 K    0            
svchost.exe        6,436 K    10,140 K    2944    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        900 K    2,728 K    5540    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        1,304 K    4,240 K    5656    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,600 K    8,768 K    1720    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,124 K    5,744 K    2432    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        4,560 K    8,964 K    1700    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        3,600 K    8,232 K    600    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,016 K    5,860 K    2920    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        6,868 K    12,188 K    2716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        456 K    1,120 K    328    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows
Seagate.Dashboard.Uploader.exe        39,996 K    49,376 K    956    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
procexp.exe        2,784 K    7,076 K    5104    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
PresentationFontCache.exe    < 0.01    25,540 K    16,920 K    3544    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Windows
NisSrv.exe        1,912 K    4,996 K    3124    Microsoft Network Realtime Inspection Service    Microsoft Corporation    (Verified) Microsoft Corporation
mbamscheduler.exe        7,908 K    12,832 K    1920    Malwarebytes Anti-Malware    Malwarebytes    (Verified) Malwarebytes Corporation
lsm.exe        2,484 K    4,236 K    608    Local Session Manager Service    Microsoft Corporation    (Verified) Microsoft Windows
KeyScrambler.exe        4,848 K    14,340 K    4272    KeyScrambler    QFX Software Corporation    (Verified) QFX Software Corporation
KeyScrambler.exe        2,320 K    6,880 K    4896    KeyScrambler    QFX Software Corporation    (Verified) QFX Software Corporation
hpwuschd2.exe        1,012 K    3,924 K    1376    hpwuSchd Application    Hewlett-Packard    (Verified) Hewlett-Packard Company
GWX.exe        3,084 K    528 K    3148    GWX    Microsoft Corporation    (Verified) Microsoft Windows
EMET_Service.exe        20,684 K    23,756 K    1764    EMET_Service    Microsoft Corporation    (Verified) Microsoft Corporation
DeviceAgent.exe        48,360 K    53,312 K    912    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
DBAgent.exe        11,760 K    21,852 K    4732    Seagate Dashboard    Seagate Technology LLC    (Verified) Seagate Technology LLC
7+ Taskbar Tweaker.exe        2,860 K    6,864 K    3340    7+ Taskbar Tweaker    RaMMicHaeL    (No signature was present in the subject) RaMMicHaeL

Attached Files


  • 0

#12
RKinner
Posted 17 November 2015 - 08:34 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

Major problem I see is:

 

WinAntiRansom 

 

Its component:

WAR_TrayApp.exe    is using up 74.04% of the CPU.    Your system will be slower than molasses.

 

You really need to uninstall it.  If you have uninstalled it and this is left over then we can use FRST to remove it.  Create a  new FRT scan with the Addition box checked and post both logs.  If you haven't uninstalled it, please do so.  (Also uninstall Microsoft Security Essentials which I asked you to get rid of earlier.)

Then make a new Process Explorer log and post that.

 

Speccy says your PC is running too hot.  A desktop should be down below 45.  Part of that may be because WinAntiRansom is  using too much CPU but some of it is probably dust build up on the heatsink.  Usually you just need to shut down the PC, (leave it plugged in) and open it up.  The CPU usually has a big heatsink and fan and the heatsink will get covered in dust over time.  You can use a vacuum cleaner hose and a small brush to get rid of the dust.  Sometimes you have to remove the fan (4 screws - remember which way is up and DO NOT REMOVE the Heatsink! - just the fan.  I would start it up with the PC open and watch the fan.  It should start right away.  (It may stop after a while).  If it is slow starting or makes noise then it needs to be replaced.

 

Your hard drive is getting old and a bit shaky.  Even those each measurement has status Good, I'm not convinced:

 

01

Attribute name Read Error Rate
Real value 0
Current 111
Worst 99
Threshold 6
Raw Value 00024B767A
 
07
Attribute name Seek Error Rate
Real value 0
Current 87
Worst 60
Threshold 30
Raw Value 002533D550
 
BC
Attribute name Command Timeout
Real value 90,195,689,493
Current 100
Worst 93
Threshold 0
Raw Value 0000150015
 
C3
Attribute name Hardware ECC Recovered
Real value 0
Current 49
Worst 27
Threshold 0
Raw Value 00024B767A
 

 

 
 
On a good drive the raw values are all 0.  I think it's time to clone the drive and replace it before it dies.  Or at least back up any data you don't want to lose.
 
 
 
 
 

  • 0

#13
NTxLSUSA
Posted 18 November 2015 - 01:21 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

Do not be offended by my wording nor what I have to say as I am one that says it as I see it without any sugar coating my words just to make it sound sweet.

 

This laptop has been in operation since about March of 2004 without any difficulties running basicly the same software that you have found on my desktop, except for the WinPrivacy and WinAntiRansom.  They came into my systems Oct, 2013 for WinPrivacy and Dec, 2014 for WinAntiRansom.  I am working with the man creating these two (2) selctions of software, letting him know what is going on with my installations.  Just to let you know I am quoting a message from him just received this morning:

 

"Hi d,

 

The current version of WAR is not working properly on Windows 10, we are testing beta-5 at the moment and will hopefully have it released in the next day or so. Beta-5 will work on Windows 10 and be “feature complete” other than support for Windows XP.

 

Thanks,

Bret Lowry"

 

About my desktop it has been running since Jan, 2013 with very little issues, mostly my need to understand Win7 Professional as I have always worked with Home Premium.  Any problems have always been solved, this issue with slowing and even stoping is one I have not been able to solve.  So far you are the only one that has given any assistance that has shown where to look and how to solve this.  Last Jan, 2015 started giving me some problems with installing software AND discovered my Admin account had gone belly-up.  Could not access . . nothing I did would HELP.  Posted on several forums I hold membership including Microsoft's Community, which was even worse.  All they would tell me was Reformat/Reinstall from the get-go.  I do not work that way.  Trouble shoot annilyze test with a little more of each until corrective action is found.  Solved that issue with NO help from Microsoft.  What I know is from trial and ERROR, most the later, but; learning what can and cannot be done so those ERRORs are not very often.

 

I respect you and your opinions on my system, except I am responsible for my own maintenance, Admin, software used for security, et cetera .  Have had two (2) fire walls, three (3) antivirus softwares, four (4) malware softwares all running at the same time and doing their own thing to keep my system running best as possible.  Two (2) fire walls did keep me rather busy they never gave any problems just jumping back and forth was a bit much.  Using two (2) antivirus softwares and three malware that work just fine with each other and NOT causing any issues.  Have been threatened on some forums of being banned from posting if I did not stop posting about my system running with these programs working together, with x86 (32bit) software it is an issue of locking up, not with 64bit. 

 

This issue presently giving me heart burns is caused by WinAntiRansom_SysTray using too much CPU time.  NOT sure what is going on with all of the 'svchost.exe' files running from eighteen (18) to twenty (20) on my desktop and NOT on my laptop.  Plus this started with "Windows PowerShell" having stopped working, that is over my head as that is for IT Specialists to use for their day to day operatons/w different programming language for them to learn and use.  Well any other that can learn how to use it can.  Have learned much about this over the last few weeks.  YES, I do know even more about my systems and work within areas that most are told to stay away from, because; they could KILL their systems.

 

Thank you for letting me know about my system and will be working to improve it ASAP!  Am aware of temperatures being rather sensitive on the CPU (which is really the computer) the other parts within the case are just means of communications with the CPU, input/output, networking.  Started learning about Main Frame computers, 19" rack mounts, about 1973, Data General that was the controling compuiter for a Test Stand for checking out printed ciruit cards for equipment for the Air Force.  Am a Journeyman Electronics Technician with over 60 years experience in that field.  Have worked with desktop (IBM compatables) since about 1984 surfing the net from DOS in Unix CMD line software.  Have also worked in Linux, several different flavors.

 

This is MUCH TOO long for you to sit and read, am not that important, just want you to know what you are dealing with

 

THank you so very much for your input

TIA, CU L8R,

'd' "Lone Wanderer"


  • 0

#14
NTxLSUSA
Posted 18 November 2015 - 03:58 PM

NTxLSUSA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

RKinner,

 

An UPDATE to my issue of CPU usage so HIGH, even not on the web, no connection through my modem, AND WinAntiRansom uninstalled the CPU was bouncing around 50% - 90% now being done by AVAST! FREE AntiVirus without any scan being done.  NOTHING going on, no programs even being used, blank screen.  Microsoft Security Essentials was NOT the issue.  It was more about AVAST's latest update to what they call 2016 (v11.1.2241).

 

There is an issue in WinAntiRansom being a little over the top, MrBret Lowry is working on that issue and should be done soon.

 

Also neglected to report after first turning on my laptop to post that lengthy message a scan was run by MBAM then by SAS (Super Anti Spyware) AND SAS found 10 tracking cookies on my laptop and MBAM found NOTHING.  That is why I run more than one malware monitoring and removal software as well as more than one AntiVirus software, there is NOT any single one that can protect you 100% because they do not all check for the same thing nor use the same data/reference files.  Your opinion is the same as mine, they smell . . bad.

 

This can be CLASSIFIED and solved and done with as far as I am concerned . .

 

TIA, CU L8R,

'd' "Lone Wanderer"


Edited by NTxLSUSA, 18 November 2015 - 04:01 PM.

  • 0

#15
RKinner
Posted 18 November 2015 - 07:37 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

 It is normal to have a bunch of svchosts  (I have 14) and only if they start eating CPU time do I worry about them.  If you run Process Explorer you can hover over each svchost and it will tell you what it is doing. 

 

I run Avast on my own PCs and it is usually well behaved.  If it continues to eat up CPU time then I  would download a new copy http://files.avast.com/iavs9x/avast_free_antivirus_setup.exe andthen  uninstall it, reboot and install the downloaded copy (right click on it and Run As Admin).  Some notes on Avast:

 

Uncheck any offered software like Google toolbar, or Chrome.  After the next reboot they have been offering dropbox.  You can uncheck that.  Do not accept the offer for a free trial.  Stick with the basic service.
 
 Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
 
They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.
 
If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want your name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.  Look for the Basic option.
 
Tonight, after it has updated you might want to let it run a full boot-time scan with my setup.  This takes around 6 hours so you want to let it run while you sleep.
 
 How to do a boot-time scan while you sleep:
First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  You may need to enable seeing hidden files in order to see the file so: Open the Control Panel menu and click Folder Options.
    After the new window appears select the View tab.
    Put a checkmark in the checkbox labeled Display the contents of system folders.
    Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
    Remove the checkmark from the checkbox labeled Hide protected operating system files.
    Press the Apply button and then the OK button
 
 
If you insist on running two anti-virus programs you should know that this doesn't give you double protection but actually gives you less protection.  They fight each other.  Each one wants to check each file you use so it takes longer to open a file.  
 
Very few people care about cookies any more.  If they bother you, set up your browser to remove them automatically each time you close the browser.
 
You're not the only old-timer in computers. (I'm just 5 years younger than you but I have an E.E. from Ga Tech, a M.E.E. from Clemson and was a Cisco Certified Networking Professional the last 8 years before retiring.)  My first computer language was Algol 58 back in 1966.  It ran on an early Burroughs mainframe and we had to make punch card decks to run our programs.  In 67 they pulled that computer and the new one only spoke Fortran so had to learn a new language.   My first real computer was a TRS-80 that I programmed with audio cassettes.  I have been working with Windows since 3.1.  I also speak Unix, Linux, Pearl, Smalltalk, Word Basic Macro, Javascript and several obsolete machine languages.  I used to volunteer on the HP itrc forum where I was Pharaoh level.  I've been a Microsoft Most Valuable Professional for 9 of the last 10 years.  

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP