Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't remove PUP "MCP Cleaner" after removing adware


  • Please log in to reply
9 replies to this topic

#1 Perfectide

Perfectide

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 04 February 2016 - 07:38 PM

Hello, after installing a program from an un-trusted source my computer has been infected with some viruses and adware which after running rkill, Junkware Removal Tool, AdwCleaner and MalwareBytes most were gone. I did run those without any supervision and I can't remove a PUP called MPC Cleaner so I need some help. If any logs are needed just ask. Thanks in advance.


Edited by Perfectide, 04 February 2016 - 07:40 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 04 February 2016 - 07:47 PM

Hi Perfectide :)

My name is Aura and I'll be assisting you with your issue. Can you provide the logs from the AdwCleaner, JRT, Malwarebytes and RKill scans please?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 04 February 2016 - 08:01 PM

Here is the first AdwCleaner log

 

# AdwCleaner v5.032 - Logfile created 04/02/2016 at 14:46:57
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Lucio - LUCIOPC
# Running from : C:\Users\Lucio\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : Updater
[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
[-] Service Deleted : REACHit
[-] Service Deleted : cosecugyzbt
[-] Service Deleted : wucotusy
[-] Service Deleted : zutuzuni
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[-] Folder Deleted : C:\Program Files\REACHit
[-] Folder Deleted : C:\Program Files (x86)\Genius
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro
[-] Folder Deleted : C:\Program Files (x86)\E46AB3C0-1454605410-11D5-AE67-C86000D13964
[-] Folder Deleted : C:\Program Files (x86)\ospd_us_013010228
[!] Folder Not Deleted : C:\Program Files (x86)\ospd_us_013010228
[-] Folder Deleted : C:\Program Files (x86)\SpaceSondPro_v53.12704
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY
[-] Folder Deleted : C:\Users\Lucio\AppData\Local\eSupport.com
[-] Folder Deleted : C:\Users\Lucio\AppData\Local\ospd_us_013010228
[!] Folder Not Deleted : C:\Users\Lucio\AppData\Local\ospd_us_013010228
[-] Folder Deleted : C:\Users\Lucio\AppData\Local\E46AB3C0-1454594694-11D5-AE67-C86000D13964
[-] Folder Deleted : C:\Users\Lucio\AppData\Local\Temp\MPC
[-] Folder Deleted : C:\Users\Lucio\AppData\Roaming\VOPackage
[-] Folder Deleted : C:\Users\Lucio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpaceSoundPro 1.0
[-] Folder Deleted : C:\Users\Lucio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Updater
 
***** [ Files ] *****
 
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
[-] File Deleted : C:\Users\Lucio\Desktop\SpaceSoundPro.lnk
[-] File Deleted : C:\Users\Public\Desktop\MPC Cleaner.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ospd_us_013010228]
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7D3C47ED-E0BE-4940-9DDA-A7A097AEBD88}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5013A5D0-34A9-489F-BF9A-3A0E34D8902B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B43F10EC-BD1C-48D5-A123-3DCA3321C187}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0DC81A74-1FBD-4EF6-82B2-DE3FA05E8233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1B26E4A2-7F09-4365-9AB8-13E6891E42CB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{21402197-BB5B-476C-AA1D-3FFED8ED813A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{42E8D680-A18B-4CAA-ACE0-18EA05E4A056}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{454A4044-16EC-4D64-9069-C5B8832B7B55}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4FEB1BAD-35AD-4A08-B6EC-E6D832F1ED4D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8F2B3016-17D4-447A-B207-FFA8957A834A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E66B63B0-49F8-47E3-A9BA-799287B59E87}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F8FA5B48-B7A2-4BC6-8389-9587643A4660}
[-] Key Deleted : HKCU\Software\eSupport.com
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKCU\Software\tstamptoken
[-] Key Deleted : HKCU\Software\Tutorials
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKLM\SOFTWARE\downchecker
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\ONESOFTPERDAY
[-] Key Deleted : HKLM\SOFTWARE\SpaceSondPro
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C42C5197-0EE9-4940-893B-F4EF047DFF0F}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdater
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_013010228_is1
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ospd_us_013010228_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\downchecker
[-] Key Deleted : [x64] HKLM\SOFTWARE\SpaceSoundPro
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpaceSoundPro
[!] Key Not Deleted : HKU\S-1-5-21-2721185343-3989965362-117390667-1001\Software\eSupport.com
[!] Key Not Deleted : HKU\S-1-5-21-2721185343-3989965362-117390667-1001\Software\Microsoft\Tinstalls
[!] Key Not Deleted : HKU\S-1-5-21-2721185343-3989965362-117390667-1001\Software\OB
[!] Key Not Deleted : HKU\S-1-5-21-2721185343-3989965362-117390667-1001\Software\tstamptoken
[!] Key Not Deleted : HKU\S-1-5-21-2721185343-3989965362-117390667-1001\Software\Tutorials
[!] Key Not Deleted : HKU\S-1-5-21-2721185343-3989965362-117390667-1001\Software\TutoTag
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AnVir.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCleaner64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRST.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRST64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegWorks.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSITx64.exe
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoLogger.exe
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce [IOPROTECT]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SpaceSoundPro]
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : greenfish-subtitle-player.en.softonic.com
[-] [C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.istartsurf.com/webfavicon.ico
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8291 bytes] ##########
 
 
 
 
 
 
This is a second one I run after not being able to remove the PUP
# AdwCleaner v5.032 - Logfile created 04/02/2016 at 15:21:13
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Lucio - LUCIOPC
# Running from : C:\Users\Lucio\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\REACHit
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\Updater
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\MPC Cleaner.lnk
[-] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\MPC
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Lucio\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : greenfish-subtitle-player.en.softonic.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1267 bytes] ##########
 
MalwareBytes
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/2/2016
Scan Time: 3:01:13 PM
Logfile: MBAM LOG.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.11.05
Rootkit Database: v2015.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Lucio
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 426400
Time Elapsed: 17 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Somoto.C, C:\Users\Lucio\AppData\Local\Temp\nsg6B2A.tmp, Quarantined, [333e2c8d8208fb3b1768e99255b1916f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
This is MalwareBytes Daily Protection Log
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 4/2/2016 3:01:08 PM, SYSTEM, LUCIOPC, Protection, Malware Protection, Starting, 
Protection, 4/2/2016 3:01:08 PM, SYSTEM, LUCIOPC, Protection, Malware Protection, Started, 
Protection, 4/2/2016 3:01:08 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Starting, 
Protection, 4/2/2016 3:01:09 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Started, 
Update, 4/2/2016 3:02:47 PM, SYSTEM, LUCIOPC, Scheduler, Remediation Database, 2015.5.13.1, 2016.2.2.1, 
Update, 4/2/2016 3:02:47 PM, SYSTEM, LUCIOPC, Scheduler, Rootkit Database, 2015.6.2.1, 2016.1.20.1, 
Update, 4/2/2016 3:02:47 PM, SYSTEM, LUCIOPC, Scheduler, IP Database, 0.0.0.0, 2016.2.4.2, 
Update, 4/2/2016 3:02:49 PM, SYSTEM, LUCIOPC, Scheduler, Domain Database, 0.0.0.0, 2016.2.4.6, 
Update, 4/2/2016 3:03:14 PM, SYSTEM, LUCIOPC, Scheduler, program, 2.1.6.1022, 2.2.0.0, 
Update, 4/2/2016 3:03:30 PM, SYSTEM, LUCIOPC, Scheduler, Malware Database, 2015.6.11.5, 2016.2.4.4, 
Protection, 4/2/2016 3:03:30 PM, SYSTEM, LUCIOPC, Protection, Refresh, Starting, 
Protection, 4/2/2016 3:03:30 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Stopping, 
Protection, 4/2/2016 3:03:31 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Stopped, 
Protection, 4/2/2016 3:03:36 PM, SYSTEM, LUCIOPC, Protection, Refresh, Success, 
Protection, 4/2/2016 3:03:36 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Starting, 
Protection, 4/2/2016 3:03:37 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Started, 
Update, 4/2/2016 3:04:41 PM, SYSTEM, LUCIOPC, Scheduler, program, 2.1.6.1022, 2.2.0.0, 
Detection, 4/2/2016 3:05:48 PM, SYSTEM, LUCIOPC, Protection, Malware Protection, File, PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC CLEANER\MPCSAFEDLL64.DLL, Quarantine Failed, 5, Access is denied.  , [783c86d6abee1323dfba805ecc35cc34]
Detection, 4/2/2016 3:09:47 PM, Lucio, LUCIOPC, Protection, Malware Protection, File, PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCNews.exe, Quarantine Failed, 5, Access is denied.  , [268e23392871cc6a2f6a38a636cb44bc]
Scan, 4/2/2016 3:19:08 PM, SYSTEM, LUCIOPC, Context, Start:4/2/2016 3:01:13 PM, Duration:17 min 44 sec, Threat Scan, Completed, 0 Malware Detections, 1 Non-Malware Detection, 
Detection, 4/2/2016 3:19:17 PM, Lucio, LUCIOPC, Protection, Malware Protection, File, PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC CLEANER\MPCSAFEDLL.DLL, Quarantine Failed, 5, Access is denied.  , [c8ecc597dcbd89ad4059a6380df4a957]
Detection, 4/2/2016 3:19:21 PM, SYSTEM, LUCIOPC, Protection, Malware Protection, File, PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Quarantine Failed, 5, Access is denied.  , [c8ecc597dcbd89ad4059a6380df4a957]
Protection, 4/2/2016 9:53:11 PM, SYSTEM, LUCIOPC, Protection, Malware Protection, Starting, 
Protection, 4/2/2016 9:53:11 PM, SYSTEM, LUCIOPC, Protection, Malware Protection, Started, 
Protection, 4/2/2016 9:53:11 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Starting, 
Protection, 4/2/2016 9:53:12 PM, SYSTEM, LUCIOPC, Protection, Malicious Website Protection, Started, 
 
(end)
 
 


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 04 February 2016 - 08:05 PM

Alright, follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 04 February 2016 - 08:08 PM

Is this it?
 
MiniToolBox by Farbar  Version: 03-02-2016 01
Ran by Lucio (administrator) on 04-02-2016 at 22:06:35
Running from "C:\Users\Lucio\Downloads"
Microsoft Windows 10 Home  (X64)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 practivate.adobe.com 
127.0.0.1 activate.adobe.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
========================= IP Configuration: ================================
 
Qualcomm Atheros AR5007G Wireless Network Adapter = Wireless Network Connection (Connected)
VPN Client Adapter - VPN = VPN - VPN Client (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Hardware not present)
Evolve Virtual Ethernet Adapter = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
add route prefix=255.255.255.255/32 interface="Ethernet" nexthop=0.0.0.0 metric=1 publish=No
add route prefix=224.0.0.0/4 interface="Ethernet" nexthop=0.0.0.0 metric=1 publish=No
add route prefix=0.0.0.0/0 interface="Wireless Network Connection" nexthop=192.168.1.1 publish=Yes
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="Wireless Network Connection" address=192.168.1.200 mask=255.255.255.0
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : LucioPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Evolve Virtual Ethernet Adapter
   Physical Address. . . . . . . . . : 00-00-D9-CD-BD-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR5007G Wireless Network Adapter
   Physical Address. . . . . . . . . : D8-5D-4C-C7-9E-35
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::944e:60d0:bd35:a39a%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 198729036
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-B1-DC-24-D8-5D-4C-C7-9E-35
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{578A92F4-A13A-4D95-ABE7-B5CFF082B7EF}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:c52:19b2:4ae3:6ff3(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c52:19b2:4ae3:6ff3%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-B1-DC-24-D8-5D-4C-C7-9E-35
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
DNS request timed out.
    timeout was 2 seconds.
Name:    google.com
Address:  2800:3f0:4002:802::1006
 
 
Pinging google.com [173.194.42.72] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 173.194.42.72:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...00 00 d9 cd bd a7 ......Evolve Virtual Ethernet Adapter
  9...d8 5d 4c c7 9e 35 ......Qualcomm Atheros AR5007G Wireless Network Adapter
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.200    281
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.200    281
    192.168.1.200  255.255.255.255         On-link     192.168.1.200    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.200    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.200    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.200    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
  255.255.255.255  255.255.255.255         On-link        1
        224.0.0.0        240.0.0.0         On-link        1
          0.0.0.0          0.0.0.0      192.168.1.1  Default 
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:9d38:6ab8:c52:19b2:4ae3:6ff3/128
                                    On-link
  9    281 fe80::/64                On-link
 10    306 fe80::/64                On-link
 10    306 fe80::c52:19b2:4ae3:6ff3/128
                                    On-link
  9    281 fe80::944e:60d0:bd35:a39a/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog5 08 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/04/2016 09:14:49 PM) (Source: Windows Search Service) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-2721185343-3989965362-117390667-1001}/">.
 
Error: (02/04/2016 08:50:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7e0
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540c3b
Exception code: 0xc0000409
Fault offset: 0x00000000000950f7
Faulting process id: 0x10f4
Faulting application start time: 0xRuntimeBroker.exe0
Faulting application path: RuntimeBroker.exe1
Faulting module path: RuntimeBroker.exe2
Report Id: RuntimeBroker.exe3
Faulting package full name: RuntimeBroker.exe4
Faulting package-relative application ID: RuntimeBroker.exe5
 
Error: (02/04/2016 01:48:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: twinui.appcore.dll, version: 10.0.10586.11, time stamp: 0x56457778
Exception code: 0x80270233
Fault offset: 0x0000000000166be4
Faulting process id: 0xfd8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (02/04/2016 01:48:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.10586.0, time stamp: 0x5632d7f9
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540c3b
Exception code: 0xc0000409
Fault offset: 0x00000000000950f7
Faulting process id: 0xd28
Faulting application start time: 0xsihost.exe0
Faulting application path: sihost.exe1
Faulting module path: sihost.exe2
Report Id: sihost.exe3
Faulting package full name: sihost.exe4
Faulting package-relative application ID: sihost.exe5
 
Error: (02/03/2016 01:55:50 AM) (Source: Application Hang) (User: )
Description: The program svencoop.exe version 1.1.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 127c
 
Start Time: 01d15e35487de98c
 
Termination Time: 65
 
Application Path: D:\Steam\steamapps\common\Sven Co-op\svencoop.exe
 
Report Id: 5b045359-ca32-11e5-9c87-e173ec7fbe1c
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/01/2016 01:00:33 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/29/2016 01:48:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: TheDivision.exe, version: 1.0.0.0, time stamp: 0x56a8f96e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0xbfc
Faulting application start time: 0xTheDivision.exe0
Faulting application path: TheDivision.exe1
Faulting module path: TheDivision.exe2
Report Id: TheDivision.exe3
Faulting package full name: TheDivision.exe4
Faulting package-relative application ID: TheDivision.exe5
 
Error: (01/29/2016 01:00:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.97, time stamp: 0x56a8798c
Faulting module name: chrome.dll, version: 48.0.2564.97, time stamp: 0x56a873a2
Exception code: 0xc0000005
Fault offset: 0x0193ca13
Faulting process id: 0x83c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (01/26/2016 06:41:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: svencoop.exe, version: 1.1.1.1, time stamp: 0x55a6d4dd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x234c
Faulting application start time: 0xsvencoop.exe0
Faulting application path: svencoop.exe1
Faulting module path: svencoop.exe2
Report Id: svencoop.exe3
Faulting package full name: svencoop.exe4
Faulting package-relative application ID: svencoop.exe5
 
Error: (01/26/2016 06:32:42 PM) (Source: Application Error) (User: )
Description: Faulting application name: svencoop.exe, version: 1.1.1.1, time stamp: 0x55a6d4dd
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x1cc4
Faulting application start time: 0xsvencoop.exe0
Faulting application path: svencoop.exe1
Faulting module path: svencoop.exe2
Report Id: svencoop.exe3
Faulting package full name: svencoop.exe4
Faulting package-relative application ID: svencoop.exe5
 
 
System errors:
=============
Error: (02/04/2016 09:10:42 PM) (Source: Service Control Manager) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (02/04/2016 09:10:12 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (02/04/2016 09:10:12 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (02/04/2016 09:10:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/04/2016 09:10:12 PM) (Source: Service Control Manager) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/04/2016 09:10:12 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (02/04/2016 09:10:11 PM) (Source: Service Control Manager) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2016 09:10:11 PM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (02/04/2016 09:10:11 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (02/04/2016 09:10:11 PM) (Source: Service Control Manager) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
Error: (02/04/2016 09:14:49 PM) (Source: Windows Search Service)(User: )
Description: 300x80040d07iehistory://{S-1-5-21-2721185343-3989965362-117390667-1001}/
 
Error: (02/04/2016 08:50:32 PM) (Source: Application Error)(User: )
Description: RuntimeBroker.exe10.0.10586.05632d7e0ntdll.dll10.0.10586.2056540c3bc000040900000000000950f710f401d15fa6cc012e72C:\Windows\System32\RuntimeBroker.exeC:\WINDOWS\SYSTEM32\ntdll.dllcb064a02-1a0f-4310-845a-a69ff9a7fa7d
 
Error: (02/04/2016 01:48:35 PM) (Source: Application Error)(User: )
Description: Explorer.EXE10.0.10586.05632d4c0twinui.appcore.dll10.0.10586.1156457778802702330000000000166be4fd801d15f6bdbadbf73C:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\twinui.appcore.dll2d0b9bec-abc5-4493-b256-56be48bd30d1
 
Error: (02/04/2016 01:48:22 PM) (Source: Application Error)(User: )
Description: sihost.exe10.0.10586.05632d7f9ntdll.dll10.0.10586.2056540c3bc000040900000000000950f7d2801d15f6bd8fe36aaC:\WINDOWS\system32\sihost.exeC:\WINDOWS\SYSTEM32\ntdll.dlleafce3c5-548b-4e5a-b1f9-1963191c786e
 
Error: (02/03/2016 01:55:50 AM) (Source: Application Hang)(User: )
Description: svencoop.exe1.1.1.1127c01d15e35487de98c65D:\Steam\steamapps\common\Sven Co-op\svencoop.exe5b045359-ca32-11e5-9c87-e173ec7fbe1c
 
Error: (02/01/2016 01:00:33 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/29/2016 01:48:26 PM) (Source: Application Error)(User: )
Description: TheDivision.exe1.0.0.056a8f96eunknown0.0.0.000000000c00000050000000000000000bfc01d15ab370d699ddD:\Uplay\Ubisoft Game Launcher\games\Tom Clancy's The Division Beta\TheDivision.exeunknown9e70f632-c75d-4af2-a49f-b6e7c86c8b95
 
Error: (01/29/2016 01:00:34 PM) (Source: Application Error)(User: )
Description: chrome.exe48.0.2564.9756a8798cchrome.dll48.0.2564.9756a873a2c00000050193ca1383c01d15aa891d4a746C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\48.0.2564.97\chrome.dllbd395cde-5d8c-4991-93ef-cd54029a0cf5
 
Error: (01/26/2016 06:41:47 PM) (Source: Application Error)(User: )
Description: svencoop.exe1.1.1.155a6d4ddunknown0.0.0.000000000c000000500000000234c01d158825acb5327D:\Steam\steamapps\common\Sven Co-op\svencoop.exeunknown08b43c3e-eaf8-4289-895e-23bc1ddbf27a
 
Error: (01/26/2016 06:32:42 PM) (Source: Application Error)(User: )
Description: svencoop.exe1.1.1.155a6d4ddunknown0.0.0.000000000c0000005000000001cc401d1588114f54309D:\Steam\steamapps\common\Sven Co-op\svencoop.exeunknown0bbf4b6b-a2b1-406e-91cd-923d72db5186
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-02-04 15:44:37.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 15:17:20.649
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:07:50.247
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:07:50.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:07:50.122
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:07:50.050
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:03:59.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:03:58.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:03:58.316
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-02-04 14:03:57.041
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\{2F881898-5300-4D68-AE46-F5FE074D59AA}) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version:  - Hyper Hippo Productions Ltd.)
Alien Swarm (HKLM-x32\...\Steam App 630) (Version:  - Valve)
Amazing World (HKLM-x32\...\Steam App 293500) (Version:  - Ganz)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Standalone (HKLM\...\{6CA884B4-63F7-4D84-93E7-34846CADE8A7}) (Version: 1.0.0 - Realmware)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BF4 Settings Editor (HKLM\...\{EF4C9459-47DE-4FCD-B9E0-CEB5BA03FC64}) (Version: 1.1 - Realmware)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Blade & Soul (HKLM-x32\...\{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC) Hidden
Blade & Soul (HKLM-x32\...\InstallShield_{C3F383C1-D050-4A40-843F-8171A6A02C3A}) (Version: 1.0.63.237 - NC Interactive, LLC)
Blood of Old (HKLM-x32\...\Steam App 382240) (Version:  - AndrewWatt96)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Brothers - A Tale of Two Sons (HKLM-x32\...\Brothers - A Tale of Two Sons_is1) (Version:  - 505 Games)
Card Hunter (HKLM-x32\...\Steam App 293260) (Version:  - Blue Manchu)
Catalyst Control Center Next Localization BR (HKLM\...\{F2A85DF4-34A7-5034-3B5A-EB0FC3F8D796}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{F8639668-302A-FB27-138A-E6288CA87B4D}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{06B00083-B83A-21D6-9255-9FF06CB8B4C4}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{42D7E7B0-9EEE-5E31-EBBC-F1086E35975B}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{FEBD4D54-1DC0-8D20-F087-F748F74A2892}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{C08167FF-3FCF-184C-4816-17B27DDF8803}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{8C04686B-4CD2-437A-EBC9-A2F7BCC59AF6}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{6B5C681F-1131-96EE-A61A-446A71B317EE}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{80270AB1-A149-A665-5376-9E77326F85B9}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{5F30A4C8-C4E2-07E0-E033-6A6C0312EC8F}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{47E8F873-734A-4DE8-F100-2F5873FE70FF}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{E212C84E-28E1-2A50-DCDD-46150959EA2C}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{B380C2BF-DD26-B46C-31A8-F8D2E9D0FCE6}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{BFF173C1-51F7-18BB-5C69-5D6B409D2258}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E88441E8-DAAA-549F-5E1A-EE2186F4FE13}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{51720535-43C5-14C8-AD11-9AFC90C1BE1C}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC515D14-73BC-7884-F10B-6CB883376A33}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{0A76125F-9253-2898-A19E-4E9940C391BB}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{B9A4242C-FFBE-C2F9-02F2-E571AD2A515E}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{273D87CA-DF2C-52C5-0949-89BC18F8D84D}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{D93A4B45-07B1-5E7C-797E-40BED93B25C0}) (Version: 2015.1223.1060.19763 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version:  - )
Codename CURE (HKLM-x32\...\Steam App 355180) (Version:  - Hoobalugalar_X)
Creativerse (HKLM-x32\...\Steam App 280790) (Version:  - Playful Corporation)
Dark Messiah Of Might And Magic (HKLM-x32\...\Dark Messiah Of Might And Magic_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
DARK SOULS - Prepare To Die Edition (HKLM-x32\...\DARK SOULS - Prepare To Die Edition_is1) (Version:  - )
Din's Curse - Demon War (HKLM-x32\...\Din's Curse: Demon War_is1) (Version: 2.0.0.1 - GOG.com)
Din's Curse (HKLM-x32\...\1207665923_is1) (Version: 2.0.0.1 - GOG.com)
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Discord (HKCU\...\Discord) (Version: 0.0.283 - Hammer & Chisel)
Divinity - Original Sin Enhanced Edition (HKLM-x32\...\1445516929_is1) (Version: 2.0.0.3 - GOG.com)
DRAGON BALL XENOVERSE (HKLM-x32\...\Steam App 323470) (Version:  - DIMPS)
Dragon Nest Europe (HKLM-x32\...\Dragon Nest Europe) (Version:  - )
Dragon's Dogma Online (HKLM-x32\...\{9FB24678-AF65-4B2D-B5B0-88BAFDBC68F0}) (Version: 1.00.0000 - CAPCOM CO., LTD.)
Dropbox (HKCU\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Dungeon Defenders II (HKLM-x32\...\Steam App 236110) (Version:  - Trendy Entertainment)
Eldritch (HKLM-x32\...\Eldritch) (Version:  - )
Eternal Senia (HKLM-x32\...\Steam App 351640) (Version:  - Holy Priest)
Evolve (HKCU\...\evolve_client) (Version: 0.1.17 - Evolve Labs)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
f.lux (HKCU\...\Flux) (Version:  - )
Free Download Manager 3.8 Bittorrent plugin (HKLM-x32\...\Free Download Manager_is1) (Version:  - )
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
GOCCO OF WAR (HKLM\...\R09DQ09PRldBUg==_is1) (Version: 1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Ma螔 H顤z)
Installer (HKLM-x32\...\{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.25 - Oracle Corporation)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Livestreamer 1.12.2 (HKLM-x32\...\Livestreamer) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Maurus Gaming Mouse (HKLM-x32\...\{E5297CC6-DD4E-40F3-BD0A-FB1D085F6751}}_is1) (Version:  - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Metro Last Light Redux v.1.0.0.7.u1 (HKLM-x32\...\Metro Last Light Redux_is1) (Version:  - )
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minion (HKCU\...\{Minion}}_is1) (Version: 2.0 - ZAM Network LLC)
MouseRecorder v1.0.47 (HKLM-x32\...\MouseRecorder_is1) (Version: 1.0.47 - Bartels Media GmbH)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
NGHL (HKLM-x32\...\New Gauge Half-Life [Full]_is1) (Version: 1.34 - rofi)
NINELIVES version 0.21.02 (HKLM-x32\...\{D11CAE55-F492-4996-838C-2C86F66FD0C9}_is1) (Version: 0.21.02 - SmokymonkeyS)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA Cg Toolkit 3.1 April 2012 (HKLM-x32\...\Cg Toolkit_is1) (Version:  - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Old Calculator for Windows 10 (HKLM-x32\...\OldCalcForWin10) (Version: 1.1 - http://winaero.com)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Orborun (HKLM-x32\...\Steam App 308580) (Version:  - Tiny Lab Productions)
Origin (HKLM-x32\...\Origin) (Version: 9.5.11.2855 - Electronic Arts, Inc.)
ORION: Prelude (HKLM-x32\...\Steam App 104900) (Version:  - Spiral Game Studios)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
Pentagram SVN (HKLM-x32\...\Pentagram_is1) (Version:  - The Pentagram Team)
Phantasy Star Online 2: EPISODE 3 (HKLM-x32\...\{38CA1868-3A03-4B5D-93A1-FD6F61D6723A}_is1) (Version:  - SEGA)
PlanetSide 2 (HKCU\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Daybreak Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)
Quintet (HKLM-x32\...\Steam App 340350) (Version:  - Carmine T. Guida)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Rainbow Six Siege - Open Beta (HKLM-x32\...\Uplay Install 1001) (Version:  - Ubisoft)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 6.3.19.0 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Relic Hunters Zero (HKLM-x32\...\Steam App 382490) (Version:  - Rogue Snail)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RivaTuner Statistics Server 6.4.0 (HKLM-x32\...\RTSS) (Version: 6.4.0 - Unwinder)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.8 - Rockstar Games)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
ScpToolkit (HKLM\...\{AC052048-9828-45E3-872B-04CE30A3B58B}) (Version: 1.6.238.16010 - Nefarius Software Solutions)
SDK Debuggers (HKLM-x32\...\{9274C832-3D8A-A294-FDE8-8B9272357098}) (Version: 8.100.26936 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.19.3115.0 - Hi-Rez Studios)
SNOW (HKLM-x32\...\Steam App 244930) (Version:  - Poppermost Productions)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.19.9578 - SoftEther VPN Project)
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version:  - Three Rings)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sven Co-op (HKLM-x32\...\Steam App 225840) (Version:  - Sven Co-op Team)
SWAT 4 - The Stetchkov Syndicate (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.)
SWAT 4 (HKLM-x32\...\SWAT 4) (Version:  - )
Swat Downloader (HKLM-x32\...\Swat Downloader2.4) (Version: 2.4 - VOWS Productions)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
Tom Clancy's Ghost Recon (HKLM-x32\...\Tom Clancy's Ghost Recon_is1) (Version: 2.0.0.6 - Ubisoft Entertainment)
Tom Clancy's Ghost Recon Future Soldier (HKLM-x32\...\Uplay Install 53) (Version:  - Ubisoft)
Tom Clancy's Rainbow 6 VEGAS 2 (HKLM-x32\...\Uplay Install 108) (Version:  - Ubisoft)
Torchlight 2.v 1.25.5.2 + 1 DLC (HKLM-x32\...\Torchlight 2.v 1.25.5.2 + 1 DLC_is1) (Version: Torchlight 2.v 1.25.5.2 + 1 DLC - Repack by Fenixx (01.06.2013))
Trove (HKLM-x32\...\Glyph Trove) (Version:  - Trion Worlds, Inc.)
Ultima 8 (HKLM-x32\...\{428C6B01-D292-46F9-9321-75668ED17DA2}) (Version: 1.0.0.1 - Electronic Arts)
Ultima IX - Ascension (HKLM-x32\...\GOGPACKULTIMA9_is1) (Version: 2.0.0.13 - GOG.com)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 5.3.2f1 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
Victor Vran (HKLM-x32\...\Victor Vran_is1) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)
Warhammer: End Times - Vermintide (HKLM-x32\...\Steam App 235540) (Version:  - Fatshark)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation)
WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)
 
========================= Devices: ================================
 
Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Device ID: ROOT\NET\0001
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\4&26F2FC68&0&0020
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 36%
Total physical RAM: 8174.11 MB
Available physical RAM: 5220.06 MB
Total Virtual: 16366.11 MB
Available Virtual: 13553.89 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:99.56 GB) (Free:49.07 GB) NTFS
2 Drive d: () (Fixed) (Total:831.41 GB) (Free:266.15 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\LUCIOPC
 
Administrator            DefaultAccount           Guest                    
Lucio                    
 
 
**** End of log ****


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 04 February 2016 - 08:35 PM

Hum... If you go in the C:\Program Files (x86)\MPC Cleaner folder, do you see a file called setup.exe, uninstall.exe, uninst.exe or unins.exe?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 04 February 2016 - 08:48 PM

Uninstalled, there are some leftover files I cannot delete "without permission" and upon opening chrome I am now being redirected to http://search.mpc.am/. On a side note there's no more MPC Cleaner processes since uninstalled and a restart, so that's good!


Edited by Perfectide, 04 February 2016 - 08:50 PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 04 February 2016 - 08:51 PM

Leftovers files related to MPC? Also, you can reset your Google Chrome if you want, that should get rid of the redirections. Make sure that your Google account is connected to Chrome so everything will be sync'd back after the reset.

http://www.howtogeek.com/171924/how-to-reset-your-web-browser-to-its-default-settings/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Perfectide

Perfectide
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:36 AM

Posted 04 February 2016 - 08:55 PM

Yes the leftover files are MPC related, an "UninstDelete" exe which i'm not sure I want to run and 4 .dlls.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:36 AM

Posted 04 February 2016 - 09:06 PM

I would run it, it seems to be a file that will delete all the remaining ones.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users