Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some malware/adware still remaining after thorough removal. (Undetected by MBAM)


  • Please log in to reply
7 replies to this topic

#1 MBtemp902

MBtemp902

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 26 December 2016 - 10:27 PM

Greetings,

 

As a consequence of my greediness (and stupidity, heh) I've run into a situation with some malware I can't seem to remove. I was attempting to download a Microsoft Office activation tool which was unfortunately riddled with false installers and other bad stuff. I won't link to it for the safety of others reading this post. Here's what I've done so far:

 

I am running Windows 10, 64-bit.

 

*A clean reboot was performed between each scan*

1) Updated MBAM database and ran a scan (after updating the database I immediately unplugged the ethernet cable from the machine)

2) MBAM detected >1000 objects. Looking through the log, they were all related to about 3-4 PUPs. Removed all detections.

3) Ran MBAM a second time, removing about 200 more objects.

4) Ran AdwCleaner, which found and removed about 5 objects (none of which were caught by MBAM).

5) Ran TDSSKiller, which did not detect any objects.

 

Here's where things stand now... the majority of the crap I downloaded is cleaned out, but I still see suspicious things coming up in the Task Manager's Processes tab and Startup tab. Additionally, I dug around (sorting by date modified) and noticed the following directories have had some new folders or files dumped within them by the malware:

C:\Users\Joseph\AppData\Local
C:\Program Files
C:\Program Files (x86)
C:\ProgramData
C:\Windows

Your help is greatly appreciated!


Edited by MBtemp902, 26 December 2016 - 10:31 PM.


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 27 December 2016 - 02:48 AM

Zemana Deep Scan.
 

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • oHw0QqX.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.

Security Check Scan.



  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.

Please download MINITOOLBOX and run it.

Checkmark following boxes:



Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go post the result.



#3 MBtemp902

MBtemp902
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 27 December 2016 - 11:31 AM

Now we're getting somewhere! Thanks for assisting, InadequateInfirmity.

Here are the results.

 

Zemana Scan:

Zemana AntiMalware 2.70.2.244 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/12/27
Operating System       : Windows 10 64-bit
Processor              : 4X Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz
BIOS Mode              : Legacy
CUID                   : 12F4D5E66285190E9AEEBA
Scan Type              : Custom Scan
Duration               : 7m 33s
Scanned Objects        : 436479
Detected Objects       : 21
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

roundabout.exe
Status             : Scanned
Object             : %systemroot%\roundabout.exe
MD5                : F12447A44D07E598F335CB4371C4E1BF
Publisher          : -
Size               : 10752
Version            : 1.0.0.0
Detection          : Adware:Win32/Tanh.A!Emre
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\roundabout.exe

586c0918b3c118029c1c1ba79e921277.exe
Status             : Scanned
Object             : %systemroot%\586c0918b3c118029c1c1ba79e921277.exe
MD5                : DDB23882121712D9FD83EA982DE0024F
Publisher          : -
Size               : 1718968
Version            : -
Detection          : Adware:Win32/Tamaca!Mter
Cleaning Action    : Quarantine
Related Objects    :
                File - %systemroot%\586c0918b3c118029c1c1ba79e921277.exe

itibiti.exe
Status             : Scanned
Object             : NE->c:\adwcleaner\quarantine\files\splaubqiizasoumdrnqiqsjuzjvifndu\itibiti.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Itibiti!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

uninstaller.exe
Status             : Scanned
Object             : NE->c:\program files\8iiabqe3po\uninstaller.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

uninstaller.exe
Status             : Scanned
Object             : NE->c:\program files\mlkmkjuqkf\uninstaller.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Wizzcaster.D!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

adv_207.exe
Status             : Scanned
Object             : NE->c:\users\joseph\appdata\local\temp\f9626892-7a78-3199-abd2-97bbce96297b\adv_207.exe
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Adware:Win32/Itibiti!Neng
Cleaning Action    : Quarantine
Related Objects    :
                (null) - (null)

NUIns.exe
Status             : Scanned
Object             : %temp%\nuins.exe
MD5                : 0D259D355A5A8AF9D8C8A5C01A4768A3
Publisher          : -
Size               : 60301
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nuins.exe

nsu8D9B.tmp
Status             : Scanned
Object             : %temp%\nsu8d9b.tmp
MD5                : BF3A1F2C03D10E52096F24C664376869
Publisher          : -
Size               : 68745
Version            : -
Detection          : Malware:Win32/Normian.A!Eake
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsu8d9b.tmp

nsjDA09.tmp
Status             : Scanned
Object             : %temp%\nsjda09.tmp
MD5                : 9D580845D9BB795C8202E5ACAD1A4F2A
Publisher          : -
Size               : 240072
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\nsjda09.tmp

adv_207.exe
Status             : Scanned
Object             : %temp%\f9626892-7a78-3199-abd2-97bbce96297b\adv_207.exe
MD5                : A43252873F9E9E045AE79F30AD19398B
Publisher          : Itibiti Systems inc.
Size               : 4605904
Version            : 0.0.0.0
Detection          : Adware:Win32/Itibiti-DJ!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %temp%\f9626892-7a78-3199-abd2-97bbce96297b\adv_207.exe

Note-UP_Setup[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\ucd0f7l4\note-up_setup[1].exe
MD5                : BF3A1F2C03D10E52096F24C664376869
Publisher          : -
Size               : 68745
Version            : -
Detection          : Malware:Win32/Normian.A!Eake
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\ucd0f7l4\note-up_setup[1].exe

kOxm1[1]
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\j1oj61z2\koxm1[1]
MD5                : 9D580845D9BB795C8202E5ACAD1A4F2A
Publisher          : -
Size               : 240072
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\j1oj61z2\koxm1[1]

Ap2WkB[1]
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\j1oj61z2\ap2wkb[1]
MD5                : 9D580845D9BB795C8202E5ACAD1A4F2A
Publisher          : -
Size               : 240072
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\j1oj61z2\ap2wkb[1]

rX5Sg[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\j1oj61z2\rx5sg[1].exe
MD5                : 80CC88F0CBFBBEB324F9F2F9E1320E6E
Publisher          : -
Size               : 426496
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\j1oj61z2\rx5sg[1].exe

SilentInstaller_dotnet4[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\w17tq977\silentinstaller_dotnet4[1].exe
MD5                : 007B1D8AEF31BE74CE6845FE68E1471D
Publisher          : -
Size               : 321536
Version            : 0.5.0.6
Detection          : Adware:Win32/Generic!Eree
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\w17tq977\silentinstaller_dotnet4[1].exe

xKcAZX[1].exe
Status             : Scanned
Object             : %localappdata%\microsoft\windows\inetcache\ie\ucd0f7l4\xkcazx[1].exe
MD5                : 13CE6EBCD7E7671CD0E489CBA326346A
Publisher          : -
Size               : 244976
Version            : -
Detection          : Adware:Win32/BrowserHijack.Gen
Cleaning Action    : Quarantine
Related Objects    :
                File - %localappdata%\microsoft\windows\inetcache\ie\ucd0f7l4\xkcazx[1].exe

KMSINSTALL.bat
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$ro309sg.6\kmsinstall.bat
MD5                : 71B53668A1DE1F542EB1292679320C0C
Publisher          : -
Size               : 877
Version            : -
Detection          : Downloader:Win32/Generic
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$ro309sg.6\kmsinstall.bat

katharina.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$rn0jfrj\katharina.exe
MD5                : F12447A44D07E598F335CB4371C4E1BF
Publisher          : -
Size               : 10752
Version            : 1.0.0.0
Detection          : Adware:Win32/Tanh.A!Emre
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$rn0jfrj\katharina.exe

katharina.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$rdi3t6r\katharina.exe
MD5                : F12447A44D07E598F335CB4371C4E1BF
Publisher          : -
Size               : 10752
Version            : 1.0.0.0
Detection          : Adware:Win32/Tanh.A!Emre
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$rdi3t6r\katharina.exe

$R7OOMQ0.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$r7oomq0.exe
MD5                : F12447A44D07E598F335CB4371C4E1BF
Publisher          : -
Size               : 10752
Version            : 1.0.0.0
Detection          : Adware:Win32/Tanh.A!Emre
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$r7oomq0.exe

hrm.exe
Status             : Scanned
Object             : %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$r6fuimw\hrm.exe
MD5                : 16B7FCED42B84855B11BC049563C7ADF
Publisher          : -
Size               : 75139
Version            : -
Detection          : Adware:Win32/Blackoat.A!Kkre
Cleaning Action    : Quarantine
Related Objects    :
                File - %homedrive%\$recycle.bin\s-1-5-21-706260008-467992893-3324187277-1001\$r6fuimw\hrm.exe


SecurityCheck:

SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 27.12.2016 10:17:35
Path starting: C:\Users\Joseph\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Joseph
VersionXML: 3.67is-25.12.2016
___________________________________________________________________________

Windows 10(6.3.10586) (x64) Professional Lang: English(0409)
Installation date OS: 07.06.2016 23:48:20
LicenseStatus: Office 16, Office16O365ProPlusR_Subscription1 edition Timebased activation will expire :49743 minutes
LicenseStatus: Windows(R), Professional edition Windows is in Notification mode
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [111.3 Gb] Used: [68.7 Gb] Free: [42.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.713.10586.0
User Account Control [b]enabled[/b]
The elevation prompt for administrators [color=red][b]disabled[/b][/color]
[color=blue][b]^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter^[/b][/color]

Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
System Restore Disable
---------------------------- [ Antivirus_WMI ] ----------------------------
Windows Defender (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.70.244
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.4
WinRAR 5.30 beta 2 (64-bit) v.5.30.2 [color=red][b]Warning! [url=http://www.rarlab.com/download.htm]Download Update[/url][/b][/color]
KeePass Password Safe 1.31 v.1.31
Wireshark 2.2.2 (64-bit) v.2.2.2 [color=red][b]Warning! [url=https://www.wireshark.org/download.html]Download Update[/url][/b][/color]
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.30 v.7.30.105
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.2.2.1 [b][color=red]Warning! P2P-client[/color][/b].
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.1.21 [color=red][b]Warning! [url=https://www.apple.com/itunes/download/]Download Update[/url][/b][/color]
[color=blue][b]^Please use Apple Software Update tool.^[/b][/color]
Bonjour Service (Bonjour Service) - The service is running
------------------------------- [ Browser ] -------------------------------
Google Chrome v.55.0.2883.87
Mozilla Firefox 50.1.0 (x86 en-US) v.50.1.0
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.50.1.0.6186
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Windows Defender\MsMpEng.exe v.4.9.10586.672
C:\Program Files\Windows Defender\NisSrv.exe v.4.9.10586.672
C:\Program Files\Windows Defender\MSASCui.exe v.4.9.10586.672
Windows Defender Service (WinDefend) - The service is running
Windows Defender Network Inspection Service (WdNisSvc) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
----------------------------- [ End of Log ] ------------------------------

MiniToolBox:

I shut down the computer at 12:01am, hence some of the "service terminated unexpectedly" events.

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Joseph (administrator) on 27-12-2016 at 10:22:13
Running from "D:\"
Microsoft Windows 10 Pro  (X64)
Model: MS-7850 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ============================== 


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Joseph-Desktop
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 44-8A-5B-D1-9B-35
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::18ce:5e12:7f1e:2105%7(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.111(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, December 27, 2016 10:01:23 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 28, 2016 10:01:22 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 54823515
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-8F-60-82-44-8A-5B-D1-9B-35
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{8AA9CD0E-C1F6-42EC-A2A4-A03D63DB6D5D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  DD-WRT
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4000:80d::200e
	  216.58.194.78


Pinging google.com [216.58.194.78] with 32 bytes of data:
Reply from 216.58.194.78: bytes=32 time=19ms TTL=53
Reply from 216.58.194.78: bytes=32 time=22ms TTL=53

Ping statistics for 216.58.194.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 19ms, Maximum = 22ms, Average = 20ms
Server:  DD-WRT
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
	  2001:4998:c:a06::2:4008
	  2001:4998:44:204::a7
	  98.139.183.24
	  98.138.253.109
	  206.190.36.45


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=43ms TTL=49
Reply from 98.138.253.109: bytes=32 time=45ms TTL=49

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 45ms, Average = 44ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...44 8a 5b d1 9b 35 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.111     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.111    266
    192.168.1.111  255.255.255.255         On-link     192.168.1.111    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.111    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.111    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.111    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  7    266 fe80::/64                On-link
  7    266 fe80::18ce:5e12:7f1e:2105/128
                                    On-link
  1    306 ff00::/8                 On-link
  7    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/27/2016 10:01:32 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (12/27/2016 10:01:26 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 11:02:50 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/26/2016 11:02:50 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 11:02:39 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/26/2016 09:41:32 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 09:40:39 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x803F7001
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 09:40:30 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x80072EE7
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/26/2016 09:40:28 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 09:40:23 PM) (Source: DbxSvc) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (12/27/2016 10:22:15 AM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/27/2016 10:01:24 AM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (12/27/2016 10:01:20 AM) (Source: BTHUSB) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Error: (12/27/2016 12:01:02 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_7b1ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/27/2016 12:01:02 AM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_7b1ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/27/2016 12:01:02 AM) (Source: Service Control Manager) (User: )
Description: The Contact Data_7b1ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/27/2016 12:01:02 AM) (Source: Service Control Manager) (User: )
Description: The Sync Host_7b1ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/26/2016 11:02:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/26/2016 11:02:47 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/26/2016 11:02:41 PM) (Source: BTHUSB) (User: )
Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.


Microsoft Office Sessions:
=========================
Error: (12/27/2016 10:01:32 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x803F7001RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=2

Error: (12/27/2016 10:01:26 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007139FRuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 11:02:50 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x803F7001RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/26/2016 11:02:50 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x803F7001RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 11:02:39 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.

Error: (12/26/2016 09:41:32 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x803F7001RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 09:40:39 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x803F7001RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 09:40:30 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EE7RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (12/26/2016 09:40:28 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007139FRuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (12/26/2016 09:40:23 PM) (Source: DbxSvc)(User: )
Description: (-2147024894) The system cannot find the file specified.


CodeIntegrity Errors:
===================================
  Date: 2016-12-26 20:17:39.940
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:39.918
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:39.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:39.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:39.900
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:39.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:39.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:38.896
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:38.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.

  Date: 2016-12-26 20:17:38.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.


=========================== Installed Programs ============================

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - BitTorrent Inc.)
AccessPORT Driver 1.3.1 (HKLM-x32\...\AccessPORT Driver) (Version:  - Cobb Tuning Products, LLC.)
Accessport Manager 2.1.1.13 (HKLM-x32\...\Accessport Manager) (Version: 2.1.1.13 - Cobb Tuning Products, LLC)
Accesstuner Race - MAZDASPEED USDM 2007-2008 MAZDASPEED3 (Cali-Fed.) 1.9.1.0-11650 (HKLM-x32\...\TunerRace_US_MS3_BASE_07) (Version: 1.9.1.0-11650 - Cobb Tuning Products, LLC.)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Amazon Redshift ODBC Driver 64-bit (HKLM\...\{788C401A-726B-4CE7-8BC2-89FD7967A6ED}) (Version: 1.2.7 - Amazon Corporate LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{A0FBF1DF-1805-44C9-91AE-C2F9047D443D}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atom (HKCU\...\atom) (Version: 1.9.9 - GitHub Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.2 - Codeusa Software)
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{66BC291C-075A-47C2-9097-CF7251A4CAF3}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
f.lux (HKCU\...\Flux) (Version:  - )
Garmin Express (HKLM-x32\...\{05989e3e-9e40-4209-9b63-2c1445411147}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{6DF4B576-D43A-4C06-8B12-280C743DFA26}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{CD76740C-4472-4B1C-940A-20F75CE8F505}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hybrid (remove only) (HKLM-x32\...\Hybrid) (Version: 2016.2.13.0 - Selur´s Hybrid)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
KeePass Password Safe 1.31 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.31 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6965.2115 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{E534493E-80D2-4E37-8020-3ECAC55D9DB5}) (Version: 10.53.6000.34 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MultiWall version 1.0.31 (HKLM-x32\...\{54384F46-6346-4BDC-A137-4D4037D362D3}_is1) (Version: 1.0.31 - MultiWall)
MySQL Connector/ODBC 5.3 (HKLM\...\{17E48BE8-F0F8-42B6-82D3-7A5840694D79}) (Version: 5.3.6 - Oracle Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.6965.2115 - Microsoft Corporation) Hidden
Office Mix (HKLM-x32\...\{9c7fb62c-70e4-4bd0-b9f1-d84aa18ff93d}) (Version: 0.1.5720.0 - Microsoft Corporation)
Office Mix 64-bit (HKLM\...\{8266BE8E-963A-4B22-BE98-A39FC1F0A64D}) (Version: 0.1.5720.0 - Microsoft) Hidden
Oops!Backup (HKLM-x32\...\{E07FB986-F8AE-4D2A-B981-97AD74FE69E7}) (Version: 3.0.45.0 - Altaro)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 3.0.16 - Portforward, LLC)
psqlODBC_x64 (HKLM\...\{E80C56AD-5F68-4A6D-8016-FF394E1954FA}) (Version: 09.05.0300 - PostgreSQL Global Development Group)
RadeonPro 1.0 (Build 1.1.1.0) (HKLM-x32\...\RadeonPro_is1) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sublime Text Build 3103 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Switcheroo v0.9.2.111 (HKLM-x32\...\{A5AF4C34-70A7-4D3B-BA18-E49C0AEEA5E6}_is1) (Version:  - Regin Larsen)
Tableau 10.1 (10100.16.1103.2343) (HKLM\...\{11F9AEC7-513D-416C-BE2D-90842CCB35B0}) (Version: 10.1.1236 - Tableau Software) Hidden
Tableau 10.1 (10100.16.1103.2343) (HKLM-x32\...\{9aef6cdd-e765-44d3-8d75-8e77d42d1776}) (Version: 10.1.1236 - Tableau Software)
Todoist (HKCU\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
Vegas Pro 12.0 (64-bit) (HKLM\...\{BD422D00-5232-11E3-A6F3-F04DA23A5C58}) (Version: 12.0.770 - Sony)
Virtual Dyno (HKLM-x32\...\Virtual Dyno) (Version:  - Pnuema Productions)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)
WinSCP 5.7.7 (HKLM-x32\...\winscp3_is1) (Version: 5.7.7 - Martin Prikryl)
Wireshark 2.2.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.2 - The Wireshark developer community, https://www.wireshark.org)
x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version:  - )
YNAB 4 version 4.3.857 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.857 - YouNeedABudget.com)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.244 - Zemana Ltd.)

========================= Devices: ================================

Name: Generic Bluetooth Radio
Description: Generic Bluetooth Radio
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Cambridge Silicon Radio Ltd.
Service: BTHUSB
Device ID: USB\VID_0A12&PID_0001\5&2F350751&0&4
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 8120 MB
Available physical RAM: 5292.12 MB
Total Virtual: 10552 MB
Available Virtual: 7556.47 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:111.3 GB) (Free:42.55 GB) NTFS
2 Drive d: (USB MEMORY) (Removable) (Total:0.12 GB) (Free:0.07 GB) FAT
3 Drive x: (Storage) (Fixed) (Total:465.76 GB) (Free:104.34 GB) NTFS

========================= Users: ========================================

User accounts for \\JOSEPH-DESKTOP

Administrator            DefaultAccount           Guest                    
Joseph                   


**** End of log ****



#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 27 December 2016 - 03:16 PM

9-Lab Scan.

 

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon  run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean 
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.

 

 

 

 

 

 

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

LOr0Gd7.png

 

Hit Ok.

 

sYFsqHx.png

 

Hit next make sure to leave all items checked, for removal.

 

8NcZjGc.png

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



#5 MBtemp902

MBtemp902
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 27 December 2016 - 04:40 PM

9-Lab:

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 151.45742

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.10586.0
Joseph :: JOSEPH-DESKTOP

12/27/2016 3:06:13 PM
9lab-log-2016-12-27 (15-06-13).txt

Scan type: Full
Objects scanned: 183506
Time Elapsed: 19 m 13 s

Registry Keys detected: 1
Adware.RPL.Gen.dd [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.1]


Files detected: 15
[7D91EF3E1CAE2711C2927819E5F9120C] Adware.FMPL.Gen.se [C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\DIFxInstallLog.txt]
[7E9900F4F38422499F6D9F7BBF50BACC] Adware.MPL.Gen.se [c:\users\joseph\appdata\local\Google\Chrome\User Data\Default\local storage\http_www.metrolyrics.com_0.localstorage]
[D41D8CD98F00B204E9800998ECF8427E] Adware.MPL.Gen.se [c:\users\joseph\appdata\local\Google\Chrome\User Data\Default\local storage\http_www.metrolyrics.com_0.localstorage-journal]
[2FA16BC885C5A78754BCB2E546FAE368] Trojan.Win32.Gen.bot [X:\$RECYCLE.BIN\S-1-5-21-706260008-467992893-3324187277-1001\$R6579M2\Windows Loader.exe]
[19E5052C8496AD95A8CDB8A4EF076780] Malware.Win32.Gen.cld [C:\AdwCleaner\quarantine\files\splaubqiizasoumdrnqiqsjuzjvifndu\unins000.exe]
[ED2C956A7DA75F7C6E2C9D4CCA482951] Trojan.Win32.Gen.bot!n [C:\Program Files\Hybrid\avisynthPlugins\mt_masktools-26.dll]
[48B00614003B13BAA7BEDBCC138B390B] Malware.Win32.Gen.cld [C:\Program Files\Hybrid\avisynthPlugins\SangNom2.dll]
[772546C2C97808C122E2AFA7AB9F0989] Malware.Win32.Gen.cld [C:\Program Files\Hybrid\dynamic\fhgaacenc.exe]
[A13062D734950B5059D1B22247DF8275] Malware.Win32.Gen.sm!s1 [C:\Users\Joseph\AppData\Local\atom\app-1.9.9\resources\app\apm\bin\node.exe]
[332EEBBA40054CD3EEB4BD62B8EE4D44] Trojan.Win32.Gen.2E8B.sm!ff [C:\Users\Joseph\AppData\Local\Microsoft\Windows\INetCache\IE\YYEAQZBB\0uicS[1].exe]
[332EEBBA40054CD3EEB4BD62B8EE4D44] Trojan.Win32.Gen.2E8B.sm!ff [C:\Users\Joseph\AppData\Local\Microsoft\Windows\INetCache\IE\YYEAQZBB\XBCIFEZ[1].exe]
[2238415466EA09ADC11052B8A6A08CE0] Trojan.Win32.Gen.vb [C:\Users\Joseph\AppData\Local\Temp\1L53VT8ZB7\asasa.exe]
[332EEBBA40054CD3EEB4BD62B8EE4D44] Trojan.Win32.Gen.2E8B.sm!ff [C:\Users\Joseph\AppData\Local\Temp\nsgCF2D.tmp]
[A4DD044BCD94E9B3370CCF095B31F896] Malware.Win32.Gen.AF31.sm!ff [C:\Users\Joseph\AppData\Local\Temp\nsr431F.tmp\System.dll]
[332EEBBA40054CD3EEB4BD62B8EE4D44] Trojan.Win32.Gen.2E8B.sm!ff [C:\Users\Joseph\AppData\Local\Temp\nsr5CEF.tmp]



Adware Removal Tool:

[-] Deleted ->> File ->> C:\Users\Joseph\Appdata\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P9U0AUY1\min_bootstrap3_social2search[1].css



#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 27 December 2016 - 08:15 PM

How are things running now?


Edited by InadequateInfirmity, 27 December 2016 - 08:16 PM.


#7 MBtemp902

MBtemp902
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 27 December 2016 - 09:39 PM

All good as far as I can tell. Very appreciative of your quick responses! Thanks for the help.



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:17 PM

Posted 27 December 2016 - 10:13 PM

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.



Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.



Some items to keep you safe on the internet.


VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.



Now Lets Clean up the tools we used and remove old restore points.



Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users