Greetings from the GREAT Country of TEXAS,
Feel this started about six (6) or even more months ago, my system has been slowing and slowing and, well you get the message. I started to look into what is going on about a month and half ago. NOT any sort of a computer expert, just a self taught home user with a very strong curiousity that is not satified very easy. Started working with computers abut 1974 learning how to use a Data General 19" Main Frame/w a TTY for input/output that is a part of a test stand working for the Government, originally trained as an Electroincs Techy (with over 65 years experience), learning a small amount about logic, binary, octal, hexadecimal, eight bit, sixteen bit, thirty two bit, well that is enough of that for now. Not a programmer but very curious about my systems. Started working with desktops before the WWW was ever created and not even Windows, was surfing the net using TCP/IP in Unix software @ a DOS CMD line. Enough about me, on to my issue.
Started getting the Pop-Up window "Windows PowerShell has stopped working" with only "Cancel" available as a choice to close the window. Later was given a RB "Detail" that produced NOTHING, had to use RB "Close" to get rid of that window. Then it would alternate between those to choose from. Went looking for "Windows PowerShell" finding NOTHING, then a friend told me to just look for "PowerShell" and would find it in '\Windows\System32\WindowsPowerShell\' plus '\Windows\WOW64WindowsPowerShell\' and actually another folder added to each 'v1.0\' and some scripts and two (2) files in each location titled 'powershell.exe' and 'powershell_ise.exe'. Attempted to rename them, as my friend had suggested, could NOT get that done. These files were all IDed as Microsoft files and signed by them. Am also familiar with SysInternals by Mark Russonivich, now working for Microsoft, and his program "PorcessExplprer/exe" and have used it for many years. Had not used it on this system so started ASAP! With using that found there were about eighteen (18) 'svchost.exe' [my last experience with these files there were nineteen (19)] files running 'scripts' as I had learned from reading several different forums I hold membership, including "Windows Sectrets Lounge" and am also an "Insider" with "WS" and listed with Microsoft. Attempting to keep this as short as possible, last week-end spent both days reading about "Windws PowerShell has stopped working" on WinTips Dot Org website and how to remove that issue. Well it did remove that issue of "Windows PowerShell," but; did nothing about clearing the 'scripts' that were slowing my system. Ran their thee (3) little files several times with only the first producing any resuts, that is clearing the window about "Windows PowerShell" the other remained. It has gotten so bad that even logging off and shuting down would not work, Power Switch for for (4) sec was required, many times.
Being familiar with 'F8' and the menu selection which have been used many times out of curiosity and getting familiar. Finally went into "'Safe Mode" without Networking' going to those afore mentioned files (PowerShell and PowerShell_ise) all four (4) changing the Ownership to my Admin and RENAMING them to attempt to get control back where I could use my browser of choice and post some info to see if anyone else has had this experience. PLUS if any HELP is available. If there are any questions that cannot be covered by what is posted, "JUST ask and ye shall receive to the best of my recolection" . . @75 going on 76 that may not be the best in the World.
Thank you for reading my book, yes there is more but; my hands are getting tired and so is my head for thinkiing so miuch about this issue . .
TIA, CU L8R,
'd' AKA NTxLSUSA
"Lone Wanderer"
Dell OptiPlex 960 DualCore Processor Win7 Professional SP1 all updates as Microsoft provides, Avast! FREE v11.1.2241, WinPrivacy v2015.11.752 WinAntiRansom v2015.11.185 the remainder will be listed in FRST and Addition TEXT files.
FRST.TXT:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by DE (administrator) on DESDSKTP (14-11-2015 16:42:57)
Running from F:\!DwnLdStrg\Installed\FRST_Farbar
Loaded Profiles: DE & DEPro & (Available Profiles: DE & HomeUsers & DEPro & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe
(WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.1\EMET_Agent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(WinPatrol) C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(RaMMicHaeL) C:\Users\DEPro\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(WinPatrol) C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sysinternals - www.sysinternals.com) C:\Tools\PrcssXplrr\procexp.exe
(QFX Software Corporation) C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
(Sysinternals - www.sysinternals.com) C:\Users\DE.DEsDskTp\AppData\Local\Temp\procexp64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(David Harris) E:\PMAIL\Programs\winpm-32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WinPrivacy] => C:\Program Files\Ruiware\WinPrivacy\WinPrivacyTrayApp.exe [1705984 2015-11-03] (WinPatrol)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1533728 2015-04-01] (Seagate Technology LLC)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7004376 2015-11-13] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [KeyScrambler] => C:\Program Files (x86)\KeyScrambler\keyscrambler.exe [509216 2015-10-12] (QFX Software Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\DE.DEsDskTp\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-22] (SUPERAntiSpyware)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [Task Catcher] => C:\Program Files\Task Catcher\TaskTrap.exe [200200 2015-05-10] (BillP Studios)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Run: [KeyScramblerD] => C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe [563488 2015-10-12] (QFX Software Corporation)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[C3].txt [903 2015-11-14] ()
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Policies\system: [RunUserPSScriptsFirst] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [Malwarebytes Anti-Malware] => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [9832760 2015-10-05] (Malwarebytes)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [7 Taskbar Tweaker] => C:\Users\DEPro\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1216648 2015-08-05] (Ruiware)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127304 2015-04-01] (Seagate Technology LLC)
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Policies\system: [RunUserPSScriptsFirst] 1
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Policies\system: [RunLogonScriptSync] 1
HKU\S-1-5-18\...\MountPoints2: D - D:\setup.exe
IFEO\taskmgr.exe: [Debugger] "C:\TOOLS\PRCSSXPLRR\PROCEXP.EXE"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-11-13] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinAntiRansom.lnk [2015-11-14]
ShortcutTarget: WinAntiRansom.lnk -> C:\Program Files\Ruiware\WinAntiRansom\WAR_TrayApp.exe (WinPatrol)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4BDCB209-9716-4295-93CA-502D86DD982A}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{895A01BE-5F6D-48CF-9ACF-9331FCDBD0C4}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{FD5E16AB-D639-485C-B87C-BFAB6E8F83E7}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415.bak] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-13] (AVAST Software)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-13] (AVAST Software)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\DE.DEsDskTp\AppData\Roaming\Mozilla\Firefox\Profiles\6v54c658.default
FF DefaultSearchEngine.US: Google
FF Homepage: about:blank
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-23] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @sony.com/eBookLibrary -> C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll [2010-07-13] (Sony Corporation)
FF Extension: PasswordMaker - C:\Users\DE.DEsDskTp\AppData\Roaming\Mozilla\Firefox\Profiles\6v54c658.default\Extensions\{5872365e-67d1-4afd-9480-fd293bebd20d}.xpi [2015-09-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-11-13]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-13]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [174416 2015-11-13] (AVAST Software)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.1\EMET_Service.exe [31880 2014-11-09] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2015-02-03] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157992 2015-04-01] (Seagate Technology LLC)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2010-04-02] (Sony Corporation) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WARSvc; C:\Program Files\Ruiware\WinAntiRansom\WARSvc.exe [194696 2015-11-10] (WinPatrol)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WinPrivacySvc; C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe [460800 2015-11-03] (WinPatrol) [File not signed]
S2 HPSLPSVC; C:\Users\DE\AppData\Local\Temp\7zS354D\hpslpsvc64.dll [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-11-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-11-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-11-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-11-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1059656 2015-11-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [449992 2015-11-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [154256 2015-11-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-11-13] (AVAST Software)
R1 CGKDarkWatcher; C:\Windows\System32\drivers\CGKDarkWatcher.sys [15640 2015-10-20] ()
R1 CGKDarkWatcher; C:\Windows\SysWOW64\drivers\CGKDarkWatcher.sys [16152 2015-08-25] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 epmntdrv; C:\windows\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\windows\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 EuGdiDrv; C:\windows\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\windows\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [224720 2015-08-18] (QFX Software Corporation)
R1 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [109272 2015-10-05] (Malwarebytes)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\windows\system32\drivers\466534B9.sys [192216 2015-11-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-06-01] (Riverbed Technology, Inc.)
S3 rspRegMon; C:\Windows\System32\DRIVERS\rspRegMon64.sys [24832 2014-12-10] (Resplendence Software Projects Sp.)
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [450048 2010-03-31] (Realtek Semiconductor Corporation )
R1 ruifltr; C:\Windows\System32\drivers\ruifltr.sys [51480 2015-01-12] (Windows ® Win 7 DDK provider)
R1 ruinetf; C:\Windows\System32\drivers\ruinetf.sys [48408 2015-05-21] (Windows ® Win 7 DDK provider)
R4 rwpvcy; C:\Windows\System32\drivers\rwpvcy.sys [49944 2015-09-10] (Ruiware, LLC)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-11-14] ()
R1 wppvcy; C:\Windows\System32\drivers\wppvcy.sys [49944 2015-08-27] (Ruiware, LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 08:20 - 2015-11-14 08:20 - 00000360 _____ C:\windows\PFRO.log
2015-11-14 08:18 - 2015-11-14 08:18 - 00001006 _____ C:\Users\Public\Desktop\WinAntiRansom Explorer.lnk
2015-11-14 08:18 - 2015-11-14 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ruiware
2015-11-14 08:15 - 2015-11-14 08:15 - 00066504 _____ C:\Users\DE.DEsDskTp\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-14 07:37 - 2015-11-14 07:37 - 00000000 ____D C:\Users\TEMP.IIS APPPOOL
2015-11-14 07:37 - 2013-03-11 15:36 - 00000000 ____D C:\Users\TEMP.IIS APPPOOL\AppData\LocalLow\Sun
2015-11-14 07:37 - 2010-11-20 20:51 - 00001449 _____ C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-14 07:37 - 2010-11-20 20:51 - 00001415 _____ C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-11-14 07:37 - 2010-11-20 20:50 - 00000020 ___SH C:\Users\TEMP.IIS APPPOOL\ntuser.ini
2015-11-14 07:37 - 2009-07-13 22:54 - 00000000 ___RD C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-11-14 07:37 - 2009-07-13 22:49 - 00000000 ___RD C:\Users\TEMP.IIS APPPOOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-11-14 05:45 - 2015-11-14 05:45 - 00000017 _____ C:\Users\DE.DEsDskTp\AppData\Local\resmon.resmoncfg
2015-11-14 05:33 - 2015-11-14 05:33 - 00000610 _____ C:\Users\DE.DEsDskTp\Desktop\JRT.txt
2015-11-14 04:11 - 2015-11-14 14:49 - 00000448 _____ C:\windows\setupact.log
2015-11-14 04:11 - 2015-11-14 04:11 - 00291792 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-14 04:11 - 2015-11-14 04:11 - 00000000 _____ C:\windows\setuperr.log
2015-11-13 14:11 - 2015-11-13 14:10 - 00386096 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2015-11-13 14:10 - 2015-11-13 14:10 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
2015-11-12 18:19 - 2015-11-03 11:55 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-11-11 17:06 - 2015-10-13 10:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-11-11 17:06 - 2015-10-13 10:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-11-11 16:22 - 2015-10-29 11:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-11-11 16:22 - 2015-10-29 11:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-11-11 16:22 - 2015-10-29 11:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-11-11 16:22 - 2015-10-29 11:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-11-11 16:22 - 2015-10-29 11:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-11-11 16:22 - 2015-10-29 11:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-11-11 16:22 - 2015-10-29 11:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-11-11 15:56 - 2015-11-13 15:17 - 00000000 ____D C:\Users\DEPro\AppData\Local\CrashDumps
2015-11-11 14:54 - 2015-11-14 05:01 - 00037624 _____ C:\windows\system32\Drivers\TrueSight.sys
2015-11-11 14:54 - 2015-11-11 15:11 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-10 19:12 - 2015-11-10 19:12 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Roaming\OpenOffice
2015-11-10 18:43 - 2015-11-14 05:58 - 00000000 ____D C:\Users\TEMP
2015-11-10 18:41 - 2015-11-10 18:41 - 00066504 _____ C:\Users\DEPro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-10 14:55 - 2015-11-03 16:10 - 00390344 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-11-10 14:55 - 2015-11-03 15:51 - 00342728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-11-10 14:55 - 2015-10-30 17:46 - 25818624 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-11-10 14:55 - 2015-10-30 17:40 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-11-10 14:55 - 2015-10-30 17:40 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-11-10 14:55 - 2015-10-30 17:25 - 02886656 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-11-10 14:55 - 2015-10-30 17:25 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-11-10 14:55 - 2015-10-30 17:25 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-11-10 14:55 - 2015-10-30 17:25 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-11-10 14:55 - 2015-10-30 17:24 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-11-10 14:55 - 2015-10-30 17:24 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-11-10 14:55 - 2015-10-30 17:17 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-11-10 14:55 - 2015-10-30 17:16 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-11-10 14:55 - 2015-10-30 17:13 - 00616960 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-11-10 14:55 - 2015-10-30 17:12 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-11-10 14:55 - 2015-10-30 17:12 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-11-10 14:55 - 2015-10-30 17:11 - 05990912 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-11-10 14:55 - 2015-10-30 17:11 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-11-10 14:55 - 2015-10-30 17:11 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-11-10 14:55 - 2015-10-30 17:04 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-11-10 14:55 - 2015-10-30 17:01 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-11-10 14:55 - 2015-10-30 16:58 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-11-10 14:55 - 2015-10-30 16:53 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-11-10 14:55 - 2015-10-30 16:52 - 20331520 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-11-10 14:55 - 2015-10-30 16:49 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-11-10 14:55 - 2015-10-30 16:49 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-11-10 14:55 - 2015-10-30 16:47 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-11-10 14:55 - 2015-10-30 16:46 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-11-10 14:55 - 2015-10-30 16:46 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-11-10 14:55 - 2015-10-30 16:45 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-11-10 14:55 - 2015-10-30 16:45 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-11-10 14:55 - 2015-10-30 16:44 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2015-11-10 14:55 - 2015-10-30 16:44 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-11-10 14:55 - 2015-10-30 16:42 - 02279936 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-11-10 14:55 - 2015-10-30 16:39 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-11-10 14:55 - 2015-10-30 16:39 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-11-10 14:55 - 2015-10-30 16:37 - 00480256 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-11-10 14:55 - 2015-10-30 16:36 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-11-10 14:55 - 2015-10-30 16:36 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-11-10 14:55 - 2015-10-30 16:36 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-11-10 14:55 - 2015-10-30 16:34 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-11-10 14:55 - 2015-10-30 16:32 - 00720896 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-11-10 14:55 - 2015-10-30 16:31 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-11-10 14:55 - 2015-10-30 16:29 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-11-10 14:55 - 2015-10-30 16:29 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-11-10 14:55 - 2015-10-30 16:28 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-11-10 14:55 - 2015-10-30 16:23 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-10 14:55 - 2015-10-30 16:22 - 14457856 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-11-10 14:55 - 2015-10-30 16:21 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-11-10 14:55 - 2015-10-30 16:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-11-10 14:55 - 2015-10-30 16:18 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-11-10 14:55 - 2015-10-30 16:17 - 02487808 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-11-10 14:55 - 2015-10-30 16:17 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2015-11-10 14:55 - 2015-10-30 16:16 - 04527616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-11-10 14:55 - 2015-10-30 16:11 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2015-11-10 14:55 - 2015-10-30 16:10 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-11-10 14:55 - 2015-10-30 16:09 - 12854272 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-11-10 14:55 - 2015-10-30 16:09 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-11-10 14:55 - 2015-10-30 16:09 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-11-10 14:55 - 2015-10-30 16:04 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-11-10 14:55 - 2015-10-30 15:53 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-11-10 14:55 - 2015-10-30 15:51 - 02011136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-11-10 14:55 - 2015-10-30 15:48 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-11-10 14:55 - 2015-10-30 15:46 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-11-10 14:53 - 2015-10-19 19:12 - 05570496 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-11-10 14:53 - 2015-10-19 19:12 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-11-10 14:53 - 2015-10-19 19:12 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-11-10 14:53 - 2015-10-19 19:09 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-11-10 14:53 - 2015-10-19 19:06 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 01164800 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-11-10 14:53 - 2015-10-19 19:05 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-11-10 14:53 - 2015-10-19 19:05 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-11-10 14:53 - 2015-10-19 19:05 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-11-10 14:53 - 2015-10-19 19:04 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-11-10 14:53 - 2015-10-19 19:04 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-11-10 14:53 - 2015-10-19 19:04 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-11-10 14:53 - 2015-10-19 19:00 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-11-10 14:53 - 2015-10-19 18:59 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:53 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:52 - 03991488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-11-10 14:53 - 2015-10-19 18:52 - 03935680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-11-10 14:53 - 2015-10-19 18:48 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-11-10 14:53 - 2015-10-19 18:45 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-11-10 14:53 - 2015-10-19 18:45 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-11-10 14:53 - 2015-10-19 18:44 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-11-10 14:53 - 2015-10-19 18:44 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-11-10 14:53 - 2015-10-19 18:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-11-10 14:53 - 2015-10-19 18:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 18:35 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:41 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-11-10 14:53 - 2015-10-19 17:40 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-11-10 14:53 - 2015-10-19 17:40 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-11-10 14:53 - 2015-10-19 17:29 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-11-10 14:53 - 2015-10-19 17:29 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-11-10 14:53 - 2015-10-19 17:27 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:27 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:27 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 14:53 - 2015-10-19 17:27 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 14:53 - 2015-09-23 07:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-11-10 14:53 - 2015-09-23 07:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2015-11-10 14:53 - 2015-09-23 07:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2015-11-10 14:48 - 2015-10-12 22:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2015-11-10 14:48 - 2015-10-01 12:00 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-11-10 14:48 - 2015-10-01 11:50 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-11-08 15:27 - 2015-11-08 15:27 - 00000877 _____ C:\Users\DEPro\Desktop\gpedit.msc - Shortcut.lnk
2015-11-07 20:02 - 2015-11-13 14:10 - 01059656 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2015-11-07 16:21 - 2015-11-08 13:03 - 00000620 __RSH C:\Users\DEPro\ntuser.pol
2015-11-07 14:54 - 2015-11-07 17:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 08:01 - 2015-11-10 13:38 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\466534B9.sys
2015-11-05 22:51 - 2015-11-05 22:51 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Local\Microsoft_Corporation
2015-11-05 22:18 - 2015-11-05 22:18 - 00000000 ____D C:\Users\DEPro\AppData\Local\Microsoft_Corporation
2015-11-05 12:19 - 2015-10-20 12:42 - 03168768 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 02608128 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-11-05 12:19 - 2015-10-20 12:42 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-11-05 12:19 - 2015-10-20 12:41 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-11-05 12:19 - 2015-10-20 12:41 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-11-05 12:19 - 2015-10-20 12:41 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-11-05 12:19 - 2015-10-20 12:41 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-11-05 12:19 - 2015-10-20 11:46 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-11-05 12:19 - 2015-10-20 11:45 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-11-05 11:54 - 2015-11-05 11:54 - 00000493 _____ C:\Users\DEPro\Desktop\WinUpdate.lnk
2015-11-04 19:03 - 2015-11-04 19:03 - 00000176 _____ C:\Users\DEPro\Documents\AvastThreatDetected.txt
2015-11-03 04:07 - 2015-11-04 14:17 - 00000056 _____ C:\windows\system32\WinPrivacyTrayApp.log
2015-11-03 04:01 - 2015-11-04 14:14 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Roaming\Ruiware
2015-11-02 08:52 - 2015-11-06 06:11 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\58692398.sys
2015-10-29 18:11 - 2015-10-29 18:26 - 00000000 ____D C:\Users\DEPro\AppData\Local\Mozilla
2015-10-27 08:34 - 2015-10-27 08:34 - 00000000 ____D C:\Users\Public\Foxit Software
2015-10-26 13:48 - 2015-11-02 08:52 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\64B4637E.sys
2015-10-26 10:52 - 2015-10-26 10:52 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\3F845C44.sys
2015-10-26 10:52 - 2015-10-26 10:52 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\137D5C4A.sys
2015-10-26 08:12 - 2015-10-26 08:12 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\51A26264.sys
2015-10-26 08:00 - 2015-10-26 08:06 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\08715892.sys
2015-10-20 15:03 - 2015-10-20 07:35 - 00015640 _____ C:\windows\system32\Drivers\CGKDarkWatcher.sys
2015-10-18 14:25 - 2015-10-18 14:25 - 00000333 _____ C:\Users\DE.DEsDskTp\Desktop\HP Printer Diagnostic Tools.url
2015-10-18 04:51 - 2015-10-18 04:51 - 00000000 ____D C:\Users\DEPro\Documents\SafeZone
2015-10-18 04:45 - 2015-08-25 08:23 - 00016152 _____ C:\windows\SysWOW64\Drivers\CGKDarkWatcher.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-11-14 16:45 - 2015-04-17 08:22 - 00000000 ____D C:\FRST
2015-11-14 15:03 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-14 15:03 - 2009-07-13 22:45 - 00031904 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-14 15:00 - 2009-07-13 23:13 - 00866506 _____ C:\windows\system32\PerfStringBackup.INI
2015-11-14 14:58 - 2014-03-30 16:37 - 01582700 _____ C:\windows\WindowsUpdate.log
2015-11-14 14:49 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-11-14 13:59 - 2015-06-10 12:27 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-14 13:10 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2015-11-14 09:03 - 2015-02-21 08:07 - 00000000 ____D C:\Users\DEPro\Documents\MyDocsOOD
2015-11-14 08:23 - 2015-07-02 11:54 - 00001155 _____ C:\Users\DEPro\Desktop\PrcssXplrr.lnk
2015-11-14 08:19 - 2013-11-18 07:43 - 00000000 ____D C:\ProgramData\InstallMate
2015-11-14 05:54 - 2013-11-18 05:43 - 00004182 _____ C:\windows\System32\Tasks\avast! Emergency Update
2015-11-14 05:47 - 2015-07-02 07:43 - 00000000 ____D C:\windows\pss
2015-11-14 05:32 - 2015-07-05 14:07 - 00000000 ____D C:\Users\DE.DEsDskTp
2015-11-13 20:20 - 2015-03-03 07:04 - 00000000 ____D C:\windows\Minidump
2015-11-13 14:18 - 2009-07-13 23:08 - 00032564 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-11-13 14:10 - 2015-01-28 15:21 - 00449992 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00273784 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00154256 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00097648 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
2015-11-13 14:10 - 2015-01-28 15:21 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
2015-11-11 15:48 - 2009-07-13 23:32 - 00000000 ____D C:\windows\SysWOW64\WindowsPowerShell
2015-11-11 15:47 - 2009-07-13 23:32 - 00000000 ____D C:\windows\system32\WindowsPowerShell
2015-11-10 18:34 - 2013-11-17 20:17 - 00000000 ____D C:\windows\system32\MRT
2015-11-10 18:29 - 2013-11-17 20:17 - 145617392 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-11-10 14:58 - 2013-03-11 15:35 - 00854274 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-11-08 13:03 - 2013-11-18 09:48 - 00000000 ____D C:\Users\DEPro
2015-11-07 17:59 - 2013-11-17 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-04 01:55 - 2013-11-18 07:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyMaint
2015-11-04 01:52 - 2014-05-24 16:39 - 00000000 ____D C:\Users\DEPro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyMaint
2015-10-29 15:42 - 2014-12-19 06:23 - 00000000 ____D C:\Users\DEPro\AppData\Local\stellarium
2015-10-26 06:42 - 2015-10-13 06:33 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\28A31E4E.sys
2015-10-23 11:38 - 2015-06-13 09:10 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-10-23 11:38 - 2015-06-13 09:10 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-23 11:24 - 2015-05-21 16:34 - 00000000 ____D C:\Users\DEPro\AppData\Local\Adobe
2015-10-23 11:23 - 2015-07-05 18:13 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Local\Adobe
2015-10-23 02:12 - 2015-07-16 17:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-20 15:03 - 2015-02-22 16:22 - 00000000 ____D C:\ProgramData\WinPatrol
2015-10-20 15:03 - 2014-12-21 11:15 - 00000000 ____D C:\Program Files\Ruiware
2015-10-19 15:07 - 2015-06-13 09:14 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2015-10-18 15:39 - 2013-12-08 08:08 - 00000000 ____D C:\Users\DEPro\AppData\Roaming\HpUpdate
2015-10-18 04:51 - 2013-11-19 11:29 - 00000000 ____D C:\Users\DEPro\AppData\Roaming\WinPatrol
2015-10-18 04:45 - 2015-07-06 09:32 - 00000000 ____D C:\Users\DE.DEsDskTp\AppData\Roaming\WinPatrol
2015-10-15 04:46 - 2009-07-13 21:20 - 00000000 ____D C:\windows\rescache
==================== Files in the root of some directories =======
2014-12-21 09:41 - 2014-12-21 09:41 - 0001181 _____ () C:\Users\DE.DEsDskTp\AppData\Roaming\trace_FilterInstaller.1.txt
2014-12-21 09:41 - 2014-12-21 10:29 - 0000919 _____ () C:\Users\DE.DEsDskTp\AppData\Roaming\trace_FilterInstaller.txt
2014-12-21 09:41 - 2014-12-21 10:29 - 0000000 _____ () C:\Users\DE.DEsDskTp\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-11-14 05:45 - 2015-11-14 05:45 - 0000017 _____ () C:\Users\DE.DEsDskTp\AppData\Local\resmon.resmoncfg
2013-12-01 07:41 - 2013-12-01 07:41 - 0000057 _____ () C:\ProgramData\Ament.ini
Some files in TEMP:
====================
C:\Users\DE.DEsDskTp\AppData\Local\Temp\dllnt_dump.dll
C:\Users\DE.DEsDskTp\AppData\Local\Temp\procexp64.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-03 03:35
==================== End of FRST.txt ============================
Addition.TXT:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by DE (2015-11-14 16:57:42)
Running from F:\!DwnLdStrg\Installed\FRST_Farbar
Windows 7 Professional Service Pack 1 (X64) (2013-11-17 22:43:17)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4267585356-2186095281-715594798-500 - Administrator - Disabled)
DE (S-1-5-21-4267585356-2186095281-715594798-1000 - Administrator - Enabled) => C:\Users\DE.DEsDskTp
DEPro (S-1-5-21-4267585356-2186095281-715594798-1003 - Limited - Enabled) => C:\Users\DEPro
Guest (S-1-5-21-4267585356-2186095281-715594798-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4267585356-2186095281-715594798-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2241 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
EaseUS Partition Master 10.5 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version: - EaseUS)
EditPad Lite 7.3.1 (HKLM\...\EditPad Lite) (Version: 7.3.1 - Just Great Software)
EMET 5.1 (HKLM-x32\...\{72E7AE20-5B12-4F27-AF5E-DA03E3C09466}) (Version: 5.1 - Microsoft Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Free Unit Converter 2.11 (HKLM-x32\...\Free Unit Converter_is1) (Version: - Unit Conversion, Inc.)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{7F20F2D1-C425-4432-96BA-EBD0C2181493}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM-x32\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
Intel® Processor ID Utility (HKLM-x32\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.80.0000 - Intel® Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 3.8.2.0 - QFX Software Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MPC-HC 1.7.9 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.9 - MPC-HC Team)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nmap 6.49BETA5 (HKLM-x32\...\Nmap) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Pegasus Mail (HKLM-x32\...\Pegasus Mail) (Version: - David Harris)
Pegasus Mail Debugger 2.5.8.2 (HKLM-x32\...\{CEF609C4-3E78-41EB-BC61-582EC4BE2086}_is1) (Version: - Micha's Midnight Manufacture)
Pegasus Mail HTML Renderer 2.4.9.2 (HKLM-x32\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture)
Reader Library by Sony (HKLM-x32\...\{B70E5793-F912-4C62-AFE2-C4F0B078FD31}) (Version: 3.3.00.07130 - Sony Corporation)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.0.2102.0 - Seagate)
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Switch) (Version: 4.65 - NCH Software)
Task Catcher 2.2.2015.0 (HKLM\...\{5AF136F1-C403-44B2-9B01-03274C2DCDE7}) (Version: 2.2.2015.0 - BillP Studios)
Verbose Text to Speech (HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\Verbose) (Version: 2.01 - NCH Software)
WinAntiRansom (HKLM-x32\...\{D7C29DFD-DD4C-4C58-B79F-E2B576142AF8}) (Version: 2015.11.185 - WinPatrol)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WinPrivacy (HKLM\...\{49F837A4-27B5-4B14-83A8-1D0A4496E79E}) (Version: 2015.9.722.0 - Ruiware)
WinPrivacy (HKLM\...\{9EE56BF5-3EDE-4DC7-9D46-AE6E05566DEF}) (Version: 2015.11.752.0 - Ruiware)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:34 - 2015-11-14 05:03 - 00000768 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0F08BF70-AC70-42AD-8C2E-CE42EBF81F3A} - System32\Tasks\HP Deskjet 3510 series.exe_{68B22FF4-112B-40CC-B707-212CEFBEA7E5} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1AAE1B89-E128-4F83-8932-15B744D01220} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1F5567A8-1944-4A72-B0AE-A434D6A23D25} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-11-13] (AVAST Software)
Task: {411FE4F3-77EB-4A8A-A459-96D4194C0FEC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {46045B33-AF76-4469-BC87-CE729FD13C75} - System32\Tasks\{964EA1CB-AB4E-4DB5-87B1-A2603D57C69F} => Firefox.exe
Task: {47CEF3DD-ED67-48CD-8C2A-9EE176896D0F} - System32\Tasks\MyDefrag\DefragSysPart => C:\Program Files\MyDefrag v4.3.1\Scripts\SystemDiskWeekly.MyD [2010-05-09] ()
Task: {53732B1C-1771-43F1-AD7A-CDC03AE3ECA1} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2015-04-01] (Seagate Technology LLC)
Task: {5D60727B-1C07-4DB6-8178-A37B1B9E40F3} - System32\Tasks\DEPro => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {76A02CC1-0BA7-4EA1-9D36-F2FCF84D2DCB} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {9150E745-82F5-4B22-8CF6-40D90CD982EE} - System32\Tasks\ScanToPCActivationApp.exe_{1DF99BB7-80BB-4050-9E86-43CB93FAE6E8} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9E56EB87-3F74-4FCC-829D-41F145F70ECC} - System32\Tasks\Driver Support => C:\Program Files (x86)\Driver Support\DriverSupport.exe
Task: {A6C9DE9E-BD02-4CA5-979F-13751CF3179C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B19A297B-5628-4162-9733-B42AEB22A9B0} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {BF41F739-5453-4883-92BC-06BC728FF420} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CB21273C-8925-487F-AEAE-B2DAE2FDCA70} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {CC234E15-10D1-41C0-8E9F-5CAFF4550C27} - System32\Tasks\HP Deskjet 3510 series.exe_{83828A9E-3B3A-4693-8A4F-C8BEBF81F38A} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HP Deskjet 3510 series.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DD3CFA09-AF62-4EDC-B6D5-2E9E3E85E212} - System32\Tasks\Toolbox.exe_{BBBE27C6-C823-4EB8-BF16-15E6CB27342A} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\Toolbox.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {DD704750-B374-4AF3-8EFB-AE996D1A3869} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {E01A33DA-4663-42E7-BE34-3E828FEC5E28} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E0E15A18-E738-4384-B7CA-E81291E7C39B} - System32\Tasks\HPCustPartic.exe_{E78757BB-7F1F-42D9-8E77-410C9CFBFBB6} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe
Task: {E29FF6B8-06C6-4D9C-8597-B21DE9FD3E0D} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F2BAE81D-2C66-4706-9E8B-01DEEF08A75B} - System32\Tasks\DEPro Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2015-04-01] (Seagate Technology LLC)
Task: {FFFCCD97-7A33-44B4-BCBE-62776B666530} - System32\Tasks\hpUtility.exe_{898BB593-B06B-411A-B1EA-43CA39F61B47} => C:\Program Files\HP\HP Deskjet 3510 series\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (Whitelisted) ==============
2014-11-09 16:10 - 2014-11-09 16:10 - 00166536 _____ () C:\Program Files (x86)\EMET 5.1\HelperLib.dll
2014-11-09 16:10 - 2014-11-09 16:10 - 00027784 _____ () C:\Program Files (x86)\EMET 5.1\ReportingSubsystem.dll
2014-11-09 16:10 - 2014-11-09 16:10 - 00061576 _____ () C:\Program Files (x86)\EMET 5.1\PKIPinningSubsystem.dll
2015-10-20 15:03 - 2015-10-28 08:21 - 00063624 _____ () C:\Program Files\Ruiware\WinAntiRansom\drvhlpr.DLL
2015-08-30 03:28 - 2015-09-26 13:12 - 00405160 _____ () C:\Program Files\Ruiware\WinPrivacy\PFPVCY.DLL
2015-08-30 03:28 - 2015-09-23 09:05 - 00128168 _____ () C:\Program Files\Ruiware\WinPrivacy\pvcytl.DLL
2014-11-09 16:10 - 2014-11-09 16:10 - 00045192 _____ () C:\Program Files (x86)\EMET 5.1\TrayIconSubsystem.dll
2014-11-09 16:10 - 2014-11-09 16:10 - 00045704 _____ () C:\Program Files (x86)\EMET 5.1\TelemetrySubsystem.dll
2014-02-08 18:19 - 2014-02-08 18:19 - 00348160 _____ () C:\Program Files (x86)\EMET 5.1\DevExpress.UserSkins.HighContrast.dll
2015-11-13 14:10 - 2015-11-13 14:10 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-11-13 14:10 - 2015-11-13 14:10 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-14 05:56 - 2015-11-14 05:56 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111400\algo.dll
2015-11-13 14:10 - 2015-11-13 14:10 - 00466448 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-07-15 22:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-07-15 22:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-07-15 22:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-11-13 14:10 - 2015-11-13 14:10 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-27 23:12 - 2014-02-27 23:12 - 00637632 _____ () E:\PMAIL\Programs\tcpip.dll
2011-05-19 10:37 - 2011-05-19 10:37 - 00565827 _____ () E:\PMAIL\Programs\sqlite3.dll
2013-06-28 15:39 - 2013-06-28 15:39 - 00557568 _____ () E:\PMAIL\Programs\DICT.RLO
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1000\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-4267585356-2186095281-715594798-1003\...\123simsen.com -> www.123simsen.com
There are 7867 more sites.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4267585356-2186095281-715594798-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DE.DEsDskTp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4267585356-2186095281-715594798-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\DEPro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C00A7B34-AB43-4E8A-A5AC-96406B9B984E}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [{47B9C91E-2813-4981-828A-156000489D29}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [{01E999B3-3AC5-4F35-A705-4DC01E868C6C}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [{D9820D02-5407-42DF-B3E3-94977F1E173C}] => (Allow) C:\Program Files (x86)\Sony\Reader\Data\bin\Reader Library.exe
FirewallRules: [TCP Query User{8721E9FD-90AE-4A3F-8D74-197AB0F1911A}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [UDP Query User{E497034A-0455-4E3D-86EF-634110B64D1E}C:\program files\mpc-hc\mpc-hc64.exe] => (Allow) C:\program files\mpc-hc\mpc-hc64.exe
FirewallRules: [TCP Query User{DD0AB9DB-DA0C-4973-A74A-19B31DB96FBB}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{5818978E-A86F-4EED-B81B-2FC1F2B92816}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [{ADCF0AB4-575E-46D1-B8A4-79E0832EF904}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{BD1D55D2-D9A0-4A8C-AE28-DA485B841AEB}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{A319BC78-DEB1-49E6-8E56-6C869E2E6D17}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{AD07AEF1-1CC6-4A0F-BF32-63D5E8CE75BF}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{7CABFA24-2506-4C5E-9F9C-63BE0D17E106}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{F5BBA92C-5C8E-4822-97DE-3EE65F286D08}] => (Allow) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader.exe
FirewallRules: [{8D2777D9-478A-48A4-8223-C52464B668C3}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{232BD8B6-E2CA-4761-A654-DBEA5AA81B1A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{BE290C1B-7912-4EB7-A585-FFA4E765DDCD}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{5A64110C-4ACB-4CDD-8697-F537AAA0B9E1}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{4B15661F-9EEF-47AE-AA69-05D90335FDDB}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{0D0A6E43-F199-4615-956D-39031E17EAC4}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{BD1D11E3-A6BE-4972-935B-D482F7EC7104}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{61F55B02-E7B9-4A8B-A0EE-0BC29351F110}] => (Allow) C:\Program Files\MyDefrag v4.3.1\MyDefrag.exe
FirewallRules: [{634EA218-793D-4EC3-93EE-2667A35D5CCC}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{7BCFD482-8F2E-4771-9047-A66B4BF41427}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{273B2CE3-865F-4543-AE61-65E34F145C6D}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{BF7D140E-4A7D-4E80-8EF0-2A4F21A6E288}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
FirewallRules: [{73902AB4-70C5-4D43-9592-49DA9443558D}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{4A970B4A-8BEB-4E47-B64B-F5249CAAA36C}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{CAA329EC-9211-4BA3-BED7-EACD36E40AB2}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{076B0D4A-CB06-4083-89A1-E8EDA08A43F0}] => (Allow) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe
FirewallRules: [{4CD706C5-2ED9-4442-9299-E3B6F7546742}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{E6681993-4C96-421C-996D-DBD37D501AFB}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{0BC8C397-D4C5-4318-9E4A-C6580AC83DC0}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{07E180B2-D7C8-4E20-9F1F-F0A5E65D6FD1}] => (Allow) C:\Program Files\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
FirewallRules: [{36D04A0F-A271-44AA-B185-57B9BBA75FF7}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{52AA5005-DF7D-4F89-9991-B8888775A144}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{FA208F40-6531-4F36-A879-549E1A9BA32D}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{DEEE017B-766E-4070-8F05-B75CB6CF78C1}] => (Allow) C:\Program Files\CCleaner\CCleaner64.exe
FirewallRules: [{DCF3C548-4A6B-4803-8062-EDEBFFC9F713}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{2C165BA8-8203-4C44-B725-6D0E129B5C2D}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{5AA6D625-A2A1-4D99-9900-4F246DC5944D}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{E494CC58-9700-4169-973C-7F4A8E875D38}] => (Allow) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
FirewallRules: [{B7322217-6923-486E-83EB-29B27B076AFE}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{D2632E60-6140-4CA4-BE18-9F81AA70AFAA}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{A73D4B7F-2188-4FF8-A9F0-CCA472444E0E}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{D47161BC-F9EF-4AD2-9811-5CB1DC9A7C77}] => (Allow) C:\Program Files (x86)\Free Unit Converter\free_converter.exe
FirewallRules: [{8B581DFC-D601-4FB1-9770-9EEA2C93E01D}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{F4D5467E-F252-4023-8527-BF65068185F7}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{CFDCA40F-2439-4F2D-A5DA-B746C22D7AAC}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{9F182C0E-1760-47C9-AF3C-01A84A22B197}] => (Allow) C:\Program Files (x86)\IrfanView\i_view32.exe
FirewallRules: [{A2B0E847-53B8-4522-ABB7-05E2BB554DAD}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{8CE26318-E035-474D-8BA0-04BF883A777E}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{9D1C00F7-656E-493E-AF8F-654643929666}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{4915F057-924D-4F57-8B3E-C38DCCD603C9}] => (Allow) C:\Program Files (x86)\HP\HP Deskjet 3510 series\bin\HelpViewer\hpqlpvwr.exe
FirewallRules: [{D64E2769-793B-49B7-BBDB-CF00F17598FB}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{D688EC02-B595-44C6-AE55-5606C374EF54}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{F4382B9F-ACC3-4510-AA8A-EA453E28D9DB}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{3B2E6BBC-EE6F-46B6-A8DD-9EC95BD2BA82}] => (Allow) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
FirewallRules: [{B6D09F2F-905C-4301-9436-7EA38307CFA0}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{7E533C8E-2D28-47FD-9F4E-0FF610B8DA61}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{917CA23D-2FF2-4563-A1D7-B6E8366F8963}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{9D0581BC-29A9-4883-9CA6-5E7847EB9A1E}] => (Allow) C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
FirewallRules: [{E1F01DD6-86FC-4D5A-9926-E7B6B17805DD}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{3599C1E0-BA1B-4FF7-8F3D-69E85666652F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{58B61312-B8D6-4C5C-B831-5B9DF6CD7197}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{871224EA-91C1-4627-B695-D2557154F98B}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastUI.exe
FirewallRules: [{9162FF50-8B17-456E-947F-9BB62F117D0A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{52C0ED41-45E7-46EC-8D6C-645FCDB28AB2}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{E3CAA384-8F57-4904-9EE7-77CEC9AD9CB0}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{66AC9AF2-0791-41AC-B4D8-6017D421F555}] => (Allow) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
FirewallRules: [{E225D50B-B935-463B-B61D-ACA4F705C96B}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{4E558C27-86FB-46E3-ACFD-7A4B1543B9A0}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{2CE63C82-D5FF-4A06-9BB5-F660AC213D1F}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{D9C2ADA7-E71A-48A4-AB57-491A14031C3F}] => (Allow) C:\Program Files\AVAST Software\Avast\ashUpd.exe
FirewallRules: [{0975C625-94A3-4172-BD46-15666B48AA64}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{519F5D06-B87A-4FC2-ABC6-C654EFE44D91}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{C0E6016C-7F62-4FD0-B8B8-A7F504539ED7}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{D2BCEFE8-65D1-4430-9380-3CE619941019}] => (Allow) C:\Program Files\AVAST Software\Avast\sched.exe
FirewallRules: [{C275C6BB-46C3-45BB-A767-4A0999BCDFB6}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{53070DAF-E1DC-4B1B-A46C-3C96EB9FC5A7}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{F0F1A8F4-5E64-4287-9444-8D12D4613C1B}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{E3E616FC-0B09-45FF-A01E-B5825BED7947}] => (Allow) C:\Program Files\AVAST Software\Avast\aswChLic.exe
FirewallRules: [{8CF64591-07E7-46C4-A08E-6C79C8747348}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{606FE148-97E4-4423-B153-247C357A257E}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{83498705-C48C-451D-997A-F11B201F3E62}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{40726B88-BECC-4A96-93A4-107B582735C0}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\instup.exe
FirewallRules: [{2322CC95-864A-4D32-A059-83536360D1E0}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{EBB769C1-248F-441E-9A8B-5CB17E359BFC}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{2F4FDA91-4470-44C1-BFC8-E90C09BB2C23}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{C3824272-F733-4939-9EBC-CEB51DB92914}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\Inf\x64\aswBoot.exe
FirewallRules: [{3E8C3BCA-7C31-4CB5-A5AD-A5D7BAF63A32}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{9E534295-4987-4C3A-BBA5-CF01C53669C7}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{EB906324-B0C1-4821-94B0-60FB941C144B}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{2A11101C-EB3E-4764-B4DF-D0B71EB48DC6}] => (Allow) C:\Program Files\AVAST Software\Avast\setup\avBugReport.exe
FirewallRules: [{6BA87549-509E-4E97-BAFB-1483CB839C8B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{6F7A54A2-82C1-4BB1-BBE4-50D83ADBB60D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AB1F5AAA-AE9E-4E64-A7A0-45388025E7D7}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{5DE90270-CDFC-47BD-AD82-266A079FC88D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{5D0A0393-4F9F-4090-9085-D5F970F7FB6C}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{3F7BF69C-A5D6-4427-82D9-B8B568C60CC6}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D4403FE6-75DA-46AC-9ABA-3CE2FAE42492}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{11F1881C-AFED-4542-AD4E-DCDA3D8B601E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{DE12414D-D310-4DEC-8B23-1E8896AB68D5}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{816D20ED-CDF7-41B9-B208-CC86F3799850}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{CEFBC902-7CF1-4B5D-9444-7A6B83C96E62}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{EFBF2841-3193-40CE-97DD-3F9CD59431C0}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{77D68AB4-3081-43D9-A595-186B2B5083BE}] => (Allow) E:\PMAIL\Programs\winpm-32.exe
FirewallRules: [{7987A4D0-C049-4BF4-AD41-5AE9379A4F12}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{A55DCADB-70A3-49FF-8139-779DE6D76B73}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AB207F1A-02F9-4360-A3E9-60BA95ABAC4B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AA4819A2-99CC-4E18-AEDD-D38744717809}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{EE3E0BEA-0CF0-4FF2-8199-6BE97566B37D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2C224A7C-CB62-46B0-AEA0-4A715624F183}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0BEE6520-A6F6-4FC0-B869-49E1B2DF8A6E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9FE78145-68CD-493C-8A2C-F45B4033582B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B83BEC29-6473-4816-BBA1-ABC86FA84983}] => (Allow) C:\Program Files\SUPERAntiSpyware\SSUpdate64.exe
FirewallRules: [{98D44EE3-335F-4710-9751-9ABD8845FE34}] => (Allow) C:\Program Files\SUPERAntiSpyware\SSUpdate64.exe
FirewallRules: [{49B6F2A5-2B1E-4D15-9039-1AF2BAB2B79D}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{3F3334A0-90C4-4F30-8627-A8D91575B430}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{D565B63E-FACF-4365-9ABB-84234D32E368}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{75B10D1B-A022-431D-98AB-97BF455AFFFE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{D716F831-AD24-4F81-B740-144E9B996CF0}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{87923D8D-D9FD-4B3A-840F-3C9DFF270B6E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{C3753099-4A73-4CB8-B60F-254012008908}] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{BE4E18DC-AC09-4218-8279-D3B184301557}] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{73120194-CEF9-424D-8C97-AEFDFA5AF86A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{E0B9E68F-9285-4EED-9AAB-719007EED3BC}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{BBBE87BC-4F3E-4E47-B177-5E4FEC69917C}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{15A55F00-6854-4AF5-B4D0-3A68C2F6B545}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{6ADCD6D1-4CE8-486B-A31D-8A4BDECE2D7D}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{5F3F3534-9D2F-45EE-BD73-98C5BEDDE1DA}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{EE12CAF9-7754-41CA-AE81-124FFCAB13CE}] => (Allow) G:\Seagate Dashboard Installer.exe
FirewallRules: [{EBD82EAF-DEF9-4185-BAE6-78D399A0195B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{BD135FC6-1AE6-423E-B26C-0DD9934C644C}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{27857A3F-B96F-4DAD-B1AC-BCA50A73D3C4}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{794A82AE-2F3F-4306-BE9A-C365C1F7D2CE}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{326BC1CF-D543-4269-8CCC-D4EEA749E200}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{BC6580FE-865A-4ED2-9BE3-89B4A55AC595}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{0346C772-60B3-4BC7-8E12-5FE9927610CA}] => (Allow) G:\Seagate\Registration\Seagate-Release.exe
FirewallRules: [{4B25177D-A1F0-48D4-8730-A49ED70252D2}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{BC83308B-CFCC-40DB-8E07-5F2875C42D69}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FB2ABEAE-BFE8-44C9-94A9-7C18F582E94B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{39258BDF-9940-4AF7-95CE-DC939896A431}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{837C22FB-F95B-4C2F-915F-5202BD4FFC51}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{FE9FAF83-B9CE-4F4A-B5FB-C9ECEB8A78C2}] => (Allow) LPort=8888
FirewallRules: [{DD2B0ED8-0CF9-49F0-B4BB-2AE4E82FA208}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{75DB749B-1D37-47C5-907A-08AAB31CAD52}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{D04307D5-CB95-4CC9-98EF-68D284C5174E}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{0460D652-C1C3-412C-8D70-9EA758E8B111}] => (Allow) LPort=8888
FirewallRules: [{36C95932-06F1-49A6-9DDD-0115B3125DF6}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{BB9CA7B0-2095-4CB8-B363-D644445D6A3F}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{D969033D-C758-4BCB-BC96-DB4141A293DD}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{0FE7B800-9844-4A32-B921-09C940123A60}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{8CE095C4-BBC8-4DE0-A4BD-26E68604C2D8}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{46583A15-7E22-46AD-BB2A-F4B1C1DFD20E}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{C3E3EB6D-A87D-453E-9F16-9E76B98BBBB4}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{CDD07205-FFA5-4E92-ABA5-79DE4B7C93C0}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{41F06695-6DB9-4A06-BC10-3BBAE57EEE2A}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{24221B96-0E69-46A2-8557-02F4094A47FE}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{884C51BD-9057-49A2-B571-11B96EBBFE4E}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{DB64109E-40DA-40C3-B371-4EDA7D710C35}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{1C57CE5C-D90A-4477-8285-C7C780A4F44F}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{90269CB9-30F7-41AB-9868-8E8B94102400}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
FirewallRules: [{7F5C15DF-2011-430B-956B-17D2D07109D1}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{B5D17AAC-0AA6-488D-B59E-9AC40B7E67A9}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{D123E012-A7F7-46D3-9C2C-93846EA7454D}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{EA92DA50-AC78-4A76-B9CA-F81200B2D511}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
FirewallRules: [{317A57AD-60FE-4EF7-B53E-682B499CFBAC}] => (Allow) LPort=8888
FirewallRules: [{4203E56A-A5D3-48D7-B796-43DA6199D9CA}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{D1F83CBA-C2C3-444A-B658-47DF40CEE5BF}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{68CBFEDC-7B5F-4772-B8AB-584F1131D45D}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{C237B5E6-4BB9-4687-9A07-DF29CDBED88D}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{35FFB23D-1472-42FB-ABD8-54DD816B81BF}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{3D4F486C-DAA0-4E00-8555-D0BC25553373}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{89530072-BEA7-48D5-8A73-534D7353AEDA}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{55963096-1AE7-4A08-BE73-81082B599E44}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
FirewallRules: [{00393508-FD8F-4028-9294-3EC30598218D}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{A0C4B8BB-9549-42DD-BD45-FABF284A5EF3}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{ED68AA98-1E7D-4009-92C5-50ABF19D6F5E}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{1A3A3959-3FA2-4185-A045-B60360D1C222}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
FirewallRules: [{C790EE11-4621-48EE-BEBC-8FA5C13E92D2}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{1DC6F8DD-CA82-4218-964A-74D492A56D82}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{44CCED61-93F8-4655-83BC-F649BEA60EAC}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{61ECDCAD-94CB-400D-BE59-2D1FA4757435}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
FirewallRules: [{19A36C3A-09DA-4EC3-9DA2-E51ECB208F07}] => (Allow) LPort=8888
FirewallRules: [{17D643FA-D348-4F9A-824E-D9FCD829F2C6}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{259BAF7E-3992-486E-923E-43E432FFA4C2}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2A55A98B-494A-424B-89BB-585DD51759C9}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{A6DEF2B8-943E-4134-93D1-EDE3383337AA}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{3FEBAD35-B805-49DE-8EAC-A89637CA0631}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{44F346AB-A719-4C33-8046-B32FBB9DEA12}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{7E8CBB9D-5D19-46FA-8E6E-DFB11D60B541}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{912E492D-35B4-48A8-BD97-823824C944DD}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{5E084411-445D-41D5-A80B-DBC32E9C68A1}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
FirewallRules: [{55E9BDA7-5325-4EA2-9E54-4CDB3D2B5255}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{E522454B-08F0-4388-BA21-3E2157F5C96B}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{5E245751-416A-4A2E-A962-93DC152D2907}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{7464E954-5BD8-4C2D-B9C4-D7A464324838}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
FirewallRules: [{A372A324-829B-43AE-9762-B02BF32FA9F5}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{CEE9507C-38DB-4D32-BDE4-C36B8D8EB5BB}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{000DD02C-9B23-4A39-8D37-9E8D1C5ABA2D}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{8336A896-F23C-4119-8A0F-76C37C853B67}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
FirewallRules: [{205FFAB7-7410-47A1-99A9-67D6345866F3}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{66C59FBD-ACDE-449E-A57A-8002FA487174}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{263F4102-3281-40FE-8A49-4C0406AC923E}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{C35ECFE4-F25A-4E0D-A5F1-6C8077D080D8}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
FirewallRules: [{15FDACD0-44FC-417A-9533-93BBEED346BD}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{14BBA21A-E0E8-4B68-BAE6-A1B97211EA08}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{F3E4471E-80D7-42F4-BAF3-5BF50BF11D10}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{ABDEBD63-E387-4ACB-A1B6-ABD5B68A4892}] => (Allow) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
FirewallRules: [{01092B8D-2962-423C-9D6E-0B30D64C34F6}] => (Allow) LPort=8888
FirewallRules: [{24BCE42E-5D59-48F6-A011-74CCC5EA517E}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{C3BA86FC-9118-42B4-8BFE-1637212D23BD}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3CA97CA1-8FA6-46F6-85CB-1CD7E8798EB4}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{3583EAC6-770C-47BF-8690-8D456C651121}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{2F3C85D1-B2F1-4B0F-B05C-E69EAB083AF7}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{7F3463B7-86D4-42B3-852A-3B8E2CDC023A}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{177C6453-0E9A-4D0A-A82C-139747B8AEEA}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{1832A814-FDBE-414A-85DF-8C470BFABD10}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{5515E0BA-4694-4EB9-878F-91FBE0A56FE5}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{515BE01D-AFE4-40C1-9E94-1A64CFE72961}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{BC323917-961B-4CEF-871C-AB88DA674E77}] => (Allow) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{5DDA5CB2-87D2-4E48-A265-1B2C8C424F58}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{D2A7F495-8CD7-403E-864E-5C1D3698CA75}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{711B6B59-240B-45E5-9982-52B5815F21C5}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{1C6F92CC-93E4-496E-A38E-BAE03431A6E0}] => (Allow) C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
FirewallRules: [{7FFDAE91-645B-43CE-AB7A-4A54308EC1E8}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{7E8D8827-D7C2-4962-90FE-C639A7BB0D7A}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{F38816F5-CE84-481D-834D-F0B5DD4877D8}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{70A1CD74-9478-490C-BF81-513E1FF4A945}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacy_Explorer.exe
FirewallRules: [{73472914-92C4-462F-AAE2-4122902CFBDF}] => (Allow) LPort=8888
FirewallRules: [{9D59079A-7FEB-468B-A26A-2D0578C4CC51}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{A49A549E-E061-4711-9678-4FCBA9509D89}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{691262A8-9928-4FDB-8F75-2796967D49EE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FCBB8800-8204-4B58-B44A-C577D1859A0C}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{D544499B-E865-47AB-9274-D7155D07A998}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{D47F07D0-16D5-4E20-AADF-E54FED7BF67F}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{8928A89D-C753-443D-8036-B83F3A574E55}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{CDA7490C-81FB-4DF5-9052-C0C5ED166AFA}] => (Allow) LPort=8888
FirewallRules: [{A2E74103-C603-4C5A-865E-67EB90EA350B}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{B3D1001B-6C51-4454-AB00-B337EEC86F32}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{44E99320-3711-42CC-A384-93B46D6961F8}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1B20A67C-0556-4A8C-B805-1CFFDA93A25C}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{3B886B19-68EB-4547-9F80-0B046425E649}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{C58D5AFC-6459-4FF5-BB6E-FE301A60FE3C}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{AC4A43D3-3224-4044-B1E7-F14C35C70843}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{42286F41-0F2E-421F-8470-CDBBDE47C06C}] => (Allow) LPort=8888
FirewallRules: [{D4A68143-D0E9-4BC4-B3B9-BBCF37CBE49A}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{1E4D3ACD-E606-4824-97AA-7A781C2F06ED}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FCF040E2-6921-4229-A4F3-A2A2FAEBAAEA}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FE8B29CC-B425-4236-B346-BC47110AE8CA}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{55041957-4D58-4192-AF9D-C52D912453C6}] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{6970F41F-FF2F-4614-9EFF-75BDBBA80B69}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{A4AA93A8-4382-4F3D-AE9B-037743A0259C}] => (Allow) C:\Program Files\Ruiware\WinPrivacy\WinPrivacySvc.exe
FirewallRules: [{C48EA579-EA53-41B0-B5A6-49099D269B24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{39BC8245-0FC7-44F5-AA16-AD501CF0A311}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/14/2015 02:50:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/14/2015 02:03:35 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 13634. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
Error: (11/14/2015 02:00:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/14/2015 01:19:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56259295
Exception code: 0xc0000005
Fault offset: 0x000000000004aea0
Faulting process id: 0x1994
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3
Error: (11/14/2015 01:19:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mmc.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1708
Start Time: 01d11f0e7771f3cd
Termination Time: 0
Application Path: C:\windows\system32\mmc.exe
Report Id: 38c05889-8b04-11e5-bf1d-ac279f592d5a
Error: (11/14/2015 09:38:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: NT AUTHORITY)
Description: Installing the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
Error: (11/14/2015 09:38:46 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3014) (User: NT AUTHORITY)
Description: Unable to update the performance counter explain text strings of the 009 language ID. The first DWORD in the Data section contains the error code.
Error: (11/14/2015 09:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/14/2015 09:18:23 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.
Details:
This operation returned because the timeout period expired. (HRESULT : 0x800705b4) (0x800705b4)
Error: (11/14/2015 09:05:43 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (11/14/2015 02:53:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126
Error: (11/14/2015 02:51:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (11/14/2015 02:51:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (11/14/2015 02:50:25 PM) (Source: Microsoft-Windows-Eventlog) (EventID: 23) (User: NT AUTHORITY)
Description: The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Windows Firewall With Advanced Security/Firewall.
Error: (11/14/2015 02:49:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053
Error: (11/14/2015 02:49:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
Error: (11/14/2015 02:49:22 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (11/14/2015 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/14/2015 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
Error: (11/14/2015 01:59:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068
==================== Memory info ===========================
Processor: Intel® Core2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 65%
Total physical RAM: 3931.61 MB
Available physical RAM: 1342.92 MB
Total Virtual: 7861.43 MB
Available Virtual: 4771.64 MB
==================== Drives ================================
Drive c: (WinSeven) (Fixed) (Total:48.89 GB) (Free:14.17 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (SpareParts) (Fixed) (Total:68.36 GB) (Free:42.23 GB) NTFS
Drive f: (BackUp) (Fixed) (Total:61.66 GB) (Free:20.3 GB) NTFS
Drive k: (RdyBstDkTp) (Removable) (Total:14.82 GB) (Free:0.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: B3300DEA)
Partition 1: (Active) - (Size=48.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=159.2 GB) - (Type=OF Extended)
========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 0399B733)
Partition 1: (Not Active) - (Size=14.8 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================