Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of MPC


  • Please log in to reply
25 replies to this topic

#1 jmhoffer

jmhoffer

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 19 August 2016 - 05:43 PM

Unfortunately, for the first time in my experiences with torrenting, I managed to accidentally download a massive cache of malware, adware and viruses. I've taken care of most of it with Malwarebytes and NOD32 (and running Windows Defender now), but MPC is still sticking around, even with an uninstall and registry editing. Nothing fishy in my processes, either, but every time I start Chrome, sure enough, there's an MPC tab.

 

Anyone know what I should be doing? I've taken care of everything in the registry that I found on Google for dealing with MPC, but it still pops up.


Edited by jmhoffer, 19 August 2016 - 05:44 PM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 19 August 2016 - 06:19 PM

Hi jmhoffer :)

My name is Aura and I'll be assisting you with your issue. Do you have access to your Windows installation media, USB, or CD/DVD?

Also, follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
And lastly, please post your latest Malwarebytes log.

Since you already ran Malwarebytes, I would like to see your previous Scan log. Open Malwarebytes and go under the History tab. From there, click on Application logs in the left pane.
ySPxAut.png
Click on the most recent (usually at the top) Scan log to open it. From there, click on the Export button and select the first option, Copy to Clipboard
gK0lXt3.png
Paste the content of your clipboard in your next reply.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 jmhoffer

jmhoffer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 20 August 2016 - 10:47 PM

Sorry for how long this took. Last few days have been busy.

 

 

MiniToolBox by Farbar  Version: 17-06-2016

Ran by jmhoffer (administrator) on 20-08-2016 at 22:44:54
Running from "C:\Users\jmhoffer\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: MS-7693 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1 localhost
0.0.0.0 keystone.mwbsys.com
========================= IP Configuration: ================================
 
Remote NDIS based Internet Sharing Device = Local Area Connection 3 (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
TAP-Windows Adapter V9 = Local Area Connection 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : jmhoffer-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Local Area Connection 3:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Remote NDIS based Internet Sharing Device
   Physical Address. . . . . . . . . : 02-0D-03-00-34-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::d1cc:a119:2dee:6968%17(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.42.162(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : August-20-16 10:34:16 PM
   Lease Expires . . . . . . . . . . : August-20-16 11:34:15 PM
   Default Gateway . . . . . . . . . : 192.168.42.129
   DHCP Server . . . . . . . . . . . : 192.168.42.129
   DHCPv6 IAID . . . . . . . . . . . : 402787587
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-C6-A0-58-8C-89-A5-95-C5-28
   DNS Servers . . . . . . . . . . . : 192.168.42.129
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-CB-63-96-A6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hitronhub.home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 8C-89-A5-95-C5-28
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{CB6396A6-2AB4-4D84-915F-52C47579C998}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.hitronhub.home:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{2461D4F0-B0B0-499E-B805-3BBAED26A9BE}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.42.129
 
Name:    google.com
Addresses:  2607:f8b0:4009:801::200e
 172.217.4.238
 
 
Pinging google.com [172.217.4.238] with 32 bytes of data:
Reply from 172.217.4.238: bytes=32 time=40ms TTL=55
Reply from 172.217.4.238: bytes=32 time=38ms TTL=55
 
Ping statistics for 172.217.4.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 38ms, Maximum = 40ms, Average = 39ms
Server:  UnKnown
Address:  192.168.42.129
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 2001:4998:58:c02::a9
 206.190.36.45
 98.139.183.24
 98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=45ms TTL=53
Reply from 98.138.253.109: bytes=32 time=55ms TTL=53
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 45ms, Maximum = 55ms, Average = 50ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...02 0d 03 00 34 62 ......Remote NDIS based Internet Sharing Device
 14...00 ff cb 63 96 a6 ......TAP-Windows Adapter V9
 10...8c 89 a5 95 c5 28 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   192.168.42.129   192.168.42.162     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
     192.168.42.0    255.255.255.0         On-link    192.168.42.162    266
   192.168.42.162  255.255.255.255         On-link    192.168.42.162    266
   192.168.42.255  255.255.255.255         On-link    192.168.42.162    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    192.168.42.162    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    192.168.42.162    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 17    266 fe80::/64                On-link
 17    266 fe80::d1cc:a119:2dee:6968/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/20/2016 10:35:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Faulting module name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Exception code: 0xc000000d
Fault offset: 0x000df719
Faulting process id: 0x1188
Faulting application start time: 0xLive Update.exe0
Faulting application path: Live Update.exe1
Faulting module path: Live Update.exe2
Report Id: Live Update.exe3
 
Error: (08/20/2016 10:34:19 PM) (Source: Application Error) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Exception code: 0xc0000417
Fault offset: 0x0010d3b2
Faulting process id: 0x958
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3
 
Error: (08/19/2016 05:28:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Faulting module name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Exception code: 0xc000000d
Fault offset: 0x000df719
Faulting process id: 0x570
Faulting application start time: 0xLive Update.exe0
Faulting application path: Live Update.exe1
Faulting module path: Live Update.exe2
Report Id: Live Update.exe3
 
Error: (08/19/2016 10:47:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Exception code: 0xc0000417
Fault offset: 0x0010d3b2
Faulting process id: 0x934
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3
 
Error: (08/19/2016 01:04:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Faulting module name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Exception code: 0xc000000d
Fault offset: 0x000df719
Faulting process id: 0x1080
Faulting application start time: 0xLive Update.exe0
Faulting application path: Live Update.exe1
Faulting module path: Live Update.exe2
Report Id: Live Update.exe3
 
Error: (08/19/2016 01:03:34 AM) (Source: Application Error) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Exception code: 0xc0000417
Fault offset: 0x0010d3b2
Faulting process id: 0x960
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3
 
Error: (08/19/2016 12:43:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Faulting module name: MSI_LiveUpdate_Service.exe, version: 1.0.0.4, time stamp: 0x53fc4ecd
Exception code: 0xc0000417
Fault offset: 0x0010d3b2
Faulting process id: 0x988
Faulting application start time: 0xMSI_LiveUpdate_Service.exe0
Faulting application path: MSI_LiveUpdate_Service.exe1
Faulting module path: MSI_LiveUpdate_Service.exe2
Report Id: MSI_LiveUpdate_Service.exe3
 
Error: (08/19/2016 12:08:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2016 12:08:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"1".
Dependent Assembly Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/18/2016 08:47:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Faulting module name: Live Update.exe, version: 6.0.9.0, time stamp: 0x53fc5f53
Exception code: 0xc000000d
Fault offset: 0x000df719
Faulting process id: 0x1144
Faulting application start time: 0xLive Update.exe0
Faulting application path: Live Update.exe1
Faulting module path: Live Update.exe2
Report Id: Live Update.exe3
 
 
System errors:
=============
Error: (08/20/2016 10:37:52 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue\SystemRoot\System32\LogFiles\HTTPERR\httperr1.log
 
Error: (08/20/2016 10:36:18 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (08/20/2016 10:34:20 PM) (Source: Service Control Manager) (User: )
Description: The MSI_LiveUpdate_Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/20/2016 10:34:12 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
 
Error: (08/20/2016 10:34:12 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
 
Error: (08/20/2016 10:34:12 PM) (Source: Service Control Manager) (User: )
Description: The atksgt service failed to start due to the following error: 
%%1275 = This driver has been blocked from loading
 
 
Error: (08/20/2016 10:34:12 PM) (Source: Application Popup) (User: )
Description: Driver atksgt.sys has been blocked from loading.
 
Error: (08/20/2016 10:34:12 PM) (Source: Service Control Manager) (User: )
Description: The AODDriver4.2.0 service failed to start due to the following error: 
%%3 = The system cannot find the path specified.
 
 
Error: (08/20/2016 10:34:12 PM) (Source: Service Control Manager) (User: )
Description: The 96b8f0407040682f5e51b9a53c46572e service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
Error: (08/20/2016 10:34:12 PM) (Source: Service Control Manager) (User: )
Description: The Spooler service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
 
Microsoft Office Sessions:
=========================
Error: (08/20/2016 10:35:05 PM) (Source: Application Error)(User: )
Description: Live Update.exe6.0.9.053fc5f53Live Update.exe6.0.9.053fc5f53c000000d000df719118801d1fb5cf7cbb62eD:\Program Files (x86)\MSI\Live Update\Live Update.exeD:\Program Files (x86)\MSI\Live Update\Live Update.exe3f9f6993-6750-11e6-afaa-020d03003462
 
Error: (08/20/2016 10:34:19 PM) (Source: Application Error)(User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.453fc4ecdMSI_LiveUpdate_Service.exe1.0.0.453fc4ecdc00004170010d3b295801d1fb5ce54eab96D:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exeD:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe2464ffd5-6750-11e6-afaa-020d03003462
 
Error: (08/19/2016 05:28:47 PM) (Source: Application Error)(User: )
Description: Live Update.exe6.0.9.053fc5f53Live Update.exe6.0.9.053fc5f53c000000d000df71957001d1fa69080dcfdbD:\Program Files (x86)\MSI\Live Update\Live Update.exeD:\Program Files (x86)\MSI\Live Update\Live Update.exe4ae51d86-665c-11e6-8d20-8c89a595c528
 
Error: (08/19/2016 10:47:28 AM) (Source: Application Error)(User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.453fc4ecdMSI_LiveUpdate_Service.exe1.0.0.453fc4ecdc00004170010d3b293401d1fa30fa962972D:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exeD:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe3b37a9e9-6624-11e6-8d20-8c89a595c528
 
Error: (08/19/2016 01:04:00 AM) (Source: Application Error)(User: )
Description: Live Update.exe6.0.9.053fc5f53Live Update.exe6.0.9.053fc5f53c000000d000df719108001d1f9df7621c499D:\Program Files (x86)\MSI\Live Update\Live Update.exeD:\Program Files (x86)\MSI\Live Update\Live Update.exeb8b98a4d-65d2-11e6-abf3-020d03003462
 
Error: (08/19/2016 01:03:34 AM) (Source: Application Error)(User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.453fc4ecdMSI_LiveUpdate_Service.exe1.0.0.453fc4ecdc00004170010d3b296001d1f9df69e8d2c2D:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exeD:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exea9074d0a-65d2-11e6-abf3-020d03003462
 
Error: (08/19/2016 12:43:44 AM) (Source: Application Error)(User: )
Description: MSI_LiveUpdate_Service.exe1.0.0.453fc4ecdMSI_LiveUpdate_Service.exe1.0.0.453fc4ecdc00004170010d3b298801d1f9dca503e50eD:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exeD:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exee3d0a55c-65cf-11e6-ab07-020d03003462
 
Error: (08/19/2016 12:08:12 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
Error: (08/19/2016 12:08:12 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.Networking.RtcDll,language="&#x2a;",processorArchitecture="X86",publicKeyToken="6595b64144ccf1df",type="win32",version="5.2.1002.3"C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
 
Error: (08/18/2016 08:47:24 PM) (Source: Application Error)(User: )
Description: Live Update.exe6.0.9.053fc5f53Live Update.exe6.0.9.053fc5f53c000000d000df719114401d1f9bb9f4cea45D:\Program Files (x86)\MSI\Live Update\Live Update.exeD:\Program Files (x86)\MSI\Live Update\Live Update.exedfca114c-65ae-11e6-9228-8c89a595c528
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-08-18 23:57:11.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-18 23:57:11.419
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-18 23:47:01.303
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-18 23:47:01.251
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\winhttp.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-12-09 09:42:27.939
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jmhoffer\AppData\Local\Temp\mc2F6B9.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-09 09:42:27.910
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\jmhoffer\AppData\Local\Temp\mc2F6B9.tmp because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-01 00:55:18.642
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-01 00:55:18.446
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-01 00:55:18.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-01 00:55:16.968
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
"The Settlers 7 - Paths to a Kingdom" (HKLM-x32\...\{243E5484-447D-4868-B2BF-9FA60EE68C5C}_is1) (Version:  - )
µTorrent (HKCU\...\uTorrent) (Version: 3.4.8.42449 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{2AF045BC-E8F8-4F17-8095-68E14ECC234F}) (Version: 12.1.0.150 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.7 - Sereby Corporation)
ANT Drivers Installer x64 (HKLM\...\{CC7132C7-8532-4EA7-8E3F-53260C0BE168}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Atom Zombie Smasher (HKLM-x32\...\Atom Zombie Smasher_is1) (Version:  - Blendo Games)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.8.9046 - )
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - )
Beyond Sol (HKLM-x32\...\Steam App 348490) (Version:  - Praxia Entertainment Inc)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.40.836.0 - Logitech) Hidden
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0154 - Disc Soft Ltd)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Deadpool (HKLM-x32\...\Deadpool_is1) (Version: 1.0 - Activision)
Dropbox (HKCU\...\Dropbox) (Version: 8.4.19 - Dropbox, Inc.)
Dual Smart Solution (HKLM-x32\...\{E61F7C73-277C-44CE-87C4-B574BF0F3803}) (Version: 2.5 - LG Soft India Pvt Ltd)
Dungeon Keeper 2 (HKLM-x32\...\GOGPACKDUNGEONKEEPER2_is1) (Version: 2.0.0.32 - GOG.com)
Dungeon Keeper Gold (HKLM-x32\...\GOGPACKDUNGEONKEEPER_is1) (Version: 2.0.0.4 - GOG.com)
Elevated Installer (HKLM-x32\...\{4694981D-8031-4526-90BE-E5F7FB80CBB8}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Endless Legend Shifters (HKLM-x32\...\Endless Legend Shifters_is1) (Version:  - )
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{EABF244B-9702-4B37-AA3F-F5CFF9572546}) (Version: 9.0.386.0 - ESET, spol. s r.o.)
From Dust (HKLM-x32\...\{578485F8-60F3-4C61-9183-0698E581B902}) (Version: 1.0.0 - Ubisoft)
Game of Thrones (HKLM-x32\...\Game of Thrones_is1) (Version: 1.5 - R.G. Revenants)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{A92D383B-FD85-4B9C-A5D9-3647C71E48A1}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{D52EDFA2-13A7-4765-8650-4AB30E6DB77F}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
GIF Viewer (HKLM-x32\...\GIF Viewer) (Version:  - )
GOG.com Dungeon Keeper 2 (HKLM\...\{b6462b67-caf5-4a74-99df-cc2811bd1957}.sdb) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
Grim Dawn (HKLM-x32\...\Steam App 219990) (Version:  - Crate Entertainment)
GSAK 8.5.0.0 (HKLM-x32\...\GSAK_is1) (Version:  - CWE computer services)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HP Deskjet 1010 series Basic Device Software (HKLM\...\{CFD917BE-F1F6-410E-ABEC-9EC819507D0D}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Itibiti RTC (HKLM-x32\...\{730E03E4-350E-48E5-9D3E-4329903D454D}) (Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kenshi (HKLM-x32\...\Steam App 233860) (Version:  - Lo-Fi Games)
Kingdoms of Amalur - Reckoning (HKLM-x32\...\Kingdoms of Amalur - Reckoning_is1) (Version:  - )
LibreOffice 4.2.4.2 (HKLM-x32\...\{6B4977CB-5B9F-4B24-8310-3BA527A8AF22}) (Version: 4.2.4.2 - The Document Foundation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LOOT (HKLM-x32\...\LOOT) (Version: 0.6.1 - LOOT Development Team)
LWS VideoEffects (HKLM\...\{138A4072-9E64-46BD-B5F9-DB2BB395391F}) (Version: 13.30.1379.0 - Logitech) Hidden
Macrium Reflect Free Edition (HKLM\...\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}) (Version: 6.1.1366 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Majesty 2 Collection (HKLM-x32\...\1423826709_is1) (Version: 2.0.0.2 - GOG.com)
Majesty2 Cold Sunrise 1.1 (HKLM-x32\...\Majesty2 Cold Sunrise 1.1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{D85A387E-6EC0-40E5-9D89-A148B3E93968}_is1) (Version:  - )
Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC (HKLM-x32\...\Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC_is1) (Version: Mass Effect 3.Deluxe Edition.v 1.5.5427.124 + 14 DLC - Repack by Fenixx (09.03.2013))
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version:  - )
Microsoft .NET Framework 1.1 SP1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.6.01055 - Корпорация Майкрософт)
Microsoft .NET Framework 4.6.1 ‏(עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}) (Version: 1.2.0238 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{9B3F0A88-790D-3AD9-9F96-B19CF2746452}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mordheim City of the Damned version Mordheim City of the Damned (HKLM-x32\...\Mordheim City of the Damned_is1) (Version: Mordheim City of the Damned - )
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{EB3DF0F0-0525-4C5A-A2F8-DEC868A3075D}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.2.0.6025 - Mozilla)
Mozilla Thunderbird 45.2.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.2.0 (x86 en-US)) (Version: 45.2.0 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Live Update (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.0.009 - MSI)
MSI Smart Utilities (HKLM-x32\...\{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1) (Version: 2.0.0.06 - MSI)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.60.16 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Notrium (HKLM-x32\...\{F249E8BE-8712-48F6-BEF9-3FD99E042D9C}_is1) (Version:  - monkkonen.net)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.3.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
OpenVPN 2.3.6-I601  (HKLM\...\OpenVPN) (Version: 2.3.6-I601 - )
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version:  - Square Enix)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Running With Rifles (HKLM-x32\...\{09426681-7B5C-4488-8DA8-BE87504BAB0E}_is1) (Version: v.1.0 - Modulaatio Games)
Seagate Drive Settings Installer (HKLM-x32\...\{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC) Hidden
Seagate Drive Settings Installer (HKLM-x32\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Skyward Collapse Auto-Updater (HKLM-x32\...\Skyward Collapse 1.000) (Version: 0 - Arcen Games, LLC)
SPORE™ Creepy & Cute Parts Pack (HKLM-x32\...\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}) (Version: 1.00.0000 - Electronic Arts)
Star Wars®: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
STAR WARS™ Knights of the Old Republic™ II: The Sith Lords™ (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II Legacy of the Void (HKLM\...\U3RhckNyYWZ0SUk=_is1) (Version: 1 - )
StarCraft II: Heart of the Swarm © Blizzard Entertainment version 1 (HKLM-x32\...\U3RhckNyYWZ0IElJOiBIZWFydCBvZiB0aGUgU3dhcm0gKGMp~BFC02D25_is1) (Version: 1 - )
Starsector version 0.6.2a (HKLM-x32\...\{5B8604A9-6871-4A18-974F-8DD9B6D428DA}_is1) (Version: 0.6.2a - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold Crusader Extreme (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.20.0000 - Firefly Studios)
Supreme Ruler 2020 Gold 6.6.1 (HKLM-x32\...\Supreme Ruler 2020 Gold_is1) (Version:  - BattleGoat Studios)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
The Guild II: Renaissance (HKLM-x32\...\Steam App 39680) (Version:  - Rune Forge)
Tombraider (HKLM-x32\...\Tombraider_is1) (Version:  - )
TSEV Skyrim LE (HKLM-x32\...\TSEV Skyrim LE_is1) (Version: 2.0.0.0 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unified Remote (HKLM-x32\...\{BD96B1DF-2A2E-4ED1-B255-F8050DEB1B3D}) (Version: 2.14.2.0 - Unified Remote)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
VideoDownloaderUltimate (HKCU\...\VideoDownloaderUltimateWinApp) (Version: 1.0.1.51 - Link64)
VideoGenie (HKLM-x32\...\{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1) (Version: 1.0.0.12 - MSI)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
War for the Overworld version 1.0.7.0 (HKLM-x32\...\{11E1205D-6022-45E0-850E-36B4FCFDD32E}_is1) (Version: 1.0.7.0 - Subterranean Games)
Wasteland 2 (HKLM-x32\...\1207665783_is1) (Version: 2.0.0.8 - GOG.com)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wolfenstein: The New Order (HKLM-x32\...\V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1) (Version: 1 - )
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)
X3 Albion Prelude version 3.0 (HKLM-x32\...\X3 Albion Prelude_is1) (Version: 3.0 - Deep Silver)
X3 Editor 2 (HKLM-x32\...\X3 Editor 2) (Version:  - doubleshadow)
X-Universe Plugin Manager 1.47 (HKLM-x32\...\X-Universe Plugin Manager_is1) (Version: 1.47 - Cycrow)
Zombasite (HKLM-x32\...\Steam App 408960) (Version:  - Soldak Entertainment)
Zombie Army Trilogy (HKLM-x32\...\Zombie Army Trilogy_is1) (Version:  - )
 
========================= Memory info: ===================================
 
Percentage of memory in use: 49%
Total physical RAM: 8162.14 MB
Available physical RAM: 4155.25 MB
Total Virtual: 16322.32 MB
Available Virtual: 11632.23 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.79 GB) (Free:13.13 GB) NTFS
2 Drive d: (Storage) (Fixed) (Total:1863.01 GB) (Free:851.84 GB) NTFS
5 Drive h: (CPY-ROTTR) (CDROM) (Total:31.22 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\JMHOFFER-PC
 
Administrator            Guest                    jmhoffer                 
 
 
**** End of log ****
 

 

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 20/08/2016
Scan Time: 8:11 AM
Logfile: 
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2016.08.20.06
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jmhoffer
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 1002664
Time Elapsed: 3 hr, 8 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Looking through that data, I found the registry entry for MPC and came across where the little bleep hid it. But, I'm not sure what I should do at this point. I see an uninstall, should I use it? Or will that make this worse?

And what to do about Itibiti? Found it in the registry, thought I'd gotten rid of it already.

Edited by jmhoffer, 20 August 2016 - 11:09 PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 20 August 2016 - 11:55 PM

By the way, do you still have the MPC Cleaner folder in C:\Program Files (x86)? If so, right-click on it and select Send then Compressed file (.zip). Once done, upload the .zip file on SendSpace.com and post the download URL for it here please.

Itibiti can be uninstalled. If you look at his key under the Uninstall one, grab the data in the "UninstallString" value (which is probably an msiexec command), and copy/paste it in Run (Windows + R keys), you'll be able to uninstall it. I don't see traces of MPC Cleaner on these logs, though JRT and Malwarebytes should be able to detect it.


iT103hr.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;

Edited by Aura, 21 August 2016 - 10:31 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 jmhoffer

jmhoffer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 21 August 2016 - 11:37 AM

All MPC folders are gone. But, MPC still opens with Chrome after following all instructions so far.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 7 Ultimate x64 
Ran by jmhoffer (Administrator) on 21/08/2016 at 11:23:47.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 4 
 
Failed to delete: C:\Users\jmhoffer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFEM47Y5 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\jmhoffer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1EZ48PU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFEM47Y5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V1EZ48PU (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/08/2016 at 11:27:02.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

# AdwCleaner v6.000 - Logfile created 21/08/2016 at 11:32:40

# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-21.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : jmhoffer - JMHOFFER-PC
# Running from : C:\Users\jmhoffer\Desktop\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: 96b8f0407040682f5e51b9a53c46572e
 
 
***** [ Folders ] *****
 
[!] Folder not deleted: 
[!] Folder not deleted: 
[-] Folder deleted: C:\Program Files (x86)\SoftUpgrade
[-] Folder deleted: C:\Users\jmhoffer\AppData\Local\Geckofx
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\14919ea49a8f3b4aa3cf1058d9a64cec
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKU\S-1-5-21-3523513858-1423796050-1561024625-1000\Software\distromatic
[-] Key deleted: HKU\S-1-5-21-3523513858-1423796050-1561024625-1000\Software\OCS
[-] Key deleted: HKU\S-1-5-21-3523513858-1423796050-1561024625-1000\Software\Link64
[-] Key deleted: HKU\S-1-5-21-3523513858-1423796050-1561024625-1000\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-3523513858-1423796050-1561024625-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloaderUltimateWinApp
[#] Key deleted on reboot: HKCU\Software\distromatic
[#] Key deleted on reboot: HKCU\Software\OCS
[#] Key deleted on reboot: HKCU\Software\Link64
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[-] Key deleted: HKLM\SOFTWARE\SearchModule
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloaderUltimateWinApp
[-] Value deleted: HKU\S-1-5-21-3523513858-1423796050-1561024625-1000\Software\Microsoft\Windows\CurrentVersion\Run [VideoDownloaderUltimate]
[#] Value deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [VideoDownloaderUltimate]
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jmhoffer\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jlcgehabolcakkjhgmgpkagpolbjlhfa
[-] [C:\Users\jmhoffer\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: search.mpc.am
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [3028 Bytes] - [21/08/2016 11:32:40]
C:\AdwCleaner\AdwCleaner[S0].txt - [3227 Bytes] - [21/08/2016 11:29:12]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3174 Bytes] ##########
 


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 21 August 2016 - 11:39 AM

Reset Google Chrome, and let me know if MPC still opens in it after.

https://support.google.com/chrome/answer/3296214?hl=en

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 jmhoffer

jmhoffer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 21 August 2016 - 12:21 PM

Reset, still comes up.



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 21 August 2016 - 12:23 PM

Is it the same in Internet Explorer? Also, is it only your startup page, or also your search engine, new tab, etc.?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 jmhoffer

jmhoffer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 21 August 2016 - 12:37 PM

I honestly don't know what I even did with Internet Explorer, but I opened Firefox and yes, it opened to MPC.

 

Search engine is Google, home page is new tab, when I close and reopen Chrome my old tabs reopen but so does a new tab with MPC.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 21 August 2016 - 12:40 PM

Alright I see. Let's try this. We'll run TFC, then you'll reset Google Chrome right after, and let me know if the MPC Cleaner tab still opens.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 jmhoffer

jmhoffer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 21 August 2016 - 06:05 PM

Well, that's an extra 10 gigs of space free, but no, it didn't help. I started Chrome back up after it completed and sure enough, MPC was there. I reset the settings and reset chrome, and MPC was still the first page to open.



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 21 August 2016 - 08:17 PM

Alright, uninstall Google Chrome and reinstall it. Then check if it's still there.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 jmhoffer

jmhoffer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 21 August 2016 - 08:39 PM

You've got to be kidding me.



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 21 August 2016 - 08:52 PM

What do you mean? Sometime a persistent entry like that can only be removed by uninstalling the program completely and reinstalling it. Also, I'm quite limited with what I can do in this section sadly. Sorry about that.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 jmhoffer

jmhoffer
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 21 August 2016 - 08:55 PM

Sorry, I just don't like going through backing up my bookmarks and what not. This has been a headache and a half to deal with.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users