Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Possible infections detected by OPSWAT Metadefender & VirusTotal


  • This topic is locked This topic is locked
12 replies to this topic

#1 thedillinger

thedillinger

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 04 September 2016 - 03:31 PM

2 Possible infections detected by OPSWAT Metadefender & VirusTotal

I am from the uk, so european time zone.
Using Windows 7 Pro 64bit.  

I have kaspersky Internet Security 17.0.0.611 (a) - This did NOT detect any malware, i ran a scan.
I have OPSWAT Metadefender client beta (unknown version - I installed it in around the last month) - This DID detect 2x infected files when i run the scan.
I have Malwarebytes anti-malware v2016.9.3.4 - This did NOT detect any malware, i ran a scan.
I have Emisoft Emergency kit 11.9.0.6508 - This did NOT detect any malware, i ran a scan.
I have HousecallLauncher64 by trend micro - This did NOT detect any malware, i ran a scan.

I run OPSWAT just about every day and it has never found any infections.  I ran it just before I installed some software and patches and it found nothing.

Note that one of the patches below i previously tried to download from a mirror / link on the battlefront website and i was blocked from downloading it because something in firefox gave an error that it was a malware link so i didnt download it.

The software I installed was by publisher battlefront.  I installed the following of their software in this order...

1) Strategic Command WWII Global Conflict (From the official CD-ROM supplied to me)

2) Strategic_Command_WWII_Global_Conflict_v107_Patch.exe (that i downloaded from the internet off some site linked via the battlefront website. (It has no digital signature, i did scan the file with an alternative to virus total as the file was bigger than virus total could handle.  I think i used https://www.metadefender.com/#!/scan-file and i believe this is the result of the scan back in august -

https://www.metadefender.com/#!/results/file/e50e927e511d470fa880951e07eabbb7/regular/analysis

The scan found nothing, i tried to scan again just now - server error. ok i think it scanned again just now...

https://www.metadefender.com/#!/results/file/a6d8e78b42e24ce981c047d86eabcd1e/regular/analysis


3) Strategic Command WWII Global Conflict GOLD (From the official CD-ROM supplied to me, note this is addon software to the base game above)

4) Strategic_Command_WWII_Global_Conflict_GOLD_v104_Patch.exe (that i downloaded from the internet off some site linked via the battlefront website. (It DOES have a digital signature by "Fury Software" the makers of strategic command.  I was unable to scan this file online with any online multi engine scanners as the file at around 340MB was too large.)

of course i used kaspersky to scan the downloads at the very least and they found nothing, i also checked reputations in kaspersky where possible etc.

maybe i should have run these sandboxed, my bad, i havent had sandboxie installed in a while.

in KIS application control it looks like runservice.exe was put into trusted.  107 patch trusted.  104 patch low restricted.  i cant see mmfs.dll in there.  read below to understand why i brought up these.

During the install of the 4 software i received no KIS warnings or virus messages.  After I installed them all I ran OPSWAT metadefender immediately and it found two infected files.

-------------------------------------------------------
OPSWAT Metadefender first log
-------------------------------------------------------
Scan Results
Start Time: 2016/09/03 01:06:40 GMT
Stop Time: 2016/09/03 01:08:35 GMT
Total Files Scanned: 861
Total Infected Files: 2
Unknown Files: 0
Clean Files: 859
Total IPs Scanned: 7
Dirty IPs Found: 0
Clean IPs Found: 7

----------Infections----------
mmfs.dll 2014/06/02 07:01:32 PM 1/39
c:\windows\mmfs.dll
SHA256: 4499A531A8C66EBD6FDF916CC7402C5CA149A3ABAE91B4EABBBBFD9E802746F5
          Threat Name: Suspicious
          AV Name: QuickHeal
          AV Definition Date: 2014/06/02

Clean Engine Results:
          AegisLab (AV Def: 2014/06/02)                     Agnitum (AV Def: 2014/06/02)
          Ahnlab (AV Def: 2014/06/03)                       Avira (AV Def: 2014/06/02)
          BitDefender (AV Def: 2014/06/02)                  ByteHero (AV Def: 2014/06/01)
          ClamWin (AV Def: 2014/06/02)                      Commtouch (AV Def: 2014/06/02)
          DrWebGateway (AV Def: 2014/06/02)                 ESET (AV Def: 2014/06/02)
          Emsisoft (AV Def: 2014/06/02)                     F-prot (AV Def: 2014/06/02)
          F-secure (AV Def: 2014/06/01)                     Filseclab (AV Def: 2014/06/02)
          Fortinet (AV Def: 2014/06/02)                     GFI (AV Def: 2014/06/02)
          Hauri (AV Def: 2014/06/02)                        Ikarus (AV Def: 2014/05/31)
          Jiangmin (AV Def: 2014/06/02)                     K7 (AV Def: 2014/06/02)
          Lavasoft (AV Def: 2014/06/02)                     McAfee-Gateway (AV Def: 2014/06/02)
          Microsoft (AV Def: 2014/06/02)                    NANO (AV Def: 2014/06/02)
          Norman (AV Def: 2014/06/02)                       AVG (AV Def: 2014/06/01)
          SUPERAntiSpyware (AV Def: 2014/06/02)             Sophos (AV Def: 2014/06/02)
          Symantec (AV Def: 2014/06/01)                     Tencent (AV Def: 2014/06/02)
          TotalDefense (AV Def: 2014/06/01)                 TrendMicro (AV Def: 2014/05/31)
          TrendMicroHouseCall (AV Def: 2014/06/01)          VirIT (AV Def: 2014/05/30)
          VirusBlokAda (AV Def: 2014/05/30)                 Zillya! (AV Def: 2014/06/01)
          Zoner (AV Def: 2014/05/24)                        nProtect (AV Def: 2014/06/02)

runservice.exe 2013/12/13 05:12:52 AM 1/39
c:\windows\runservice.exe
SHA256: 727654BDCD2D2911CEF14C9C1BA161309A2E3D260BF58C77A406E218BE886E26
          Threat Name: Win32.Troj.Backdoor.ds.(kcloud)
          AV Name: Kingsoft
          AV Definition Date: 2013/12/13

Clean Engine Results:
          AegisLab (AV Def: 2013/12/13)                     Agnitum (AV Def: 2013/12/12)
          Ahnlab (AV Def: 2013/12/13)                       Antiy (AV Def: 2013/12/11)
          Avira (AV Def: 2013/12/12)                        BitDefender (AV Def: 2013/12/13)
          ByteHero (AV Def: 2013/12/12)                     ClamWin (AV Def: 2013/12/12)
          Commtouch (AV Def: 2013/12/12)                    ESET (AV Def: 2013/12/12)
          Emsisoft (AV Def: 2013/12/12)                     F-prot (AV Def: 2013/12/12)
          F-secure (AV Def: 2013/12/12)                     Filseclab (AV Def: 2013/12/12)
          Fortinet (AV Def: 2013/12/12)                     GFI (AV Def: 2013/12/12)
          Hauri (AV Def: 2013/12/13)                        Ikarus (AV Def: 2013/12/13)
          Jiangmin (AV Def: 2013/12/12)                     K7 (AV Def: 2013/12/12)
          AVG (AV Def: 2013/12/12)                          Lavasoft (AV Def: 2013/12/12)
          McAfee (AV Def: 2013/12/12)                       Microsoft (AV Def: 2013/12/12)
          NANO (AV Def: 2013/12/12)                         Norman (AV Def: 2013/12/12)
          QuickHeal (AV Def: 2013/12/13)                    STOPzilla (AV Def: 2013/12/12)
          SUPERAntiSpyware (AV Def: 2013/12/12)             Sophos (AV Def: 2013/12/12)
          Symantec (AV Def: 2013/12/11)                     TotalDefense (AV Def: 2013/12/12)
          TrendMicro (AV Def: 2013/12/11)                   TrendMicroHouseCall (AV Def: 2013/12/11)
          VirIT (AV Def: 2013/12/12)                        VirusBlokAda (AV Def: 2013/12/11)
          Zillya! (AV Def: 2013/12/12)                      nProtect (AV Def: 2013/12/12)


----------Unknowns----------
No files skipped

----------IP Addresses----------
No known infections found

-------------------------------------------------------


i ignored the infections for day/s because i thought they were false alarms, but today when i ran OPSWAT metadefender there was a new detection, see below...

-------------------------------------------------------

Scan Results
Start Time: 2016/09/04 18:48:56 GMT
Stop Time: 2016/09/04 18:52:02 GMT
Total Files Scanned: 870
Total Infected Files: 2
Unknown Files: 0
Clean Files: 868
Total IPs Scanned: 19
Dirty IPs Found: 0
Clean IPs Found: 19

----------Infections----------
mmfs.dll 2014/06/02 07:01:32 PM 1/39
c:\windows\mmfs.dll
SHA256: 4499A531A8C66EBD6FDF916CC7402C5CA149A3ABAE91B4EABBBBFD9E802746F5
          Threat Name: Suspicious
          AV Name: QuickHeal
          AV Definition Date: 2014/06/02

Clean Engine Results:
          AegisLab (AV Def: 2014/06/02)                     Agnitum (AV Def: 2014/06/02)
          Ahnlab (AV Def: 2014/06/03)                       Avira (AV Def: 2014/06/02)
          BitDefender (AV Def: 2014/06/02)                  ByteHero (AV Def: 2014/06/01)
          ClamWin (AV Def: 2014/06/02)                      Commtouch (AV Def: 2014/06/02)
          DrWebGateway (AV Def: 2014/06/02)                 ESET (AV Def: 2014/06/02)
          Emsisoft (AV Def: 2014/06/02)                     F-prot (AV Def: 2014/06/02)
          F-secure (AV Def: 2014/06/01)                     Filseclab (AV Def: 2014/06/02)
          Fortinet (AV Def: 2014/06/02)                     GFI (AV Def: 2014/06/02)
          Hauri (AV Def: 2014/06/02)                        Ikarus (AV Def: 2014/05/31)
          Jiangmin (AV Def: 2014/06/02)                     K7 (AV Def: 2014/06/02)
          Lavasoft (AV Def: 2014/06/02)                     McAfee-Gateway (AV Def: 2014/06/02)
          Microsoft (AV Def: 2014/06/02)                    NANO (AV Def: 2014/06/02)
          Norman (AV Def: 2014/06/02)                       AVG (AV Def: 2014/06/01)
          SUPERAntiSpyware (AV Def: 2014/06/02)             Sophos (AV Def: 2014/06/02)
          Symantec (AV Def: 2014/06/01)                     Tencent (AV Def: 2014/06/02)
          TotalDefense (AV Def: 2014/06/01)                 TrendMicro (AV Def: 2014/05/31)
          TrendMicroHouseCall (AV Def: 2014/06/01)          VirIT (AV Def: 2014/05/30)
          VirusBlokAda (AV Def: 2014/05/30)                 Zillya! (AV Def: 2014/06/01)
          Zoner (AV Def: 2014/05/24)                        nProtect (AV Def: 2014/06/02)

runservice.exe 2016/09/03 01:17:59 AM 1/41
c:\windows\runservice.exe
SHA256: 727654BDCD2D2911CEF14C9C1BA161309A2E3D260BF58C77A406E218BE886E26
          Threat Name: Downloader.Waski.Win32.5625
          AV Name: Zillya!
          AV Definition Date: 2016/09/02

Clean Engine Results:
          AegisLab (AV Def: 2016/09/02)                     Agnitum (AV Def: 2016/09/02)
          Ahnlab (AV Def: 2016/09/02)                       Antiy (AV Def: 2016/09/02)
          Avira (AV Def: 2016/09/02)                        Baidu (AV Def: 2016/09/03)
          BitDefender (AV Def: 2016/09/02)                  ByteHero (AV Def: 2016/09/02)
          CYREN (AV Def: 2016/09/02)                        ClamAV (AV Def: 2016/09/02)
          ESET (AV Def: 2016/09/02)                         Emsisoft (AV Def: 2016/09/03)
          F-prot (AV Def: 2016/09/02)                       F-secure (AV Def: 2016/09/02)
          Filseclab (AV Def: 2016/09/02)                    Fortinet (AV Def: 2016/09/02)
          Hauri (AV Def: 2016/09/03)                        Ikarus (AV Def: 2016/09/02)
          Jiangmin (AV Def: 2016/09/02)                     K7 (AV Def: 2016/09/02)
          Lavasoft (AV Def: 2016/09/02)                     McAfee (AV Def: 2016/09/02)
          Microsoft (AV Def: 2016/09/02)                    NANOAV (AV Def: 2016/09/02)
          Preventon (AV Def: 2016/09/02)                    QuickHeal (AV Def: 2016/09/02)
          STOPzilla (AV Def: 2016/09/02)                    SUPERAntiSpyware (AV Def: 2016/09/02)
          Sophos (AV Def: 2016/09/02)                       Symantec (AV Def: 2016/09/02)
          ThreatTrack (AV Def: 2016/09/03)                  TotalDefense (AV Def: 2016/09/02)
          TrendMicro (AV Def: 2016/09/02)                   TrendMicroHouseCall (AV Def: 2016/09/01)
          VirITeXplorer (AV Def: 2016/09/02)                VirusBlokAda (AV Def: 2016/09/02)
          Xvirus (AV Def: 2016/08/31)                       AVG (AV Def: 2016/09/02)
          Zoner (AV Def: 2016/09/03)                        nProtect (AV Def: 2016/09/02)


----------Unknowns----------
No files skipped

----------IP Addresses----------
No known infections found

-------------------------------------------------------

i checked the time stamps of runservice.exe and mmfs.dll and those two files and a few others in the c:\windows folder were created that day so must have been installed with the strategic command software.  i believe at least one has to do wit th elicsensing of the game, a third party license software that was apparently added to control panel.

here are some further scans i did online of the files...

mmfs.dll
https://www.metadefender.com/?utm_source=metadefenderclient&utm_medium=app&utm_campaign=beta#!/results/file/0b78c922589b4a43b7e183c3ab5ee1e7/regular/history

not certain which this is, probably runservice.exe
https://www.metadefender.com/?utm_source=metadefenderclient&utm_medium=app&utm_campaign=beta#!/results/file/2f0e950aceb0493daa9532507bf09e37/regular/analysis

mmfs.dll
https://www.virustotal.com/en/file/4499a531a8c66ebd6fdf916cc7402c5ca149a3abae91b4eabbbbfd9e802746f5/analysis/

runservice.exe
https://www.virustotal.com/en/file/727654bdcd2d2911cef14c9c1ba161309a2e3d260bf58c77a406e218be886e26/analysis/
(note 3 anti viruses flagged this as malware. also under additional information it says...

Advanced heuristic and reputation engines
TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V0117.

Symantec reputation Suspicious.Insight)


------------------------------------------------------------------------------------------

so this is where i am currently with this i thought i needed to get this checked out whether its a real of false positive.

as stated none of my anti virus software i have installed finds anything.

here is a log from the emisoft scan..

-----------------------------------------------------
Emsisoft Emergency Kit - Version 11.9
Last update: 03/09/2016 03:16:01
User account: PC1880278\ME
Computer name: PC1880278
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    03/09/2016 03:21:47

Scanned    81023
Found    0

Scan end:    03/09/2016 03:25:55
Scan time:    0:04:08

-----------------------------------------------------


 



BC AdBot (Login to Remove)

 


#2 thedillinger

thedillinger
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 04 September 2016 - 03:33 PM

-------------------------------------------------------------------------

FRST.txt

 

-------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by ME (administrator) on PC1880278 (04-09-2016 21:28:20)
Running from C:\Users\ME\Desktop
Loaded Profiles: ME (Available Profiles: ME & DefaultAppPool)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\Windows\runservice.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\PSUService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\FDM8\FdmDaemon.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(FUJITSU LIMITED) C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\HP Deskjet 460 Series\Toolbox\HPWRTBX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNAutoCon.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNetDm.exe
(FUJITSU LIMITED) C:\Program Files\Fujitsu\Plugfree NETWORK\PFNTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [589176 2011-12-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation)
HKLM\...\Run: [LoadFUJ02E3] => C:\Program Files\Fujitsu\FUJ02E3\fuj02e3.exe [76104 2011-11-23] (FUJITSU LIMITED)
HKLM\...\Run: [FDM8] => C:\Program Files\Fujitsu\FDM8\FdmDaemon.exe [96664 2012-06-28] (FUJITSU LIMITED)
HKLM\...\Run: [PSUTility] => C:\Program Files\Fujitsu\PSUtility\TrayManager.exe [169368 2012-06-29] (FUJITSU LIMITED)
HKLM\...\Run: [LoadFujitsuQuickTouch] => C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe [158024 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [LoadBtnHnd] => C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe [23368 2011-09-30] (FUJITSU LIMITED)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS_SWVOL] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [IndicatorUtility] => C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [48752 2010-09-29] (FUJITSU LIMITED)
HKLM-x32\...\Run: [HPWRTOOLBOX] => C:\Program Files (x86)\HP\HP Deskjet 460 Series\Toolbox\HPWRTBX.exe [356352 2007-04-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4019986658-3472930921-203088936-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{92B37CF5-FF4B-4681-B4C1-D865F03F3754}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{E6A0BA9C-7162-4A40-BACD-9AEEB271A9B5}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4019986658-3472930921-203088936-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4019986658-3472930921-203088936-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4019986658-3472930921-203088936-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-23] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-23] (Oracle Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-23] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-4019986658-3472930921-203088936-1000 -> Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-06-28] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\ME\AppData\Roaming\Mozilla\Firefox\Profiles\tpzlbt4g.default-1467223648252
FF Homepage: hxxp://www.virginmedia.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2012-12-19] (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (NoScript) - C:\Users\ME\AppData\Roaming\Mozilla\Firefox\Profiles\tpzlbt4g.default-1467223648252\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-09]
FF Extension: (Firebug) - C:\Users\ME\AppData\Roaming\Mozilla\Firefox\Profiles\tpzlbt4g.default-1467223648252\Extensions\firebug@software.joehewitt.com.xpi [2016-07-21]
FF Extension: (Ghostery) - C:\Users\ME\AppData\Roaming\Mozilla\Firefox\Profiles\tpzlbt4g.default-1467223648252\Extensions\firefox@ghostery.com.xpi [2016-08-12]
FF Extension: (Adblock Plus) - C:\Users\ME\AppData\Roaming\Mozilla\Firefox\Profiles\tpzlbt4g.default-1467223648252\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-06-29]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2016-06-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi

Chrome:
=======
CHR Profile: C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-29]
CHR Extension: (Google Docs) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-29]
CHR Extension: (Google Drive) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-29]
CHR Extension: (YouTube) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-29]
CHR Extension: (Google Sheets) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-29]
CHR Extension: (Kaspersky Protection) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2016-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-29]
CHR Extension: (Gmail) - C:\Users\ME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-29]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 FUJ02E3Service; C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [76104 2011-11-23] (FUJITSU LIMITED)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 LicCtrlService; C:\Windows\runservice.exe [16384 2016-09-03] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-04-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PFNService; C:\Program Files\Fujitsu\Plugfree NETWORK\PFNService.exe [2213376 2011-12-22] (FUJITSU LIMITED) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 PowerSavingUtilityService; C:\Program Files\Fujitsu\PSUtility\PSUService.exe [51608 2012-06-29] (FUJITSU LIMITED)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2671376 2012-04-17] (Intel® Corporation)
S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
S3 DIRECTIO; C:\Program Files\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 FBIOSDRV; C:\Windows\System32\Drivers\FBIOSDRV.sys [21104 2009-06-24] (FUJITSU LIMITED)
R3 FUJ02B1; C:\Windows\System32\DRIVERS\FUJ02B1.sys [7808 2006-11-01] (FUJITSU LIMITED)
R3 FUJ02E3; C:\Windows\System32\DRIVERS\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [189264 2016-06-26] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [300368 2016-06-20] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1027472 2016-06-26] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [49488 2016-06-20] (AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [52144 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75696 2016-05-17] (AO Kaspersky Lab)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126808 2016-06-02] (AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [194480 2016-06-14] (AO Kaspersky Lab)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1812608 2011-12-27] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-27] ()
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-04 21:28 - 2016-09-04 21:28 - 00020546 _____ C:\Users\ME\Desktop\FRST.txt
2016-09-04 21:24 - 2016-09-04 21:24 - 02397696 _____ (Farbar) C:\Users\ME\Desktop\FRST64.exe
2016-09-04 20:12 - 2016-09-04 20:12 - 00004472 _____ C:\Users\ME\Desktop\opswat report 2.txt
2016-09-03 12:10 - 2016-09-03 12:10 - 00850532 _____ C:\Users\ME\AppData\Local\census.cache
2016-09-03 12:09 - 2016-09-03 12:09 - 00470917 _____ C:\Users\ME\AppData\Local\ars.cache
2016-09-03 04:20 - 2016-09-03 04:20 - 00000010 _____ C:\Users\ME\AppData\Local\sponge.last.runtime.cache
2016-09-03 04:13 - 2016-09-03 04:13 - 00000000 ____D C:\Windows\Trend Micro
2016-09-03 04:13 - 2016-09-03 04:13 - 00000000 ____D C:\ProgramData\Trend Micro
2016-09-03 04:11 - 2016-09-03 04:11 - 00000036 _____ C:\Users\ME\AppData\Local\housecall.guid.cache
2016-09-03 04:11 - 2015-05-29 08:43 - 00307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-09-03 04:10 - 2016-09-03 04:10 - 02526736 _____ (Trend Micro Inc.) C:\Users\ME\Desktop\HousecallLauncher64.exe
2016-09-03 03:26 - 2016-09-03 03:26 - 00000996 _____ C:\Users\ME\Desktop\scan_160903-032147.txt
2016-09-03 02:44 - 2016-09-03 03:29 - 00000549 _____ C:\Users\ME\Desktop\opswat online analysis.txt
2016-09-03 02:42 - 2016-09-03 02:42 - 00004379 _____ C:\Users\ME\Desktop\opswat report.txt
2016-09-03 01:43 - 2016-09-03 01:43 - 00001524 _____ C:\Users\ME\Desktop\WWII Global Conflict GOLD Game Editor.lnk
2016-09-03 01:43 - 2016-09-03 01:43 - 00001504 _____ C:\Users\ME\Desktop\Strategic Command WWII Global Conflict GOLD.lnk
2016-09-03 01:33 - 2016-09-04 14:46 - 00003465 ___SH C:\Windows\SysWOW64\mmf.sys
2016-09-03 01:33 - 2016-09-03 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefront
2016-09-03 01:33 - 2016-09-03 01:33 - 00348160 _____ (Microsoft Corporation) C:\Windows\msvcr71.dll
2016-09-03 01:33 - 2016-09-03 01:33 - 00249856 _____ C:\Windows\lcmmfu.cpl
2016-09-03 01:33 - 2016-09-03 01:33 - 00048640 _____ C:\Windows\mmfs.dll
2016-09-03 01:33 - 2016-09-03 01:33 - 00016384 _____ C:\Windows\runservice.exe
2016-09-03 01:33 - 2016-09-03 01:33 - 00002118 _____ C:\Users\ME\Desktop\Battlefront Website.lnk
2016-09-03 01:33 - 2016-09-03 01:33 - 00001444 _____ C:\Users\ME\Desktop\Strategic Command WWII Global Conflict.lnk
2016-09-03 01:32 - 2016-09-03 01:42 - 00000000 ____D C:\Program Files (x86)\Battlefront
2016-08-25 14:07 - 2016-08-26 15:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-19 01:30 - 2016-08-19 01:30 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-08-19 01:30 - 2016-08-19 01:30 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-08-19 01:30 - 2016-08-19 01:30 - 00000000 ____D C:\Windows\system32\DAX2
2016-08-19 01:30 - 2016-08-19 01:30 - 00000000 ____D C:\Program Files\Realtek
2016-08-19 01:29 - 2015-06-18 18:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-08-19 01:29 - 2015-06-18 17:59 - 02862488 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-08-19 01:29 - 2015-06-17 19:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-08-19 01:29 - 2015-06-17 19:47 - 02585816 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2016-08-19 01:29 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-08-19 01:29 - 2015-06-15 17:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-08-19 01:29 - 2015-06-11 19:40 - 03157796 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2016-08-19 01:29 - 2015-06-09 11:17 - 05708736 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2016-08-19 01:29 - 2015-05-26 11:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-08-19 01:29 - 2015-05-18 14:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-08-19 01:29 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-08-19 01:29 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-08-19 01:29 - 2015-04-24 05:42 - 00858256 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2016-08-19 01:29 - 2015-04-24 05:42 - 00684176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2016-08-19 01:29 - 2015-04-24 05:42 - 00435856 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2016-08-19 01:29 - 2015-04-24 05:41 - 00555664 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.DLL
2016-08-19 01:29 - 2015-04-13 16:25 - 03262184 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2016-08-19 01:29 - 2015-02-04 00:38 - 01413776 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2016-08-19 01:29 - 2015-02-04 00:38 - 00454288 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2016-08-19 01:29 - 2015-02-04 00:38 - 00369296 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2016-08-19 01:29 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2016-08-19 01:29 - 2015-02-04 00:38 - 00329360 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2016-08-19 01:29 - 2015-01-23 18:16 - 00213432 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaemaxapo64.dll
2016-08-19 01:29 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-08-19 01:29 - 2014-12-11 08:10 - 01104040 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2016-08-19 01:29 - 2014-12-11 08:10 - 00943784 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2016-08-19 01:29 - 2014-12-11 08:10 - 00734376 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2016-08-19 01:29 - 2014-12-11 08:10 - 00250536 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2016-08-19 01:29 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-08-19 01:29 - 2014-10-24 10:12 - 00995120 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2016-08-19 01:29 - 2014-08-14 19:16 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2016-08-19 01:29 - 2014-06-17 19:17 - 00856992 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2016-08-19 01:29 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2016-08-19 01:29 - 2014-02-27 20:02 - 02162992 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2016-08-19 01:29 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2016-08-19 01:29 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2016-08-19 01:29 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2016-08-19 01:29 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2016-08-19 01:29 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-08-19 01:29 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-08-19 01:29 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-08-19 01:29 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-08-19 01:29 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-08-19 01:29 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2016-08-19 01:29 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-08-19 01:29 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-08-19 01:29 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-08-19 01:29 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-08-19 01:29 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-08-19 01:29 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2016-08-19 01:29 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2016-08-19 01:29 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-08-19 01:29 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-08-19 01:29 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-08-19 01:29 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-08-19 01:29 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-08-19 01:29 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-08-19 01:29 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-08-19 01:29 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-08-19 01:29 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-08-19 01:29 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-08-19 01:29 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-08-19 01:28 - 2015-06-10 13:20 - 03129672 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2016-08-19 01:28 - 2015-06-10 13:20 - 00728392 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2016-08-19 01:28 - 2015-06-02 19:25 - 01576976 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2016-08-19 01:28 - 2015-05-27 18:51 - 02461016 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2016-08-19 01:28 - 2015-05-27 18:51 - 02393432 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2016-08-19 01:28 - 2015-05-27 18:51 - 00944984 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2016-08-19 01:28 - 2015-05-27 18:51 - 00349528 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2016-08-19 01:28 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-08-19 01:28 - 2015-05-11 18:53 - 12996528 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2016-08-19 01:28 - 2015-05-11 13:08 - 01374640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2016-08-19 01:28 - 2015-05-11 13:08 - 01192368 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2016-08-19 01:28 - 2015-05-11 13:08 - 01145264 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2016-08-19 01:28 - 2015-05-11 13:08 - 00980400 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2016-08-19 01:28 - 2015-04-27 16:09 - 00328816 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2016-08-19 01:28 - 2015-02-05 17:48 - 12834736 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2016-08-19 01:28 - 2015-02-05 17:48 - 02789808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2016-08-19 01:28 - 2014-11-04 13:42 - 06242576 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2016-08-19 01:28 - 2014-11-04 13:42 - 01933584 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2016-08-19 01:28 - 2014-11-04 13:42 - 00336144 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2016-08-19 01:28 - 2014-11-04 13:42 - 00284944 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2016-08-19 01:28 - 2014-10-24 10:12 - 05234952 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2016-08-19 01:28 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-08-19 01:28 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-08-19 01:28 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-08-19 01:28 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-08-19 01:28 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-08-19 01:28 - 2014-05-22 16:24 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2016-08-19 01:28 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2016-08-19 01:28 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2016-08-19 01:28 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2016-08-19 01:28 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2016-08-19 01:28 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2016-08-19 01:28 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2016-08-19 01:28 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2016-08-19 01:28 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2016-08-19 01:28 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2016-08-19 01:28 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2016-08-19 01:28 - 2013-06-21 11:01 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2016-08-19 01:28 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2016-08-19 01:28 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-08-19 01:28 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-08-19 01:28 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-08-19 01:28 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-08-18 23:59 - 2015-06-04 13:33 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2016-08-16 22:39 - 2016-09-04 20:17 - 00000000 ____D C:\Users\ME\AppData\Roaming\Metadefender-Client
2016-08-16 22:36 - 2016-08-16 22:38 - 09900728 _____ (OPSWAT, Inc.) C:\Users\ME\Desktop\Metadefender-Client.exe
2016-08-13 23:20 - 2016-08-13 23:20 - 00000000 ____D C:\Users\ME\AppData\Roaming\QuickScan
2016-08-13 23:09 - 2016-08-13 23:11 - 00000000 ____D C:\AdwCleaner
2016-08-12 20:34 - 2016-09-04 20:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-12 20:34 - 2016-08-12 20:34 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-12 20:34 - 2016-08-12 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-12 20:34 - 2016-08-12 20:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-12 20:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-12 20:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-12 20:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-12 09:24 - 2016-08-12 09:24 - 00000734 _____ C:\Users\ME\Desktop\Start Tor Browser.lnk
2016-08-12 09:23 - 2016-08-12 09:23 - 00000000 ____D C:\Users\ME\Desktop\Tor Browser
2016-08-12 09:22 - 2016-08-12 09:23 - 49627504 _____ C:\Users\ME\Desktop\torbrowser-install-6.0.3_en-US.exe
2016-08-10 21:46 - 2016-08-10 22:35 - 00000000 ____D C:\Users\ME\AppData\Roaming\Stellarium
2016-08-10 21:46 - 2016-08-10 21:46 - 00000000 ____D C:\Users\ME\AppData\Local\stellarium
2016-08-10 21:46 - 2016-08-10 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2016-08-10 21:46 - 2016-08-10 21:46 - 00000000 ____D C:\Program Files\Stellarium
2016-08-10 17:01 - 2016-08-10 17:01 - 00000000 ____D C:\Users\ME\AppData\Roaming\npm
2016-08-10 16:39 - 2016-08-10 16:44 - 00000000 ____D C:\Users\ME\Documents\Aptana Studio 3 Workspace
2016-08-10 16:39 - 2016-08-10 16:39 - 00000000 ____D C:\Users\ME\Aptana Rubles
2016-08-10 16:35 - 2016-08-10 16:35 - 00001977 _____ C:\Users\ME\Desktop\AptanaStudio.lnk
2016-08-10 16:35 - 2016-08-10 16:35 - 00000000 ____D C:\Users\ME\AppData\Local\Caphyon
2016-08-10 16:34 - 2016-08-10 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2016-08-10 16:33 - 2016-08-10 16:34 - 00000000 ____D C:\Program Files (x86)\Git
2016-08-10 16:32 - 2016-08-10 16:33 - 00000000 ____D C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js
2016-08-10 16:32 - 2016-08-10 16:32 - 00000000 ____D C:\Program Files (x86)\nodejs
2016-08-10 16:30 - 2016-08-10 16:30 - 05324800 _____ C:\Users\ME\Desktop\node-v0.10.13-x86.msi
2016-08-10 16:23 - 2016-08-10 16:33 - 00000000 ____D C:\Users\ME\AppData\Roaming\Appcelerator
2016-08-10 16:14 - 2016-08-10 16:17 - 135327376 _____ (Appcelerator) C:\Users\ME\Desktop\Aptana_Studio_3_Setup_3.6.1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-04 21:28 - 2015-08-04 11:26 - 00000000 ____D C:\FRST
2016-09-04 21:25 - 2015-10-01 02:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-04 21:10 - 2016-06-29 20:27 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-09-04 20:32 - 2016-06-29 20:09 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-04 20:21 - 2015-07-21 21:50 - 00000000 ____D C:\EEK
2016-09-04 20:20 - 2015-10-01 02:51 - 07715882 _____ C:\Windows\ntbtlog.txt
2016-09-04 15:02 - 2016-07-29 19:46 - 00003032 _____ C:\Windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2016-09-04 14:54 - 2009-07-14 05:45 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-04 14:54 - 2009-07-14 05:45 - 00036336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-04 14:50 - 2015-07-24 01:06 - 00000000 ____D C:\Users\ME\Desktop\Desk3
2016-09-04 14:47 - 2016-06-29 20:09 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-04 14:47 - 2013-11-12 22:31 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-04 14:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-04 02:27 - 2016-01-20 11:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-03 13:55 - 2015-08-09 02:08 - 00000000 ____D C:\Users\ME\AppData\Local\CrashDumps
2016-09-03 00:13 - 2013-11-21 03:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TripleA
2016-08-31 23:48 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-28 15:53 - 2014-07-04 20:51 - 00000000 ____D C:\Users\ME\Documents\My Received Files
2016-08-26 15:56 - 2016-06-29 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-08-19 01:30 - 2013-08-14 23:57 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-19 01:29 - 2009-07-14 06:13 - 00817972 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-19 01:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-08-19 01:28 - 2013-08-14 23:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-19 01:23 - 2013-08-14 23:57 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-08-19 00:55 - 2013-08-15 00:04 - 00000000 ____D C:\Program Files\Intel
2016-08-19 00:47 - 2013-08-15 00:11 - 00015852 _____ C:\Windows\system32\results.xml
2016-08-18 17:54 - 2013-12-02 21:48 - 00000000 ____D C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-18 17:34 - 2015-04-20 23:45 - 00000000 ____D C:\Users\ME\Documents\Sovereignty
2016-08-16 20:41 - 2015-02-19 13:47 - 00000000 ____D C:\Users\ME\Documents\Telltale Games
2016-08-16 20:41 - 2014-01-08 18:46 - 00000000 ____D C:\GOG Games
2016-08-16 20:41 - 2014-01-08 18:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2016-08-16 20:41 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-15 15:34 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-08-15 15:23 - 2014-07-15 01:22 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-08-15 15:22 - 2015-01-01 15:39 - 00000000 ____D C:\Program Files\7-Zip
2016-08-15 15:14 - 2014-01-17 22:12 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-08-15 13:43 - 2014-06-05 17:49 - 00000000 ____D C:\Windows\System32\Tasks\Event Viewer Tasks
2016-08-12 09:24 - 2016-07-22 03:01 - 00000782 _____ C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-08-10 18:34 - 2013-08-15 16:55 - 00000000 ____D C:\Users\ME\Documents\Visual Studio 2012
2016-08-10 16:39 - 2013-08-14 22:32 - 00000000 ____D C:\Users\ME
2016-08-08 22:34 - 2016-06-29 20:11 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 09:02 - 2015-11-01 05:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

==================== Files in the root of some directories =======

2015-08-25 14:30 - 2015-08-25 14:30 - 0001181 _____ () C:\Users\ME\AppData\Roaming\trace_FilterInstaller.1.txt
2015-08-25 14:30 - 2015-08-25 15:44 - 0000919 _____ () C:\Users\ME\AppData\Roaming\trace_FilterInstaller.txt
2015-08-25 14:30 - 2015-08-25 15:44 - 0000000 _____ () C:\Users\ME\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2016-09-03 12:09 - 2016-09-03 12:09 - 0470917 _____ () C:\Users\ME\AppData\Local\ars.cache
2016-09-03 12:10 - 2016-09-03 12:10 - 0850532 _____ () C:\Users\ME\AppData\Local\census.cache
2016-09-03 04:11 - 2016-09-03 04:11 - 0000036 _____ () C:\Users\ME\AppData\Local\housecall.guid.cache
2016-08-16 22:40 - 2016-09-04 20:17 - 0007417 _____ () C:\Users\ME\AppData\Local\infection.log
2013-08-15 16:22 - 2016-07-30 19:47 - 0007596 _____ () C:\Users\ME\AppData\Local\Resmon.ResmonCfg
2016-09-03 04:20 - 2016-09-03 04:20 - 0000010 _____ () C:\Users\ME\AppData\Local\sponge.last.runtime.cache
2016-08-19 01:30 - 2016-08-19 01:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-09 22:21 - 2016-02-01 19:20 - 0011028 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\ME\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\ME\AppData\Local\Temp\jre-8u101-windows-au.exe
C:\Users\ME\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\ME\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\ME\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\ME\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\ME\AppData\Local\Temp\jre-8u77-windows-au.exe
C:\Users\ME\AppData\Local\Temp\jre-8u91-windows-au.exe
C:\Users\ME\AppData\Local\Temp\libeay32.dll
C:\Users\ME\AppData\Local\Temp\msvcr120.dll
C:\Users\ME\AppData\Local\Temp\ose00000.exe
C:\Users\ME\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-26 19:12

==================== End of FRST.txt ============================

 

-------------------------------------------------------------------------



#3 thedillinger

thedillinger
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 04 September 2016 - 03:34 PM

-------------------------------------------------------------------------

 

Addition.txt

 

-------------------------------------------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by ME (04-09-2016 21:29:02)
Running from C:\Users\ME\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-08-14 21:32:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4019986658-3472930921-203088936-500 - Administrator - Disabled)
Guest (S-1-5-21-4019986658-3472930921-203088936-501 - Limited - Disabled)
ME (S-1-5-21-4019986658-3472930921-203088936-1000 - Administrator - Enabled) => C:\Users\ME

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
8-Bit Armies (HKLM\...\Steam App 427250) (Version:  - Petroglyph)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Anytime USB Charge Utility (HKLM-x32\...\{549BF60D-FDDA-4E4C-ABE3-9E897BC09E79}) (Version: 1.01.10.005 - FUJITSU LIMITED)
Aptana Studio (HKU\S-1-5-21-4019986658-3472930921-203088936-1000\...\Aptana Studio 3.6.0) (Version: 3.6.0 - Appcelerator)
Aptana Studio (x32 Version: 3.6.0 - Appcelerator) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
B4J v4.01 (HKLM-x32\...\{EDE7CEAB-7394-4B50-8109-268DFB9A3023}_is1) (Version:  - Anywhere Software)
Battle for Wesnoth 1.12.5 (HKLM-x32\...\Battle for Wesnoth 1.12.5) (Version: 1.12.5 - )
Bitmark Core (64-bit) (HKU\S-1-5-21-4019986658-3472930921-203088936-1000\...\Bitmark Core (64-bit)) (Version: 0.9.2 - Project Bitmark)
Blend for Visual Studio 2012 (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2012 ENU resources (x32 Version: 5.0.30709.0 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BlitzPlus Demo (HKLM-x32\...\BlitzPlus Demo 1.43_is1) (Version:  - Blitz Research Ltd)
BlueGriffon version 1.7.2 (HKLM-x32\...\{A9015334-10BE-4D64-A776-203336EFE806}_is1) (Version: 1.7.2 - Disruptive Innovations SAS)
Colonization (HKLM-x32\...\GOGPACKCOLONIZATION_is1) (Version: 2.0.0.10 - GOG.com)
Commander : The Great War (HKLM-x32\...\Steam App 312350) (Version:  - The Lordz Games Studio)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1521 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeskUpdate (HKLM-x32\...\DeskUpdate_is1) (Version: 4.15.0134 - Fujitsu Technology Solutions)
D-Fend Reloaded 1.4.4 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4521.29298 - PreEmptive Solutions) Hidden
Dune Legacy (HKLM-x32\...\Dune Legacy) (Version:  - )
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
Fantasy Wars (HKLM-x32\...\GOGPACKFANTASYWARS_is1) (Version: 2.0.0.6 - GOG.com)
FJ Camera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.52032.0_WHQL - Sonix)
Fujitsu Display Manager (HKLM-x32\...\InstallShield_{0987D640-F480-42C0-9258-4176C12A58AB}) (Version: 8.01.00.012 - FUJITSU LIMITED)
Fujitsu Display Manager (Version: 8.01.00.012 - FUJITSU LIMITED) Hidden
Fujitsu Hotkey Utility (HKLM-x32\...\InstallShield_{C8E4B31D-337C-483D-822D-16F11441669B}) (Version: 3.70.0.0 - FUJITSU LIMITED)
Fujitsu Hotkey Utility (x32 Version: 3.70.0.0 - FUJITSU LIMITED) Hidden
Fujitsu MobilityCenter Extension Utility (HKLM-x32\...\InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}) (Version: 4.01.00.000 - FUJITSU LIMITED)
Fujitsu MobilityCenter Extension Utility (Version: 4.01.00.000 - FUJITSU LIMITED) Hidden
Fujitsu System Extension Utility (HKLM-x32\...\InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}) (Version: 3.4.4.0 - FUJITSU LIMITED)
Fujitsu System Extension Utility (Version: 3.4.4.0 - FUJITSU LIMITED) Hidden
GEAR driver installer (HKLM-x32\...\{0590062B-1E79-4717-B1AC-45B6DCA43B36}) (Version: 4.001.7 - GEAR Software)
Git version 1.8.4-preview20130916 (HKLM-x32\...\Git_is1) (Version: 1.8.4-preview20130916 - The Git Development Community)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Deskjet 460 Series Toolbox (HKLM-x32\...\{80B2BC9F-0AAC-4D25-9B78-B2C92907081E}) (Version: 1.00.0000 - Hewlett-Packard)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{705EE775-5776-48FD-B704-C3C9CF535420}) (Version: 15.1.1.0170 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{BAA0BE9B-9E6D-4802-91CB-FB7ED5CD4BEF}) (Version: 15.01.1500.1034 - Intel Corporation)
Jagged Alliance 2 - Unfinished Business (HKLM-x32\...\GOGPACKJA2UB_is1) (Version: 2.0.0.5 - GOG.com)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
JavaScript Tooling (Version: 11.0.60315 - Microsoft Corporation) Hidden
JetBrains PhpStorm 2016.2 (HKLM-x32\...\PhpStorm 2016.2) (Version: 162.1121.38 - JetBrains s.r.o.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Just BASIC v1.01 (HKLM-x32\...\Just BASIC v1.01) (Version:  - )
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
King Arthur - The Role-playing Wargame (HKLM-x32\...\Steam App 24400) (Version:  - NeoCoreGames)
Liberty BASIC v4.5.0 (HKLM-x32\...\Liberty BASIC v4.5.0) (Version:  - )
LIFEBOOK Application Panel (HKLM-x32\...\InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}) (Version: 8.3.2.0 - FUJITSU LIMITED)
LIFEBOOK Application Panel (Version: 8.3.2.0 - FUJITSU LIMITED) Hidden
LocalESPC (x32 Version: 8.59.25584 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.25584 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Master of Magic (HKLM-x32\...\GOGPACKMASTEROFMAGIC_is1) (Version: 2.0.0.20 - GOG.com)
Master of Orion 1 and 2 (HKLM-x32\...\GOGPACKMASTEROFORION12_is1) (Version: 2.0.0.16 - GOG.com)
Medieval II: Total War (HKLM-x32\...\Steam App 4700) (Version:  - The Creative Assembly)
Medieval II: Total War Kingdoms (HKLM-x32\...\Steam App 4780) (Version:  - The Creative Assembly)
MeldaProduction MFreeEffectsBundle64 8 (HKLM-x32\...\MeldaProduction MFreeEffectsBundle64 8) (Version:  - MeldaProduction)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 3 (HKLM-x32\...\{D32EF103-4016-4C15-BCB0-700C0A7A2309}) (Version: 3.0.50813.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft Small Basic v1.2 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2012 (HKLM-x32\...\{e22a10a1-69ff-4ffa-889e-172c06c0abbd}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Web Deploy dbSqlPackage Provider - enu (HKLM-x32\...\{E4C33F5B-1B2F-466E-957E-B274F08151A0}) (Version: 10.3.20225.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{E2B8249D-895C-4685-8C83-00F3B1A13028}) (Version: 4.0.1622 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version:  - The Creative Assembly)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10400.2.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10300.1.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{78B93AE2-9E07-4251-96DF-7E74A1BAEC32}) (Version: 10.6.10200 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{011E92F1-AF76-4983-8707-79F8F1956439}) (Version: 11.0.11500 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10500.3.100 - Nero AG)
NetBeans IDE 8.1 (HKLM\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
Node.js (HKLM-x32\...\{2D41A012-35EE-4724-AE8E-E592EDD9F89D}) (Version: 0.10.13 - Joyent, Inc. and other Node contributors)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
PerformanceTest v8.0 (HKLM\...\PerformanceTest 8_is1) (Version: 8.0.1029.0 - Passmark Software)
Pike and Shot: Campaigns (HKLM\...\Steam App 377520) (Version:  - Byzantine Games)
Plugfree NETWORK (HKLM\...\{7BA64D21-EE46-4a9a-8145-52B0175C3F86}) (Version: 6.2.0.1 - FUJITSU LIMITED)
Plugfree NETWORK (Version: 6.2.001 - FUJITSU LIMITED) Hidden
Power Saving Utility (HKLM-x32\...\{49A588CF-5FD4-4774-BFBF-0764287DE82B}) (Version: 32.01.10.043 - FUJITSU LIMITED)
Pox Nora (HKLM-x32\...\Steam App 201210) (Version:  - Desert Owl Games LLC)
Pox Nora 1.8 (HKLM-x32\...\3055-2232-0137-3195) (Version: 1.8 - Desert Owl Games)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.0.2180.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
PureBasic 5.40 Demo (64 bit) (HKLM\...\PureBasic_is1) (Version:  - Fantaisie Software)
QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30129 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAGA (HKLM\...\Steam App 376140) (Version:  - Silverlode Interactive)
SAGA (HKU\S-1-5-21-4019986658-3472930921-203088936-1000\...\SAGA) (Version:  - )
Sid Meier's Civilization III: Complete (HKLM\...\Steam App 3910) (Version:  - Firaxis Games)
Sovereignty: Crown of Kings (HKLM\...\Steam App 312430) (Version:  - Gothic Labs)
Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.5 - Safer-Networking Ltd.)
Starters Orders 6 (HKLM\...\Steam App 460230) (Version:  - Strategic Designs Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stellarium 0.15.0 (HKLM\...\Stellarium_is1) (Version: 0.15.0 - Stellarium team)
Strategic Command - European Theater (HKLM-x32\...\GOGPACKSTRATEGICCOMMAND_is1) (Version: 2.0.0.61 - GOG.com)
Strategic Command WWII Global Conflict (HKLM-x32\...\Strategic Command WWII Global Conflict_is1) (Version:  - Battlefront)
Strategic Command WWII Global Conflict GOLD (HKLM-x32\...\Strategic Command WWII Global Conflict GOLD_is1) (Version:  - Battlefront)
The Banner Saga (HKLM-x32\...\Steam App 237990) (Version:  - Stoic)
The Banner Saga: Factions (HKLM-x32\...\Steam App 219340) (Version:  - Stoic)
thinBasic (HKLM-x32\...\thinBasic_is1) (Version: 1.9.15.0 - thinBasic)
TripleA Version 1_8_0_9 (HKLM-x32\...\TripleAVersion1_8_0_9) (Version:  - )
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2012 Update 5 (KB2707250) (HKLM-x32\...\{6d052d71-b953-48cd-8a75-3462b00efeb7}) (Version: 11.0.61219 - Microsoft Corporation)
WCF Data Services 5.0 (for OData v3) Primary Components (x32 Version: 5.0.50628.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2012 (x32 Version: 5.0.50710.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{3A523AF9-D32F-4C85-8388-0335731F3405}) (Version: 4.1.61829.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4019986658-3472930921-203088936-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0982055A-3F0C-44CF-A1AF-02924DCF363E} - System32\Tasks\{9439011E-6C57-475F-9A36-25A6B552548D} => pcalua.exe -a C:\Users\ME\Downloads\SYS-EXTENSION-DRVR_V1.20_WIN7-64_FPC46-1642-01.EXE -d C:\Users\ME\Downloads
Task: {3630A3F8-2565-4DF0-B543-7F01EF1D6245} - System32\Tasks\{AF9BCD47-07CC-4F39-922B-F57344F92513} => pcalua.exe -a C:\Users\ME\Desktop\SYS-EXTENSION-DRVR_V1.20_WIN7-64_FPC46-1642-01.EXE -d C:\Users\ME\Desktop
Task: {599FC8EA-5D53-49A8-9D1A-72C8EDF7ABB0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-29] (Google Inc.)
Task: {8513E0CB-5F23-4598-ABB6-7A8EAA2F0ADC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {8BF7029D-76BD-4122-A2D9-4BD531CBC317} - System32\Tasks\{E430CA00-894F-4A77-B2B4-89603C34CF2E} => pcalua.exe -a C:\Users\ME\Desktop\sagainstaller.exe -d C:\Users\ME\Desktop
Task: {9D903DE2-683D-4DEE-9DEB-3338D909D274} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-29] (Google Inc.)
Task: {AD678FCD-1903-469E-9EFC-67E92C15626A} - System32\Tasks\Safer-Networking\Spybot Anti-Beacon\Refresh Anti-Beacon immunization => C:\Program Files (x86)\Spybot Anti-Beacon\SDAntiBeacon.exe [2015-10-19] (Safer-Networking Ltd.)
Task: {B00FC71C-2AE8-407A-8526-3C63BAC0EACA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {BAB54232-7DD1-42EC-A354-5BC29459BD98} - System32\Tasks\{E96F8D47-5D71-4621-A158-6BA2741CF13E} => pcalua.exe -a "C:\Users\ME\Desktop\MS Web stuff\dotnetfx35.exe" -d "C:\Users\ME\Desktop\MS Web stuff"
Task: {FFEDD626-E029-4A59-8722-513D64F2D9A8} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-11] (AO Kaspersky Lab)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\ME\AppData\Local\Microsoft\Windows\GameExplorer\{540CF612-8012-42D5-A46E-FD25BA710C7F}\SupportTasks\1\Support.lnk -> hxxp://techsupport.ea.com/
Shortcut: C:\Users\ME\AppData\Local\Microsoft\Windows\GameExplorer\{540CF612-8012-42D5-A46E-FD25BA710C7F}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ea.com/eagames/official/battlefield1942/home.jsp/

ShortcutWithArgument: C:\Users\ME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2016-09-03 01:33 - 2016-09-03 01:33 - 00016384 _____ () C:\Windows\runservice.exe
2012-03-19 08:09 - 2012-03-19 08:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2016-09-03 01:33 - 2016-09-03 01:33 - 00048640 _____ () C:\Windows\mmfs.dll
2013-08-15 00:04 - 2012-06-25 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2016-09-04 14:51 - 00004769 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0    choice.microsoft.com
0.0.0.0    choice.microsoft.com.nstac.net
0.0.0.0    df.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com
0.0.0.0    oca.telemetry.microsoft.com.nsatc.net
0.0.0.0    redir.metaservices.microsoft.com
0.0.0.0    reports.wes.df.telemetry.microsoft.com
0.0.0.0    services.wes.df.telemetry.microsoft.com
0.0.0.0    settings-sandbox.data.microsoft.com
0.0.0.0    settings-win.data.microsoft.com
0.0.0.0    sqm.df.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com
0.0.0.0    sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0    telecommand.telemetry.microsoft.com
0.0.0.0    telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0    telemetry.appex.bing.net
0.0.0.0    telemetry.microsoft.com
0.0.0.0    telemetry.urs.microsoft.com
0.0.0.0    vortex-sandbox.data.microsoft.com
0.0.0.0    vortex-win.data.microsoft.com
0.0.0.0    vortex.data.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com
0.0.0.0    watson.telemetry.microsoft.com.nsatc.net
0.0.0.0    watson.ppe.telemetry.microsoft.com
0.0.0.0    wes.df.telemetry.microsoft.com
0.0.0.0    vortex-bn2.metron.live.com.nsatc.net
0.0.0.0    vortex-cy2.metron.live.com.nsatc.net
0.0.0.0    watson.live.com
0.0.0.0    watson.microsoft.com
0.0.0.0    feedback.search.microsoft.com

There are 75 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4019986658-3472930921-203088936-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ME\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: YouCam Service => "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /s
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6CD5AE7E-5638-4DBB-AA24-89ED8E9B5798}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{8EA0F9F9-E851-4028-8B11-32008DDBEEBC}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{FE7DB7CA-9C14-44DD-B556-0EDB577A76D6}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{D3BD0727-9CF0-4654-9BD9-5860A81811F1}] => (Allow) C:\Program Files (x86)\Nero\KM\KwikMedia.exe
FirewallRules: [{04ADCABF-9F0C-45B8-9923-9F9E5DDD6583}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CAB2A195-F588-4FFE-A4F8-2CBCA1FDA1B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0C4937A1-BE43-44ED-856A-6EE5BB498E29}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{CFC6F004-1FDD-42AF-8A9B-AF57429DA6A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Empire Total War\Empire.exe
FirewallRules: [{E5E56910-86D5-4467-B5A5-E0395F059D47}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\MissionEditor\MissionGen.exe
FirewallRules: [{F37E14A3-5C77-4C4B-ABB7-62D1FA7B65B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\MissionEditor\MissionGen.exe
FirewallRules: [{1B106B20-422C-4E6D-ADF1-40ED963238EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\MissionEditor\Editor.exe
FirewallRules: [{5966899F-7D94-4D69-8E81-9B4D234245C1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War\MissionEditor\Editor.exe
FirewallRules: [{8095498A-F1E8-46C6-946C-677207CFE0E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{E7A9E44B-7216-4CA4-9CA6-03768724DA3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{3686FFF0-1457-4FF7-8F53-7C7CF904FFDD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the banner saga factions\win32\The Banner Saga Factions.exe
FirewallRules: [{D9D070EC-EC1B-4805-9199-DDAD06E666B2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the banner saga factions\win32\The Banner Saga Factions.exe
FirewallRules: [{9048D7C5-D730-492D-9E33-06D54DCBE331}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{73B46BD7-B6A7-4117-BDF3-9686AE001C23}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{3923D73E-538A-44D9-9004-FC2CD0419971}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King Arthur - The Role-playing Wargame\KingArthur.exe
FirewallRules: [{8D327C4D-9F13-48E0-A6D6-BA37915F739A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King Arthur - The Role-playing Wargame\KingArthur.exe
FirewallRules: [{D2A04C4C-7B1B-48A3-B8A9-353F1FE39242}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King Arthur - The Role-playing Wargame\KingArthurMulti.exe
FirewallRules: [{611363D1-1C01-4AF9-B6A9-B52B28034887}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\King Arthur - The Role-playing Wargame\KingArthurMulti.exe
FirewallRules: [{B8AF865D-F91F-40BD-BD87-483B44880D9E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D95A0269-A7AB-4E7B-8627-8BE60B51230F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F5F0854C-1CAA-48B9-A7EC-EC65A2EBC7E5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commander  The Great War\autorun.exe
FirewallRules: [{C4FF0B8D-7334-491D-9AC7-35E3CD427B58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Commander  The Great War\autorun.exe
FirewallRules: [{6AB69436-F211-422E-A984-AC0429EED8EA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{F0C03016-AF5D-4547-BA0F-65445FD29492}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\medieval2.exe
FirewallRules: [{8B64122D-F769-43F2-9092-DFB638DB9C21}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pox Nora\jre\bin\javaw.exe
FirewallRules: [{EB2AB623-2214-4F6A-BA06-BE714615F3E8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pox Nora\jre\bin\javaw.exe
FirewallRules: [{E0C1FB06-76A9-453F-905C-6683E33C4F01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War 2 Africa 1943\MissionEditor\MissionGen.exe
FirewallRules: [{E8FE66F6-7E02-47ED-BA77-3D262502FCBC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War 2 Africa 1943\MissionEditor\MissionGen.exe
FirewallRules: [{8E8EF0DA-2776-461A-843B-34A6B88DFAF9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War 2 Africa 1943\MissionEditor\Editor.exe
FirewallRules: [{EFCAB2AE-0A1D-48A5-8D31-1697D81866AE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Theatre of War 2 Africa 1943\MissionEditor\Editor.exe
FirewallRules: [{DFB5AD75-1B4F-43A3-906C-496FCDD73A42}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{8D4D5E78-374B-4B74-9FA2-6C98A9C5031E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{C59A5C1A-30F7-409A-BE48-D61EA1817337}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\Launcher.exe
FirewallRules: [{80F6F49C-C712-41D0-B085-A6DABF85B7DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\Launcher.exe
FirewallRules: [{964BB058-7009-44B6-97CC-24A76D2DAF01}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\Launcher.exe
FirewallRules: [{52435EF2-BF09-4A13-95D4-8BB04AD12CBF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Medieval II Total War\Launcher.exe
FirewallRules: [{D09436C2-2BD2-4416-A86A-690F81627A73}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS4BF5\hppiw.exe
FirewallRules: [{4FDEC4D9-1EEF-46C8-AA4C-994A57BF38A7}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS4BF5\hppiw.exe
FirewallRules: [{0010DF49-0468-42E1-84D6-9335C4AD75C4}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS51D3\HPDiagnosticCoreUI.exe
FirewallRules: [{C6C0BF4C-7E3E-4736-B1DE-A5280D021449}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS51D3\HPDiagnosticCoreUI.exe
FirewallRules: [{1BB6A6CD-EFC3-465D-8C08-AB0F0BB7B256}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{05A27202-65BA-46BD-B9D0-4C1C321868CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{8C85E951-0E29-4075-B3BE-F9CFB6DD07B8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{525BDDAF-D01A-436E-AF7D-96AF7E92BE7F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{34CFE84E-A01F-48AC-9D3A-4C1A614DFC6E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{9D4CD3A5-4601-4539-989D-F82806EA26E3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8559D742-A9AD-42D9-AE85-9FE00978F1E1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{B56D7E74-402D-4AA7-8F40-C3484D5AF3C5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{F54EEA1F-392A-4438-9795-1FC148E2C671}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{99B66754-1AD5-4BBD-B91E-828FF36A6EBF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{C2A6CB66-4E30-47DE-8929-F9E75713BAC0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{E2341D56-AC01-420B-ABDA-88E6B8F685E9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9B7F1A67-EA61-4C42-A3AA-835BBBFC3BEC}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{D2B21769-2C4F-486E-B548-189397294E7A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{9413028B-4C92-4C72-A09C-5006B94F85F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{9BB26CC1-6063-4BDF-8D08-99C9EFA66A56}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{F3A0FCFE-19E0-4642-AF5D-4570D7534BFA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{1024EF73-0846-4894-8D8A-50821B4A5005}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{006E006E-47BB-45E1-84BE-9D89C70875DE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{A29F345B-A7D3-417C-86BF-AA73CA653652}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{79449005-8AB8-4BAC-A32E-27CD398A15F2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{D63DFB47-7C37-49EE-8BF1-DEAC2C1B6243}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{8DB1C334-1BF3-4666-AA8F-0F720CA690AB}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{FE89D1AF-109E-4627-AD45-95A2F34212BA}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{8A9414C5-EE9A-4D48-9310-CF94D442A5CB}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS408C\HPDiagnosticCoreUI.exe
FirewallRules: [{0825CDC7-1DFA-42A6-B99B-C7EAD2521569}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS408C\HPDiagnosticCoreUI.exe
FirewallRules: [{E6E7A114-4241-4891-8E6F-63532BA73336}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS5C4B\HPDiagnosticCoreUI.exe
FirewallRules: [{28B065AC-3041-4DE7-A8C8-3EC1E2C3FF5D}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS5C4B\HPDiagnosticCoreUI.exe
FirewallRules: [{459A8E19-76E9-49B5-9199-96BA41DF5682}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS5C90\HPDiagnosticCoreUI.exe
FirewallRules: [{7C4D2C24-B66B-4DCA-A48C-D315C71CBDC0}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS5C90\HPDiagnosticCoreUI.exe
FirewallRules: [{AECA4AC0-BFA4-49FD-BBE7-79152A146BF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2011B99E-1DCB-4DA7-B60B-7C27EED04568}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EDD57314-CA01-4472-8259-F1E7970C6F2B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C5063436-187E-4D54-98A6-B5D0EB2CD604}] => (Allow) LPort=2869
FirewallRules: [{7649778A-2284-4843-ABCB-49379569B8BE}] => (Allow) LPort=1900
FirewallRules: [{756F6E2B-C3FA-40E1-A3AD-60CAAD37659D}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0255107F-737F-4450-AD16-6D155887316D}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\devenv.exe
FirewallRules: [{A79354C1-91C1-4D5C-923A-2993F8A0E7C1}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS7C6B\HPDiagnosticCoreUI.exe
FirewallRules: [{765B3907-D4F7-4404-A029-4B550ED5B390}] => (Allow) C:\Users\ME\AppData\Local\Temp\7zS7C6B\HPDiagnosticCoreUI.exe
FirewallRules: [{D9ADBDA7-0AD6-4B32-86F3-AB1ACB33E238}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pike & Shot Campaigns\autorun.exe
FirewallRules: [{DF506998-4EFA-4BA3-97C8-DDC2A6726230}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pike & Shot Campaigns\autorun.exe
FirewallRules: [{CA7992E2-C465-43C4-8CAB-42101E4C83AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1C38F5D3-4D40-45E1-A6A8-2F2E976897F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starters Orders 6\so6.exe
FirewallRules: [{C22A2A8B-A750-4429-A260-AFC2BD07FBC1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Starters Orders 6\so6.exe
FirewallRules: [{169E630D-1745-4A0E-A9AA-FDE9EF858D50}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{AB28287B-F45B-45A7-9E12-63493DD99AF2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization III Complete\Conquests\Civ3Conquests.exe
FirewallRules: [{787C5E92-E5C3-4E71-BF0D-07C52A38E621}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8BitArmies\ClientLauncherG.exe
FirewallRules: [{533AAF4C-C8E0-4829-B5C3-BB4C4D45D569}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\8BitArmies\ClientLauncherG.exe
FirewallRules: [{AD540EC2-86AE-4EE6-9A96-79E87B6027C0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A641B576-1CA3-4DC2-99CD-B89B2452FB41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sovereignty Crown of Kings\autorun.exe
FirewallRules: [{BAC34CDC-D754-4C70-ABE1-4E2180B49228}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sovereignty Crown of Kings\autorun.exe

==================== Restore Points =========================

18-08-2016 23:26:25 Installed Intel® Processor Identification Utility
18-08-2016 23:58:32 Intel® Driver Update Utility
19-08-2016 00:41:41 Before Intel HD Graphics install
19-08-2016 00:55:07 Intel® Driver Update Utility
19-08-2016 00:56:34 Removed Intel® Processor Identification Utility
19-08-2016 01:19:39 before update realtek driver
19-08-2016 01:22:44 Removed Realtek High Definition Audio Driver
19-08-2016 01:27:16 Installed Realtek High Definition Audio Driver
27-08-2016 00:45:43 Scheduled Checkpoint
03-09-2016 10:46:07 Scheduled Checkpoint
04-09-2016 02:27:00 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
04-09-2016 02:27:24 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030

==================== Faulty Device Manager Devices =============

Name: FJ Camera
Description: FJ Camera
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Sonix
Service: SNP2UVC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/04/2016 02:46:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/03/2016 01:55:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SC-WWII Global Conflict.exe, version: 0.0.0.0, time stamp: 0x4ee77b80
Faulting module name: SC-WWII Global Conflict.exe, version: 0.0.0.0, time stamp: 0x4ee77b80
Exception code: 0xc0000005
Fault offset: 0x00a35243
Faulting process id: 0x189c
Faulting application start time: 0x01d205e1992b7120
Faulting application path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict\SC-WWII Global Conflict.exe
Faulting module path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict\SC-WWII Global Conflict.exe
Report Id: aba9c0f9-71d5-11e6-9d40-84a6c81683b5

Error: (09/03/2016 01:01:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/03/2016 04:46:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SC-WWII Global Conflict.exe, version: 0.0.0.0, time stamp: 0x4ee77b80
Faulting module name: SC-WWII Global Conflict.exe, version: 0.0.0.0, time stamp: 0x4ee77b80
Exception code: 0xc0000005
Fault offset: 0x00a35243
Faulting process id: 0x700
Faulting application start time: 0x01d205937fd81a2b
Faulting application path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict\SC-WWII Global Conflict.exe
Faulting module path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict\SC-WWII Global Conflict.exe
Report Id: 06ef5efb-7189-11e6-8900-84a6c81683b5

Error: (09/03/2016 01:51:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SC-WWII Global Conflict GOLD.exe, version: 0.0.0.0, time stamp: 0x519bbbf0
Faulting module name: SC-WWII Global Conflict GOLD.exe, version: 0.0.0.0, time stamp: 0x519bbbf0
Exception code: 0xc0000005
Fault offset: 0x00bfb913
Faulting process id: 0x1538
Faulting application start time: 0x01d2057cfd9675c7
Faulting application path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict GOLD\SC-WWII Global Conflict GOLD.exe
Faulting module path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict GOLD\SC-WWII Global Conflict GOLD.exe
Report Id: 86561923-7170-11e6-8900-84a6c81683b5

Error: (09/03/2016 01:37:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SC-WWII Global Conflict.exe, version: 0.0.0.0, time stamp: 0x4ee77b80
Faulting module name: SC-WWII Global Conflict.exe, version: 0.0.0.0, time stamp: 0x4ee77b80
Exception code: 0x40000015
Fault offset: 0x00007a22
Faulting process id: 0x1440
Faulting application start time: 0x01d2057b0e71c24d
Faulting application path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict\SC-WWII Global Conflict.exe
Faulting module path: C:\Program Files (x86)\Battlefront\Strategic Command WWII Global Conflict\SC-WWII Global Conflict.exe
Report Id: 96408d95-716e-11e6-8900-84a6c81683b5

Error: (09/02/2016 01:20:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/01/2016 01:45:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/31/2016 01:21:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (08/30/2016 06:10:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.18741, time stamp: 0x54d036f1
Faulting module name: ntdll.dll, version: 6.1.7601.19110, time stamp: 0x568429e5
Exception code: 0xc0000005
Fault offset: 0x000000000004ac04
Faulting process id: 0xc8c
Faulting application start time: 0x01d202e15fa38a41
Faulting application path: C:\Windows\system32\AUDIODG.EXE
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: a72a34a6-6ed4-11e6-8927-84a6c81683b5


System errors:
=============
Error: (09/01/2016 01:46:52 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (08/31/2016 01:21:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%-2147196306

Error: (08/26/2016 03:57:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%-2147196306

Error: (08/24/2016 12:16:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/24/2016 12:16:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/21/2016 12:10:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%-2147196306

Error: (08/20/2016 08:59:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated with the following error:
%%-2147196306

Error: (08/17/2016 02:54:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/17/2016 02:54:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

Error: (08/13/2016 11:14:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


CodeIntegrity:
===================================
  Date: 2016-09-03 04:37:29.060
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-09-03 04:37:29.054
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_47662a2706182d6f\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-09-03 04:37:24.995
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-09-03 04:37:24.988
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_96f694b33cfd42bf\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-09-03 04:37:20.443
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-09-03 04:37:20.436
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingfaults_31bf3856ad364e35_10.0.10074.1_none_f3153036f55ab3f5\werfault.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-09-03 04:37:20.194
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-09-03 04:37:20.189
  Description: Windows is unable to verify the integrity of the file \Device\HarddiskVolume2\$Windows.~BT\Updates\Critical\8e08ca47-f6ba-409d-82de-698e324c0004\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10074.1_none_a384c5aabe759ea5\wermgr.exe because the signing certificate has been revoked.  Check with the publisher to see if a new signed version of the kernel module is available.

  Date: 2016-08-19 01:16:41.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-19 00:48:14.592
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B960 @ 2.20GHz
Percentage of memory in use: 20%
Total physical RAM: 16237.63 MB
Available physical RAM: 12971.8 MB
Total Virtual: 32473.46 MB
Available Virtual: 29148.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.54 GB) (Free:474.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 1BAB77D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

-------------------------------------------------------------------------



#4 thedillinger

thedillinger
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 04 September 2016 - 03:37 PM

note i have not updated windows in a while, i have set windows update to disabled.



#5 thedillinger

thedillinger
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 04 September 2016 - 05:27 PM

i just ran malwarebytes anti-malware and saved the log this time, nothing found...

 

------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/09/2016
Scan Time: 22:56
Logfile: malwarebytes report.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.04.08
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ME

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 408118
Time Elapsed: 24 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

------------------------------------------------------



#6 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:06 AM

Posted 09 September 2016 - 02:37 PM

Hi thedilinger & Welcome to the forums ^_^,


I would be helping you with your computer problems. Right now, I am a trainee at the Bleeping Computer Malware Removal Study Hall.
I am Pranav and now that we are friends, I would like to call you by your first name if that is fine with you  :hug:

All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

While you wait for further instructions, kindly do not run any additional tools as that might complicate the process of fixing your computer and cause delays.

Have a nice day!

Regards,
Pranav 


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#7 thedillinger

thedillinger
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 09 September 2016 - 06:45 PM

Hi Pranav, my name is Mark nice to meet you.  What you said sounds fine with me, thanks.

 

please note that i do not know whether i have a real infection or if the detections were false positives.

 

ive been thinking and what i could have done would be to contact the anti-virus makers who found the infections and send a sample file of the possible viruses for them to tell me if it is a false positive or a real infection.  I did ask one company already.

 

as it stands i have been using my computer as normal in the hopes that i am not infected.  i looked at the virus total information here...

 

https://www.virustotal.com/en/file/727654bdcd2d2911cef14c9c1ba161309a2e3d260bf58c77a406e218be886e26/analysis/

 

under the relationships tab then under "Execution parents" & "PE resource-wise parents"

 

on clicking these i found out that the possible infected runservice.exe is part of the eLicPatch.exe file which was digitally signed by Viatech Technologies Inc.

 

so with this information i am assuming i am not infected however i am willing to take any further steps you request.

 

 

 
 


#8 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:06 AM

Posted 11 September 2016 - 03:47 AM

Hi Mark ^_^,


Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

Let's begin!

 


The log files provided by you appear to be clean. The files which are detected by the MetaDefender are harmless. This means that they are false positives and you should not worry about your system being infected. Furthermore, the rest of the logs like from MBAM are clean so I don't think that your system is infected as of now.
 
But, I would still like you to follow the below instructions to give me an AdwCleaner log -
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner. 

 

 

Also, I would like to know why you have disabled Windows Update. Asking because disabling Windows Update is seriously not recommended because then you won't get the security patches which can open your system to different security problems.
 
 
Let me know in case of any problem.
 
 
Have a nice day!
 
Regards,
Pranav


Edited by blueelvis, 11 September 2016 - 03:47 AM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#9 thedillinger

thedillinger
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 11 September 2016 - 04:45 PM

HI, i have disabled windows update and removed some updates because of windows spying in windows 7, 8, 10.  the microsoft updates they rolled out to spy on everything you do on your pc, everything!  i will not eneble windows update.  i also use spybot anti-beacon because of this.  although i may have stopped windows spying as of now who knows what other spying updates they may send in patches in the future.  i will take my chances thanks.

 

 

log file for adwcleaner...

 

----------------------------------------------------------------------------

# AdwCleaner v6.010 - Logfile created 11/09/2016 at 22:41:13
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-11.2 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : ME - PC1880278
# Running from : C:\Users\ME\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1025 Bytes] - [13/08/2016 23:11:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [1191 Bytes] - [13/08/2016 23:10:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [1132 Bytes] - [11/09/2016 22:41:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1205 Bytes] ##########

---------------------------------------------------------------------------------------



#10 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:06 AM

Posted 12 September 2016 - 09:05 AM

Hi thedilinger ^_^,

 

 

The Adwcleaner log file is clean. I don't see a sign of your system being infected as of now.

 

 

HI, i have disabled windows update and removed some updates because of windows spying in windows 7, 8, 10.  the microsoft updates they rolled out to spy on everything you do on your pc, everything!  i will not eneble windows update.  i also use spybot anti-beacon because of this.  although i may have stopped windows spying as of now who knows what other spying updates they may send in patches in the future.  i will take my chances thanks.

 

 

I respect your view of protecting your privacy. But, like I said please keep in mind that this will deprive your Windows installation of the future Windows Updates. This will open up your system to security vulnerabilities and reduce system stability (As Windows Update also provides Driver Updates from time to time) in the long run.

 

 

Your machine appears clean!

Are you having any additional problems at this point? If so, please let me know. Otherwise feel free to enjoy use of your repaired machine   :thumbup2:

 
bwebb7v.jpgDownload Delfix from here and save it to your desktop.
  • Ensure Remove disinfection tools is checked.
  • Also place a checkmark next to:
  • Create registry backup
  • Purge system restore
 
delfix.jpg
  • Click the Run button.
 
When the tool is finished, a log will open in notepad. Please copy and paste the log in your next reply.


The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.


The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.


Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows XP SP2 or later is fine) and leaving it on, and using and keeping up to date an antivirus solution such as Norton AntiVirus. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • AVG (slightly poorer performance as of late)

 

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware use to infect your computer, consider browsing our How did I get infected? topic.

 

 

Have a nice day!

 

Regards,

Pranav


Edited by blueelvis, 12 September 2016 - 09:05 AM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#11 thedillinger

thedillinger
  • Topic Starter

  • Members
  • 114 posts
  • OFFLINE
  •  
  • Local time:04:36 AM

Posted 13 September 2016 - 10:33 AM

thx for your help Pranav, i read what you said.

 

i donated already.

 

goodbye :)

 

 

# DelFix v1.013 - Logfile created 13/09/2016 at 16:28:17
# Updated 17/04/2016 by Xplode
# Username : ME - PC1880278
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\ME\Desktop\AdwCleaner.exe
Deleted : C:\Users\ME\Desktop\FRST64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #449 [Installed Intel® Processor Identification Utility | 08/18/2016 22:26:25]
Deleted : RP #450 [Intel® Driver Update Utility | 08/18/2016 22:58:32]
Deleted : RP #451 [Before Intel HD Graphics install | 08/18/2016 23:41:41]
Deleted : RP #452 [Intel® Driver Update Utility | 08/18/2016 23:55:07]
Deleted : RP #453 [Removed Intel® Processor Identification Utility | 08/18/2016 23:56:34]
Deleted : RP #454 [before update realtek driver | 08/19/2016 00:19:39]
Deleted : RP #455 [Removed Realtek High Definition Audio Driver | 08/19/2016 00:22:44]
Deleted : RP #456 [Installed Realtek High Definition Audio Driver | 08/19/2016 00:27:16]
Deleted : RP #457 [Scheduled Checkpoint | 08/26/2016 23:45:43]
Deleted : RP #458 [Scheduled Checkpoint | 09/03/2016 09:46:07]
Deleted : RP #459 [Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 | 09/04/2016 01:27:00]
Deleted : RP #460 [Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 | 09/04/2016 01:27:24]
Deleted : RP #461 [Scheduled Checkpoint | 09/11/2016 17:29:20]

New restore point created !

########## - EOF - ##########
 



#12 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:06 AM

Posted 13 September 2016 - 11:01 AM

Hi thedilinger,

 


thx for your help Pranav, i read what you said.

 

i donated already.

 

goodbye  :)

Thanks a lot and have a nice day :)

 

My instructor will now close this topic.

 

 

 

-Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 PM

Posted 13 September 2016 - 02:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users